Product
Mikola Lysenko
March 14, 2023
We're happy to announce that Socket now supports the pnpm package manager!
Developers can now take advantage of the benefits of pnpm while ensuring their dependencies are managed securely with Socket.
Developers choose pnpm because of it's ability to store package files in a shared cache which reduces disk usage and speeds up installations.
This release of Socket includes support for pnpm lockfiles (pnpm-lock.yaml), pnpm workspaces, package overrides/resolutions, file: dependencies, shrinkwrap dependencies, and bundled dependencies.
If you already have Socket for GitHub installed, then there's nothing you need to do to get pnpm support—Socket will automatically start analyzing your pnpm dependencies. Just ensure that your pnpm-lock.yaml is checked into your GitHub repository, and you're good to go!
If you want to try out Socket with pnpm support, you can install the GitHub App in less than 2 minutes.
If you have any questions or feedback, please don't hesitate to reach out to our dedicated support and engineering team. If you would like to chat with someone on our team, you should schedule a demo with a technical expert.
We're here to help you keep your apps secure, no matter what language or package manager you're using. Stay tuned for more ecosystem support soon, and vote for the language or package manager you would like to see next!
Happy hacking!
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
