Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@andreypopp/pnpm
Advanced tools
Fast, disk space efficient npm installs
pnpm is a fast implementation of npm install
. It is loosely based off ied.
Read our contributing guide if you're looking to contribute.
Follow the pnpm Twitter account for updates.
pnpm
maintains a flat storage of all your dependencies in ~/.pnpm-store
. They are then linked wherever they're needed.
This nets you the benefits of drastically less disk space usage, while keeping your node_modules
clean.
See store layout for an explanation.
=> - a link (also known as a hard link)
-> - a symlink (or junction on Windows)
~/.pnpm-store
├─ chalk/1.1.1/
| ├─ index.js
| └─ package.json
├─ ansi-styles/2.1.0/
| ├─ index.js
| └─ package.json
└─ has-ansi/2.0.0/
├─ index.js
└─ package.json
.
└─ node_modules/
├─ .resolutions/
| ├─ chalk/1.1.1/
| | ├─ node_modules/
| | | ├─ chalk -> ../package
| | | ├─ ansi-styles/ -> ../../ansi-styles/2.1.0/package
| | | └─ has-ansi/ -> ../../has-ansi/2.0.0/package
| | └─ package
| | ├─ index.js => ~/.pnpm-store/chalk/1.1.1/index.js
| | └─ package.json => ~/.pnpm-store/chalk/1.1.1/package.json
| ├─ has-ansi/2.0.0/
| | ├─ node_modules/
| | | └─ has-ansi -> ../package
| | └─ package
| | ├─ index.js => ~/.pnpm-store/has-ansi/2.0.0/index.js
| | └─ package.js => ~/.pnpm-store/has-ansi/2.0.0/package.json
| └─ ansi-styles/2.1.0/
| ├─ node_modules/
| | └─ ansi-styles -> ../package
| └─ package
| ├─ index.js => ~/.pnpm-store/ansi-styles/2.1.0/index.js
| └─ package.js => ~/.pnpm-store/ansi-styles/2.1.0/package.json
└─ chalk/ -> ./.resolutions/chalk/1.1.1/package
Install it via npm.
npm install -g pnpm
Do you wanna use pnpm on CI servers? See: Continuous Integration.
Use pnpm
in place of npm
. It overrides pnpm i
, pnpm install
and some other command, the rest will passthru to npm
.
pnpm install lodash
For using the programmatic API, see: API.
pnpm is usually 10 times faster than npm and 30% faster than yarn. See this benchmark which compares the three package managers on different types of applications.
time npm i babel-preset-es2015 browserify chalk debug minimist mkdirp
66.15 real 15.60 user 3.54 sys
time pnpm i babel-preset-es2015 browserify chalk debug minimist mkdirp
11.04 real 6.85 user 2.85 sys
pnpm
will stay in <1.0.0
until it's achieved feature parity with npm install
. See roadmap for details.
MIT © Rico Sta. Cruz and contributors
FAQs
Fast, disk space efficient npm installs
The npm package @andreypopp/pnpm receives a total of 7 weekly downloads. As such, @andreypopp/pnpm popularity was classified as not popular.
We found that @andreypopp/pnpm demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.