Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@pnpm/git-resolver

Package Overview
Dependencies
Maintainers
2
Versions
155
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@pnpm/git-resolver

Resolver for git-hosted packages

Source
npmnpm
Version
5.1.16
Version published
Weekly downloads
175K
2.14%
Maintainers
2
Weekly downloads
 
Created
Source

@pnpm/git-resolver

Resolver for git-hosted packages

npm version

Installation

pnpm add @pnpm/git-resolver

Usage

'use strict'
const createResolveFromNpm = require('@pnpm/git-resolver').default

const resolveFromNpm = createResolveFromNpm({})

resolveFromNpm({
  pref: 'kevva/is-negative#16fd36fe96106175d02d066171c44e2ff83bc055'
})
.then(resolveResult => console.log(JSON.stringify(resolveResult, null, 2)))
//> {
//    "id": "github.com/kevva/is-negative/16fd36fe96106175d02d066171c44e2ff83bc055",
//    "normalizedPref": "github:kevva/is-negative#16fd36fe96106175d02d066171c44e2ff83bc055",
//    "resolution": {
//      "tarball": "https://codeload.github.com/kevva/is-negative/tar.gz/16fd36fe96106175d02d066171c44e2ff83bc055"
//    },
//    "resolvedVia": "git-repository"
//  }

License

MIT

Keywords

pnpm6
pnpm
resolver
npm

FAQs

Package last updated on 12 Jan 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranked Top Community Concern

Security News

OWASP 2025 Top 10 Adds Software Supply Chain Failures, Ranked Top Community Concern

OWASP’s 2025 Top 10 introduces Software Supply Chain Failures as a new category, reflecting rising concern over dependency and build system risks.

By Sarah Gooding  -  Nov 08, 2025
9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Research

/

Security News

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.

By Kush Pandya  -  Nov 06, 2025