Mastodawn

Frontend Dogma May 6

Add JSR Packages With pnpm and Yarn, by @lcasdev (@deno_land):

https://deno.com/blog/add-jsr-with-pnpm-yarn

#jsr #pnpm #yarn

Add JSR packages with pnpm and Yarn

You can now access JSR packages via pnpm and Yarn. Here's how.

Deno Blog

Show thread

zust Apr 25

@parksb
안녕하세요 오픈 소스에 관심있는 개발자입니다!
자정되면서 맞지 않는 부분은 어떤게 있을까요? 🤔
yarn-plugin-catalogs가 pnpm catalog 기능을 yarn에도 확장 시킨것 같은데 이런 부분에서 안맞는게 있는걸까요?
#Yarn #pnpm #javascript

Michael Gale Mar 14

Is this a thing? Am I just tired?

(ps i know I can filter instead of cd)

#pnpm #package #nodejs

brulks Mar 2

I am wondering if I should start using #pnpm instead of #npm. Not really sure about pros and cons 🤔

#javascript #nodejs

Emelia 👸🏻Feb 25

Anyone know how to fix ERR_PNPM_RECURSIVE_RUN_FIRST_FAIL errors?

I have a build script that ends up outputting a build/package.json which is a copy of the parent directories package.json — pnpm seems to want to execute that too.

My pnpm-workspaces.yaml file…

OH!!

OH FUCKING WAIT!!

it's pnpm-workspace.yaml not pnpm-workspaces.yaml 🤦‍♀️

#pnpm

Andreu Casablanca 🐀Feb 21

wait... wait! are you telling me that #pnpm supports `package.json5` instead of `package.json`??? and I learn about it years later?

I've been praying for something like this for ages... and it turns out that we already had it.

#json #json5 #javascript

Michal Bryxí 🌱Jan 23

How I Manage Node & Package Manager Versions in 2025:

https://dev.to/michalbryxi/how-i-manage-node-package-manager-versions-in-2025-97d

#NodeJS #PNPM #BlogPost #IT #Tech #WebDev #Proto #VersionManager

How I Manage Node & Package Manager Versions in 2025

Some time has passed since I wrote How I Manage Node & Package Manager Versions in 2024 and few...

DEV Community

Tane Piper ⁂Jan 12

Finally! #pnpm has disabled `postinstall` scripts by default in npm module - something I reported 8 years ago as a major security risk and provided a POC of it. Now let's see if #npm does the same... #nodejs #cyberSecurity

https://github.com/pnpm/pnpm/pull/8897

feat!: use an allow list of built dependencies by default by zkochan · Pull Request #8897 · pnpm/pnpm

By default no dependency is allowed to run lifecycle scripts during installation.

GitHub

Socket Jan 10

Big changes in @pnpm 10.0.0: Lifecycle scripts are now blocked by default to combat supply chain attacks. This change is widely supported but comes with some friction.

https://socket.dev/blog/pnpm-10-0-0-blocks-lifecycle-scripts-by-default #NodeJS #pnpm #JavaScript

pnpm 10.0.0 Blocks Lifecycle Scripts by Default - Socket

pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workf...

Socket

Axel Rauschmayer Jan 7

@pnpm 10 is out: https://github.com/pnpm/pnpm/releases/tag/v10.0.0

Interesting change: “Lifecycle scripts of dependencies are not executed during installation by default! This is a breaking change aimed at increasing security. In order to allow lifecycle scripts of specific dependencies, they should be listed in the pnpm.onlyBuiltDependencies field of package.json.”

#pnpm #JavaScript