chore: npm -> pnpm VSCODE-714 #1191
Conversation
There was a problem hiding this comment.
Pull request overview
This PR migrates the project's package manager from npm to pnpm, as indicated by the ticket number VSCODE-714. The changes update build scripts, configuration files, CI/CD workflows, and documentation to use pnpm instead of npm.
Key changes include:
- Updated all npm commands to pnpm equivalents across scripts, workflows, and documentation
- Added pnpm configuration files and updated package.json with pnpm-specific settings
- Modified dependency versions and removed unused dependencies
- Updated test assertions to reflect changes in connection string formatting
Reviewed changes
Copilot reviewed 19 out of 22 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Added pnpm package manager specification, updated scripts to use pnpm, modified dependency versions, and added pnpm overrides configuration |
| README.md | Updated installation instructions to use pnpm instead of npm |
| CONTRIBUTING.md | Updated development setup and testing commands to use pnpm |
| .npmrc | Added pnpm hoisting configuration for specific packages |
| .prettierignore | Added pnpm-lock.yaml to ignored files |
| .depcheckrc | Updated ignore list formatting and added rimraf and snyk entries |
| .eslintrc.js | Added TypeScript ts-ignore comment configuration |
| scripts/snyk-test.js | Replaced npm-specific workarounds with pnpm commands, removed obsolete package-lock manipulation |
| .github/workflows/*.yaml | Updated all workflow files to use pnpm with action-setup and frozen lockfile installations |
| src/test/suite/connectionController.test.ts | Simplified connection string assertions by removing anonymous and connection ID checks |
| src/telemetry/connectionTelemetry.ts | Changed property name from dbType to serverName |
| src/mcp/*.ts | Updated MCP configuration handling to use UserConfigSchema and removed defaultUserConfig imports |
| syntaxes/mongodbInjection.tmLanguage.json | Added syntax highlighting for new MongoDB similarity operators and scoreFusion |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| expect(mongoClientConnectionOptions).to.deep.equal({ | ||
| url: `mongodb://localhost:27088/?appName=mongodb-vscode+${version}--${anonymousId}--${latestConnectionId}`, | ||
| url: `mongodb://localhost:27088/?appName=mongodb-vscode+${version}`, |
There was a problem hiding this comment.
This changed after we bumped the connection form dependency. Previously, npm had it pinned on an old version.
gagik
left a comment
gagik
left a comment
There was a problem hiding this comment.
Minor note about the set + question
| shell: bash | ||
| run: | | ||
| npm ci --omit=optional | ||
| pnpm install --frozen-lockfile |
There was a problem hiding this comment.
Does pnpm by default omit optional? I faintly recall there were some transitive optional dependencies that were problematic for the install here.
There was a problem hiding this comment.
If we omit the optional dependencies when installing, we're getting build errors: https://github.com/mongodb-js/vscode/actions/runs/19892320307/job/57013930209?pr=1191 - i.e. the atlas-local optional dependencies are missing when we try to webpack.
There was a problem hiding this comment.
Interesting - then I'd be worried about snyk output as well. We might need to double check if snyk is even evaluating the correct packages or not.
There was a problem hiding this comment.
Double checked it locally and it works as expected.
| /** | ||
| * "node_modules/@vscode/vsce-sign" package which is a dev dependency used for | ||
| * publishing extension declares platform specific optionalDependencies, namely | ||
| * the following: | ||
| * - "@vscode/vsce-sign-alpine-arm64" | ||
| * - "@vscode/vsce-sign-alpine-x64" | ||
| * - "@vscode/vsce-sign-darwin-arm64" | ||
| * - "@vscode/vsce-sign-darwin-x64" | ||
| * - "@vscode/vsce-sign-linux-arm" | ||
| * - "@vscode/vsce-sign-linux-arm64" | ||
| * - "@vscode/vsce-sign-linux-x64" | ||
| * - "@vscode/vsce-sign-win32-arm64" | ||
| * - "@vscode/vsce-sign-win32-x64" |
There was a problem hiding this comment.
Yea these were the ones! How does pnpm address these?
There was a problem hiding this comment.
this seems only relevant in the build step.
I think we were omitting optional dependencies just so we could create a workaround around us doing this, which is weird. I think this new approach should be fine unless I'm overlooking something
There was a problem hiding this comment.
It was an unfortunate workaround because Snyk decided not to ignore the dev dependencies for analysis but still a valid one because without it Snyk would fail and never get to analyse production dependencies.
Without much understanding of how Snyk plays with pnpm, I would assume that Snyk setup is broken again but I will check.
There was a problem hiding this comment.
I checked it locally and it seems to work just fine. Snyk was indeed detecting errors from our installed packages. I am curious now how snyk interacts with pnpm lock file? 😄
There was a problem hiding this comment.
I re-enabled snyk vuln report generation and also enabled uploading the report in the gha run so that we can reference it. There are a few recommendations, but will take a look at those in another PR.
| is_enterprise: build.isEnterprise, | ||
| is_genuine: genuineMongoDB.isGenuine, | ||
| non_genuine_server_name: genuineMongoDB.dbType, | ||
| non_genuine_server_name: genuineMongoDB.serverName, |
| ); | ||
| // But the active connection should | ||
| expect(testConnectionController.getActiveConnectionString()).equals( | ||
| `${TEST_DATABASE_URI}/?appName=mongodb-vscode+${version}--${anonymousId}--${connectionId}`, |
There was a problem hiding this comment.
This seems wrong - it should append the anonymous id though? Or does that happen somewhere else?
There was a problem hiding this comment.
This only gets appended when we connect to atlas: https://github.com/mongodb-js/compass/blob/305f949daaa869fd40105cf67bb41cd6940e67b5/packages/connection-form/src/utils/set-app-name-if-missing.ts#L25
There was a problem hiding this comment.
Should we have a test to ensure the id is appended for Atlas as well? If that is not already there?
There was a problem hiding this comment.
I don't think that's there already, but I'd rather leave that to a separate PR - it's a bit annoying to write.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 19 out of 22 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Description
This PR migrates the vscode project from npm to pnpm. npm has been a source of frustration on various levels and with pnpm we're getting a more predictable and significantly faster experience. There are a handful of code changes related to the migration as well as a bump of the mcp server package.