Mikola Lysenko
March 14, 2023
We're happy to announce that Socket now supports the pnpm package manager!
Developers can now take advantage of the benefits of pnpm while ensuring their dependencies are managed securely with Socket.
Developers choose pnpm because of it's ability to store package files in a shared cache which reduces disk usage and speeds up installations.
This release of Socket includes support for pnpm lockfiles (pnpm-lock.yaml), pnpm workspaces, package overrides/resolutions, file: dependencies, shrinkwrap dependencies, and bundled dependencies.
If you already have Socket for GitHub installed, then there's nothing you need to do to get pnpm support—Socket will automatically start analyzing your pnpm dependencies. Just ensure that your pnpm-lock.yaml is checked into your GitHub repository, and you're good to go!
If you want to try out Socket with pnpm support, you can install the GitHub App in less than 2 minutes.
If you have any questions or feedback, please don't hesitate to reach out to our dedicated support and engineering team. If you would like to chat with someone on our team, you should schedule a demo with a technical expert.
We're here to help you keep your apps secure, no matter what language or package manager you're using. Stay tuned for more ecosystem support soon, and vote for the language or package manager you would like to see next!
Happy hacking!
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
