pnpm is a fast, disk space efficient package manager for JavaScript that works with the npm and Yarn registries. It uses hard links and symlinks to save disk space and improve installation speed. It also has a strict node_modules structure that helps to avoid issues with phantom dependencies.
Installing packages
Installs the lodash package into your project. This is similar to npm install or yarn add.
pnpm install lodashCreating a new project
Initializes a new package.json file for your project, similar to npm init or yarn init.
pnpm initAdding a package to dependencies
Adds the react package to your project's dependencies, similar to npm install react --save or yarn add react.
pnpm add reactAdding a package to devDependencies
Adds the typescript package to your project's devDependencies, similar to npm install typescript --save-dev or yarn add typescript --dev.
pnpm add --save-dev typescriptUpdating packages
Updates all the packages in your project to their latest versions based on the specified ranges in package.json, similar to npm update or yarn upgrade.
pnpm updateRunning scripts
Runs the script named 'build' specified in your package.json, similar to npm run build or yarn run build.
pnpm run buildnpm is the default package manager for Node.js and is the most widely used. It has a large ecosystem and is well-supported, but it can be slower and use more disk space compared to pnpm.
Yarn is a package manager that was created by Facebook to address some of npm's shortcomings. It introduced lockfiles and deterministic installations. Yarn is faster than npm but can still use more disk space compared to pnpm.
Performant npm installations
pnpm is a fast implementation of npm install. It is loosely based off ied.
Install it via npm.
npm install -g pnpm
Use pnpm in place of npm. It overrides pnpm i and pnpm install—all other commands will passthru to npm.
pnpm install lodash
pnpm uses whatever npm's configured to use as its registry. See: custom registries.
pnpm will stay in <1.0.0 until it's achieved feature parity with npm install. See roadmap for details.
time npm i babel-preset-es2015 browserify chalk debug minimist mkdirp
66.15 real 15.60 user 3.54 sys
time pnpm i babel-preset-es2015 browserify chalk debug minimist mkdirp
11.04 real 6.85 user 2.85 sys
pnpm maintains a flat storage of all your dependencies in node_modules/.store. They are then symlinked wherever they're needed.
See store layout for an explanation.
.
└─ node_modules/
├─ .store/
│ ├─ chalk@1.1.1/_/
│ │ └─ node_modules/
│ │ ├─ ansi-styles -> ../../../ansi-styles@2.1.0/_
│ │ └─ has-ansi -> ../../../has-ansi@2.0.0/_
│ ├─ ansi-styles@2.1.0/_/
│ └─ has-ansi@2.0.0/_/
└─ chalk -> .store/chalk@1.1.1/_
pnpm © 2016+, Rico Sta. Cruz. Released under the MIT License.
Authored and maintained by Rico Sta. Cruz with help from contributors (list).
ricostacruz.com · GitHub @rstacruz · Twitter @rstacruz
FAQs
Fast, disk space efficient package manager
The npm package pnpm receives a total of 16,607,467 weekly downloads. As such, pnpm popularity was classified as popular.
We found that pnpm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
vlt's new "reproduce" tool verifies npm packages against their source code, outperforming traditional provenance adoption in the JavaScript ecosystem.
Research
Security News
Socket researchers uncovered a malicious PyPI package exploiting Deezer’s API to enable coordinated music piracy through API abuse and C2 server control.
Research
The Socket Research Team discovered a malicious npm package, '@ton-wallet/create', stealing cryptocurrency wallet keys from developers and users in the TON ecosystem.