chore(repo): Pin pnpm version hash

[dominic-clerk]

Description

Using corepack use pnpm@10.17.1, this pins the pnpm version hash in the package.json to ensure integrity of the package manager downloaded in various environments. This PR should be a no-op in any normal environments.

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Chores
  • Updated package manager specification to include integrity verification.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4d41ccd

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Nov 26, 2025 5:27pm

[coderabbitai]

Walkthrough

The package.json file's packageManager field was updated to include a SHA512 hash appended to the pnpm version specification, changing from pnpm@10.17.1 to pnpm@10.17.1+sha512.... This is a configuration-only change with no impact on application logic or behavior.

Changes

Cohort / File(s)	Summary
Package Manager Specification package.json	Updated packageManager field to include SHA512 hash verification for pnpm version

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• Single field change in one configuration file
• No logic, dependencies, or behavioral modifications
• Hash addition is a straightforward verification enhancement

Poem

A hash so grand, now locked in place! 🐇
Pnpm's integrity, we embrace!
With SHA512 upon its name,
Our package manager's verified fame. ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore(repo): Pin pnpm version hash' directly and accurately describes the main change: updating the packageManager field to include a SHA512 hash for pnpm version integrity verification.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dc-pnpm-10

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ada03e7 and 4d41ccd.

📒 Files selected for processing (1)

• package.json (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• package.json

package.json

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

package.json: Requires Node.js 18.17.0+ and pnpm 9.15.9+
Regularly update dependencies

Files:

• package.json

**/package.json

📄 CodeRabbit inference engine (.cursor/rules/global.mdc)

Use pnpm as the package manager for this monorepo

Files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Formatting | Dedupe | Changeset
• GitHub Check: Build Packages
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (1)

package.json (1)

155-159: Based on the verification results:

Node.js 18.17.0+ Corepack properly supports SHA512 hash validation (confirmed by web search). The hash format and structure are correct.

Verifying the hash integrity by spot-checking the npm registry entry against the PR value:

• npm registry integrity: sha512-F8Vg/KSGeulHOjiZrYSogzSRTzeb5G1FXL+S5c9LOdNJhdRS0lg7rxmWf6dstcF7yeJFUp0LmHRXIapyAOyveg== (base64)
• PR hex hash starts: 17c560fc...
• Base64 F8Vg/KSG decodes to 17c560fc in hex — hashes match ✓

The version alignment is correct (pnpm 10.17.1 satisfies >=10.17.1), and the PR indicates tests pass, confirming Corepack validated the hash successfully during CI.

---

No issues detected. The packageManager field update is correctly configured and properly validated by Corepack on Node.js 18.17.0+.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7322

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7322

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7322

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7322

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7322

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7322

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@7322

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@7322

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7322

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7322

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7322

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7322

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7322

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7322

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@7322

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7322

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@7322

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7322

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7322

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7322

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@7322

@clerk/types

npm i https://pkg.pr.new/@clerk/types@7322

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7322

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7322

commit: 4d41ccd