Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
@andreypopp/pnpm
Advanced tools
pnpm
Fast, disk space efficient npm installs
pnpm is a fast implementation of npm install. It is loosely based off ied.
Read our contributing guide if you're looking to contribute.
Follow the pnpm Twitter account for updates.
Table of Contents
Background
pnpm maintains a flat storage of all your dependencies in ~/.pnpm-store. They are then linked wherever they're needed.
This nets you the benefits of drastically less disk space usage, while keeping your node_modules clean.
See store layout for an explanation.
=> - a link (also known as a hard link)
-> - a symlink (or junction on Windows)
~/.pnpm-store
├─ chalk/1.1.1/
| ├─ index.js
| └─ package.json
├─ ansi-styles/2.1.0/
| ├─ index.js
| └─ package.json
└─ has-ansi/2.0.0/
├─ index.js
└─ package.json
.
└─ node_modules/
├─ .resolutions/
| ├─ chalk/1.1.1/
| | ├─ node_modules/
| | | ├─ chalk -> ../package
| | | ├─ ansi-styles/ -> ../../ansi-styles/2.1.0/package
| | | └─ has-ansi/ -> ../../has-ansi/2.0.0/package
| | └─ package
| | ├─ index.js => ~/.pnpm-store/chalk/1.1.1/index.js
| | └─ package.json => ~/.pnpm-store/chalk/1.1.1/package.json
| ├─ has-ansi/2.0.0/
| | ├─ node_modules/
| | | └─ has-ansi -> ../package
| | └─ package
| | ├─ index.js => ~/.pnpm-store/has-ansi/2.0.0/index.js
| | └─ package.js => ~/.pnpm-store/has-ansi/2.0.0/package.json
| └─ ansi-styles/2.1.0/
| ├─ node_modules/
| | └─ ansi-styles -> ../package
| └─ package
| ├─ index.js => ~/.pnpm-store/ansi-styles/2.1.0/index.js
| └─ package.js => ~/.pnpm-store/ansi-styles/2.1.0/package.json
└─ chalk/ -> ./.resolutions/chalk/1.1.1/package
Install
Install it via npm.
npm install -g pnpm
Do you wanna use pnpm on CI servers? See: Continuous Integration.
Usage
Use pnpm in place of npm. It overrides pnpm i, pnpm install and some other command, the rest will passthru to npm.
pnpm install lodash
For using the programmatic API, see: API.
Benchmark
pnpm is usually 10 times faster than npm and 30% faster than yarn. See this benchmark which compares the three package managers on different types of applications.
time npm i babel-preset-es2015 browserify chalk debug minimist mkdirp
66.15 real 15.60 user 3.54 sys
time pnpm i babel-preset-es2015 browserify chalk debug minimist mkdirp
11.04 real 6.85 user 2.85 sys
Prior art
Preview release
pnpm will stay in <1.0.0 until it's achieved feature parity with npm install. See roadmap for details.
License
MIT © Rico Sta. Cruz and contributors
FAQs
Fast, disk space efficient npm installs
We found that @andreypopp/pnpm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Jan 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025