Product
Mikola Lysenko
March 14, 2023
We're happy to announce that Socket now supports the pnpm package manager!
Developers can now take advantage of the benefits of pnpm while ensuring their dependencies are managed securely with Socket.
Developers choose pnpm because of it's ability to store package files in a shared cache which reduces disk usage and speeds up installations.
This release of Socket includes support for pnpm lockfiles (pnpm-lock.yaml), pnpm workspaces, package overrides/resolutions, file: dependencies, shrinkwrap dependencies, and bundled dependencies.
If you already have Socket for GitHub installed, then there's nothing you need to do to get pnpm support—Socket will automatically start analyzing your pnpm dependencies. Just ensure that your pnpm-lock.yaml is checked into your GitHub repository, and you're good to go!
If you want to try out Socket with pnpm support, you can install the GitHub App in less than 2 minutes.
If you have any questions or feedback, please don't hesitate to reach out to our dedicated support and engineering team. If you would like to chat with someone on our team, you should schedule a demo with a technical expert.
We're here to help you keep your apps secure, no matter what language or package manager you're using. Stay tuned for more ecosystem support soon, and vote for the language or package manager you would like to see next!
Happy hacking!
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.
