You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP

pnpm

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install
p

pnpm

Fast, disk space efficient package manager

10.13.1
latest
next-10
latest-10
100

Supply Chain Security

100

Vulnerability

100

Quality

97

Maintenance

100

License

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Dependencies have 33 high and critical alerts.

Critical CVE, Socket optimized override available, and High CVE

Version published
Weekly downloads
27M
7.06%
Maintainers
2
Weekly downloads
 
Created
Issues
1910

What is pnpm?

pnpm is a fast, disk space efficient package manager for JavaScript that works with the npm and Yarn registries. It uses hard links and symlinks to save disk space and improve installation speed. It also has a strict node_modules structure that helps to avoid issues with phantom dependencies.

What are pnpm's main functionalities?

Installing packages

Installs the lodash package into your project. This is similar to npm install or yarn add.

pnpm install lodash

Creating a new project

Initializes a new package.json file for your project, similar to npm init or yarn init.

pnpm init

Adding a package to dependencies

Adds the react package to your project's dependencies, similar to npm install react --save or yarn add react.

pnpm add react

Adding a package to devDependencies

Adds the typescript package to your project's devDependencies, similar to npm install typescript --save-dev or yarn add typescript --dev.

pnpm add --save-dev typescript

Updating packages

Updates all the packages in your project to their latest versions based on the specified ranges in package.json, similar to npm update or yarn upgrade.

pnpm update

Running scripts

Runs the script named 'build' specified in your package.json, similar to npm run build or yarn run build.

pnpm run build

Other packages similar to pnpm

FAQs

Package last updated on 09 Jul 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts