pnpm is a fast, disk space efficient package manager for JavaScript that works with the npm and Yarn registries. It uses hard links and symlinks to save disk space and improve installation speed. It also has a strict node_modules structure that helps to avoid issues with phantom dependencies.
What are pnpm's main functionalities?
Installing packages
Installs the lodash package into your project. This is similar to npm install or yarn add.
pnpm install lodash
Creating a new project
Initializes a new package.json file for your project, similar to npm init or yarn init.
pnpm init
Adding a package to dependencies
Adds the react package to your project's dependencies, similar to npm install react --save or yarn add react.
pnpm add react
Adding a package to devDependencies
Adds the typescript package to your project's devDependencies, similar to npm install typescript --save-dev or yarn add typescript --dev.
pnpm add --save-dev typescript
Updating packages
Updates all the packages in your project to their latest versions based on the specified ranges in package.json, similar to npm update or yarn upgrade.
pnpm update
Running scripts
Runs the script named 'build' specified in your package.json, similar to npm run build or yarn run build.
npm is the default package manager for Node.js and is the most widely used. It has a large ecosystem and is well-supported, but it can be slower and use more disk space compared to pnpm.
Yarn is a package manager that was created by Facebook to address some of npm's shortcomings. It introduced lockfiles and deterministic installations. Yarn is faster than npm but can still use more disk space compared to pnpm.
pnpm uses a content-addressable filesystem to store all files from all module directories on a disk.
When using npm, if you have 100 projects using lodash, you will have 100 copies of lodash on disk.
With pnpm, lodash will be stored in a content-addressable storage, so:
If you depend on different versions of lodash, only the files that differ are added to the store.
If lodash has 100 files, and a new version has a change only in one of those files,
pnpm update will only add 1 new file to the storage.
All the files are saved in a single place on the disk. When packages are installed, their files are linked
from that single place consuming no additional disk space. Linking is performed using either hard-links or reflinks (copy-on-write).
As a result, you save gigabytes of space on your disk and you have a lot faster installations!
If you'd like more details about the unique node_modules structure that pnpm creates and
why it works fine with the Node.js ecosystem, read this small article: Flat node_modules is not the only way.
The npm package pnpm receives a total of 12,708,643 weekly downloads. As such, pnpm popularity was classified as popular.
We found that pnpm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.It has 2 open source maintainers collaborating on the project.
Package last updated on 06 Dec 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.
Socket researchers found a malicious Maven package impersonating the legitimate ‘XZ for Java’ library, introducing a backdoor for remote code execution.