Summary
The Intent docs and CLI responses currently hardcode npx in installation/usage instructions. It would be better to detect the package manager used by the current project and render commands accordingly (pnpm dlx, yarn dlx, bunx, npx, etc.).
This applies to both:
- Web documentation
- CLI output / suggested follow-up commands
Why this matters
Hardcoding npx is problematic for projects that do not use npm as their package manager:
npx is noticeably slower than the native package-manager runner in many environments.- More importantly,
npx bypasses package-manager-specific policy and security controls configured by the repository.
For example, pnpm supports security-related settings such as minimumReleaseAge. If Intent tells users to run an npx command in a pnpm-managed repo, that command may not respect the repo's pnpm policy expectations.
Expected behavior
Intent should detect the package manager from the current workspace where possible, using files such as:
packageManager in package.jsonpnpm-lock.yamlyarn.lockbun.lock / bun.lockbpackage-lock.json
Then documentation/CLI suggestions should use the matching runner. For example:
pnpm dlx @tanstack/intent@latest list
instead of:
npx @tanstack/intent@latest list
Fallback behavior
If no package manager can be detected, falling back to npx seems reasonable. But when the project clearly uses pnpm/yarn/bun, the generated instructions should avoid npm-specific commands.
Summary
The Intent docs and CLI responses currently hardcode
npxin installation/usage instructions. It would be better to detect the package manager used by the current project and render commands accordingly (pnpm dlx,yarn dlx,bunx,npx, etc.).This applies to both:
Why this matters
Hardcoding
npxis problematic for projects that do not use npm as their package manager:npxis noticeably slower than the native package-manager runner in many environments.npxbypasses package-manager-specific policy and security controls configured by the repository.For example, pnpm supports security-related settings such as
minimumReleaseAge. If Intent tells users to run annpxcommand in a pnpm-managed repo, that command may not respect the repo's pnpm policy expectations.Expected behavior
Intent should detect the package manager from the current workspace where possible, using files such as:
packageManagerinpackage.jsonpnpm-lock.yamlyarn.lockbun.lock/bun.lockbpackage-lock.jsonThen documentation/CLI suggestions should use the matching runner. For example:
instead of:
Fallback behavior
If no package manager can be detected, falling back to
npxseems reasonable. But when the project clearly uses pnpm/yarn/bun, the generated instructions should avoid npm-specific commands.