pnpm is a fast, disk space efficient package manager for JavaScript and Node.js projects. It uses a content-addressable store and a strict, symlinked node_modules layout so every version of every package is stored exactly once on disk and projects can only access dependencies they explicitly declare. pnpm provides first-class monorepo support via pnpm-workspace.yaml, the workspace: protocol, Catalogs, package filtering, and a shared lockfile, and ships supply-chain safety features such as minimumReleaseAge, opt-in lifecycle scripts, dependency overrides, and a built-in pnpm patch workflow. Developed in the open under the MIT license on GitHub with an Open Collective sponsorship model, pnpm is used by major JavaScript projects including Next.js, Vue, Vite, Nuxt, Material UI, Prisma, Astro, and SvelteKit.
URL: Visit APIs.json
Run: Capabilities Using Naftiko
- Node.js, Package Manager, Monorepo, JavaScript, Open Source, Developer Tools, Dependency Management, CLI
- Created: 2026-05-25
- Modified: 2026-05-25
| License | MIT |
| Primary language | TypeScript (with Rust components) |
| Latest major | pnpm 11 (requires Node.js v22+) |
| Distribution | pnpm on npm, @pnpm/exe standalone binary, Homebrew, Scoop, Chocolatey, winget, Corepack, standalone install script |
| Source | github.com/pnpm/pnpm |
| Funding | Open Collective + GitHub Sponsors |
The pnpm command-line interface for managing JavaScript/Node.js packages. Provides commands for installing, updating, and removing dependencies; running package scripts; executing one-off packages via pnx (formerly dlx); publishing to registries; auditing for vulnerabilities; managing the content-addressable store; inspecting the dependency graph; and patching installed packages. As of pnpm 11, pn is a shorthand for pnpm and pnx replaces pnpm dlx.
Human URL: https://pnpm.io/pnpm-cli
- Documentation — pnpm CLI overview
- Documentation — pnpm install
- Documentation — pnpm add
- Documentation — pnpm update
- Documentation — pnpm remove
- Documentation — pnpm run
- Documentation — pnpm exec
- Documentation — pnpm dlx (pnx)
- Documentation — pnpm publish
- Documentation — pnpm audit
- Documentation — pnpm store
- Documentation — pnpm list
- Documentation — pnpm why
- Documentation — pnpm outdated
- Documentation — pnpm patch
Native monorepo support driven by a pnpm-workspace.yaml file at the repository root. Supports the workspace: protocol for explicit local package references, a shared workspace lockfile, package filtering via --filter, recursive commands across all workspace packages, and Catalogs for centralized dependency version management across a monorepo. Integrates with Changesets and Rush for multi-package releases.
Human URL: https://pnpm.io/workspaces
- Documentation — Workspaces
- Documentation — pnpm-workspace.yaml
- Documentation — Catalogs
- Documentation — Filtering
- Documentation — pnpm recursive
A content-addressable store that holds every version of every package exactly once on disk and hard-links (or reflinks) files into project node_modules. This produces a strict, non-flat dependency layout where packages can only access their declared dependencies, and saves significant disk space across projects on the same machine. Includes commands to inspect, prune, verify, and configure the store.
Human URL: https://pnpm.io/symlinked-node-modules-structure
- Documentation — Symlinked node_modules structure
- Documentation — Motivation
- Documentation — pnpm store CLI
- Documentation — store-dir config
Programmatic extension points for customizing dependency resolution and installation behavior. .pnpmfile.cjs exposes lifecycle hooks (readPackage, afterAllResolved) that let projects rewrite package manifests before installation. The pnpm block in package.json adds overrides, packageExtensions, patchedDependencies, peerDependencyRules, and neverBuiltDependencies for fine-grained dependency control without forking packages.
Human URL: https://pnpm.io/pnpmfile
- Documentation — .pnpmfile.cjs
- Documentation — pnpm.overrides
- Documentation — pnpm.packageExtensions
- Documentation — pnpm.patchedDependencies
Configuration surface for pnpm spanning .npmrc, environment variables, and pnpm-prefixed fields in package.json. Controls registry selection, authentication tokens, store location, hoisting behavior, lockfile settings, lifecycle script policy (including the supply-chain safety settings such as minimumReleaseAge and ignoredBuiltDependencies), peer dependency rules, and workspace behavior.
Human URL: https://pnpm.io/npmrc
- Documentation — .npmrc
- Documentation — package.json pnpm fields
- Documentation — pnpm config CLI
- Documentation — Settings
- Portal — pnpm.io
- GettingStarted — Installation
- Documentation — Motivation
- Documentation — pnpm CLI Reference
- Documentation — Feature comparison vs npm/Yarn
- Documentation — Benchmarks
- GitHubRepository — pnpm/pnpm
- GitHubOrganization — pnpm
- ReleaseNotes — Releases
- ChangeLog
- Legal — MIT License
- Support — GitHub Issues
- Support — GitHub Discussions
- Contact — Discord
- X — @pnpmjs
- Contact — Bluesky
- YouTube — @pnpmjs
- StackOverflow —
pnpmtag - SDK —
pnpmon npm - SDK —
@pnpm/exestandalone binary - Integrations — pnpm/action-setup (GitHub Action)
- Integrations — pnpm/setup (multi-runtime GitHub Action)
- Integrations — pnpm/exec
- Pricing — Open Collective
- Pricing — GitHub Sponsors
- Blog
- FAQ
- Showcase — Who uses pnpm
- Documentation — pnpm RFCs
- Content-addressable store — Each package version is stored once on disk and hard-linked into projects, saving substantial disk space across all projects on the machine.
- Strict, non-flat node_modules — A symlinked
node_moduleslayout means packages can only access dependencies they explicitly declare, catching phantom-dependency bugs at install time. - Up to 2x faster installs — Optimized installation pipeline that is consistently faster than npm and Yarn on cold and warm installs, especially for large monorepos.
- Native workspace and monorepo support — First-class workspaces driven by
pnpm-workspace.yamlwith the workspace protocol, recursive commands, package filtering, and Catalogs for shared version pinning. - Catalogs — Centralized dependency-version management across a monorepo so every package shares a single pinned version of common dependencies.
- Deterministic lockfile —
pnpm-lock.yamlcaptures the exact resolved dependency graph, peer relationships, and patches for reproducible installs. - Supply-chain safety controls —
minimumReleaseAgeto delay adoption of brand-new package versions,ignoredBuiltDependenciesandonlyBuiltDependenciesto opt into lifecycle scripts, and removal ofpostinstallscripts by default. - pnpm patch — Built-in workflow to patch installed dependencies and persist the patch in
pnpm.patchedDependencieswithout forking the package. - pnpm overrides and packageExtensions — Repository-level dependency rewriting and peer-dependency repair without forking upstream packages.
.pnpmfile.cjshooks —readPackageandafterAllResolvedhooks let you programmatically rewrite manifests during resolution and installation.pnx(dlx) andpnpm exec— Run packages without installing them globally, with caching in the store.- Built-in runtime management —
pnpm env installlets you manage Node.js (and other JavaScript runtime) versions directly through pnpm. - Cross-platform standalone binary — Distributed as
@pnpm/exe, a single self-contained executable that does not require an existing Node.js installation. - Corepack-compatible — First-class support for Node.js Corepack so projects can pin a specific pnpm version via
packageManagerinpackage.json. - MIT-licensed open source — Permissively licensed and developed in the open on GitHub with an Open Collective sponsorship model.
- Large JavaScript monorepos — Manage hundreds of interdependent packages with a single shared lockfile, the workspace protocol, Catalogs, and recursive commands.
- CI/CD pipeline acceleration — Cut install time substantially in CI by leveraging the content-addressable store and the official pnpm/action-setup GitHub Action.
- Disk-constrained developer machines — Share a single copy of each package version across every project on a machine, dramatically reducing disk usage compared to npm or Yarn.
- Supply-chain hardening — Use
minimumReleaseAge,ignoredBuiltDependencies, and strict lifecycle script policy to reduce exposure to malicious or compromised npm packages. - Phantom dependency detection — The strict non-flat
node_moduleslayout surfaces undeclared dependencies during local development rather than in production. - Reproducible builds —
pnpm-lock.yamlpluspnpm.overridesandpnpm.patchedDependenciesmake installations byte-reproducible across machines. - Multi-runtime JavaScript projects — Use the pnpm/setup action and
pnpm envto standardize Node.js, Bun, or Deno versions across teams.
- Node.js Corepack — pnpm is one of the package managers managed by Corepack, enabling version pinning via
packageManagerinpackage.json. - GitHub Actions — Official
pnpm/action-setupandpnpm/setupactions for installing pnpm and a JavaScript runtime in a single step. - Changesets — Recommended workflow tool for versioning and publishing packages in pnpm monorepos.
- Microsoft Rush — Rush uses pnpm under the hood for large monorepos at Microsoft and elsewhere.
- Nx — Nx integrates with pnpm workspaces for monorepo task orchestration and caching.
- Turbo (Turborepo) — First-class pnpm workspace support for incremental builds and remote caching.
- Docker — Official guidance for using pnpm in Docker images, including the standalone binary and lockfile-aware multi-stage builds.
- Verdaccio and private registries — Works with any npm-compatible registry including Verdaccio, JFrog Artifactory, GitHub Packages, and AWS CodeArtifact.
- Bit — Bit Cloud (a Platinum sponsor) uses pnpm as a foundation for component-based development.
- Vercel, Netlify, Cloudflare Pages — First-class support for pnpm in major JavaScript deployment platforms with workspace-aware installs.
- Kin Lane — apievangelist.com