New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@savvy-web/pnpm-plugin-silk

Package Overview
Dependencies
Maintainers
1
Versions
22
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@savvy-web/pnpm-plugin-silk

pnpm config dependency for centralized catalog management across the Silk ecosystem.

latest
Source
npmnpm
Version
0.11.0
Version published
Maintainers
1
Created
Source

@savvy-web/pnpm-plugin-silk

npm version License: MIT Node.js pnpm

Centralized dependency version management for the Silk ecosystem via pnpm config dependencies. Share curated dependency catalogs, security overrides, and build configurations across multiple repositories from a single source of truth.

Features

  • Dual catalog strategy - Current versions for direct dependencies (catalog:silk), permissive ranges for peer dependencies (catalog:silkPeers)
  • Security overrides - Centralized CVE fixes via silkOverrides that propagate to all consuming repositories
  • Build configuration sync - Shared onlyBuiltDependencies and publicHoistPattern settings across repositories
  • Biome schema sync - Automatically updates $schema URLs in biome.json/biome.jsonc files to match the catalog version
  • Effect ecosystem management - 19 coordinated @effect/* packages across six functional groups with compatible version resolution
  • Non-destructive merging - Local definitions always take precedence with clear warnings for divergences

Installation

Add as a config dependency using pnpm:

pnpm add --config @savvy-web/pnpm-plugin-silk

This adds the package to your pnpm-workspace.yaml with the required integrity hash:

configDependencies:
  "@savvy-web/pnpm-plugin-silk": "0.3.0+sha512-..."

Quick Start

Reference Silk catalogs in your package.json:

{
  "devDependencies": {
    "typescript": "catalog:silk",
    "vitest": "catalog:silk"
  },
  "peerDependencies": {
    "typescript": "catalog:silkPeers"
  }
}

The silk catalog provides current/latest versions for direct dependencies, while silkPeers provides permissive ranges for peer dependencies. Security overrides, build script allowlists, and hoist patterns are automatically merged during pnpm install.

Documentation

For configuration details, architecture overview, and advanced usage, see docs/.

More Information

License

MIT

Keywords

pnpm
pnpm-plugin
config-dependency
catalog
monorepo
silk

FAQs

Package last updated on 28 Mar 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026