Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@pnpm/lockfile.fs

Package Overview
Dependencies
Maintainers
2
Versions
46
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@pnpm/lockfile.fs

Read/write pnpm-lock.yaml files

Source
npmnpm
Version
1001.1.22
Version published
Maintainers
2
Created
Source

@pnpm/lockfile.fs

Read/write pnpm-lock.yaml files

Reads and writes the wanted (pnpm-lock.yaml) and current (node_modules/.pnpm-lock.yaml) lockfile files of pnpm. Lockfile files are the state files of the node_modules installed via pnpm. They are like the package-lock.json of npm or the yarn.lock of Yarn.

Install

pnpm add @pnpm/lockfile.fs

API

readWantedLockfile(pkgPath, opts) => Promise<Lockfile>

Reads the pnpm-lock.yaml file from the root of the package.

Arguments

  • pkgPath - Path - the path to the project
  • opts.ignoreIncompatible - Boolean - false by default. If true, throws an error if the lockfile file format is not compatible with the current library.

readCurrentLockfile(virtualStoreDir, opts) => Promise<Lockfile>

Reads the lockfile file from <virtualStoreDir>/lock.yaml.

existsNonEmptyWantedLockfile(pkgPath) => Promise<Boolean>

Returns true if a pnpm-lock.yaml exists in the root of the package.

writeLockfiles(opts) => Promise<void>

Writes the wanted/current lockfile files. When they are empty, removes them.

Arguments

  • opts.wantedLockfile
  • opts.wantedLockfileDir
  • opts.currentLockfile
  • opts.currentLockfileDir
  • [opts.forceSharedFormat]

writeWantedLockfile(pkgPath, wantedLockfile) => Promise<void>

Writes the wanted lockfile file only. Sometimes it is needed just to update the wanted lockfile without touching node_modules.

writeCurrentLockfile(virtualStoreDir, currentLockfile) => Promise<void>

Writes the current lockfile file only.

License

MIT

Keywords

pnpm
pnpm10
lockfile
shrinkwrap

FAQs

Package last updated on 09 Nov 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Meet the Socket Team at RSAC and BSidesSF 2026

Company News

Meet the Socket Team at RSAC and BSidesSF 2026

Join Socket for live demos, rooftop happy hours, and one-on-one meetings during BSidesSF and RSA 2026 in San Francisco.

By Sarah Gooding  -  Mar 03, 2026
Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT

Research

/

Security News

Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT

Malicious Packagist packages disguised as Laravel utilities install an encrypted PHP RAT via Composer dependencies, enabling remote access and C2 callbacks.

By Kush Pandya  -  Mar 03, 2026