[core] Change package manager to pnpm

[Janpot]

Migrated the Core repo from Yarn Classic to pnpm.

Motivation and getting started with pnpm: https://mui-org.notion.site/pnpm-32e8449c77ce403a9f4582a86f1a6c79

Summary of the changes:

• set up the packageManager field in the root package.json
• created the pnpm-workspace.yaml file with all projects in the repository
• changes workspace project inter-dependencies to use the workspace: protocol
• replaced all occurrences of "yarn" to "pnpm" across scripts, comments, and docs (adjusting the commands where necessary)
• updated Lerna, Renovate, and CI configs to be aware of pnpm
• set up pnpm to link workspace project using build outputs (usually the "build" directory under project root). Bundlers and other tools use aliases to point to the untranspiled source code.

---

Since the question came up in Slack. Just to see what a migration looks like. This PR mostly to see how the @mui/monorepo dependency will behave in X/Toolpad

Migrated the repo up until pnpm docs:dev works. None of the other commands have been tested or migrated. Nothing in the CI pipeline has been migrated.

Some quick notes

• https://dev.to/andreychernykh/yarn-npm-to-pnpm-migration-guide-2n04

• pnpm import
   ERR_PNPM_INVALID_OVERRIDE_SELECTOR  Cannot parse the "**/@babel/core" selector in the overrides
  

  => remove **/ everywhere?

• added .npmrc with

  auto-install-peers = true
  

• replace workspace dependencies versions in package.json files with workspace:*

• scripts:

  • yarn workspace docs dev => pnpm --dir ./docs dev

[oliviertassinari]

I would be curious to see if it speed-up the CI, and by how much. It might be the biggest selling point. https://mui-org.notion.site/Migrate-to-pnpm-2a4f2e9869cf496eae183eff2aeef9a9

[Janpot]

Yep, it already feels quite fast locally. I think there's two roads to continue with this

• first try to migrate CI in this repo, to see the impact on build time to see if we should even bother porting to the other repos
• first try to make the docs work on Toolpad or X to see if we should even bother spending time migrating CI

[mnajdova]

I left few clarifying questions/comments. Would be great to validate them before merging.

[mnajdova]

Why is this no longe required?

[michaldudak]

React-docgen types live in a separate package and are simply added as a dev dependency.

[mnajdova]

Hmm, do we need to define the same package as its own dependency?

[michaldudak]

Yes, otherwise, we won't be able to access the @mui/base contents in tests.

[mnajdova]

Got it!

[mnajdova]

These changes look unrelated, should we revert in order to have a smaller pull request?

[michaldudak]

I had to change the yarn to pnpm in the message, so I figured I might as well fix the grammar and formatting bit. Revering those additional changes won't make the number of changed files smaller.

[mnajdova]

Aaah, I missed that, I thought it is just the formatting. Got ya, let's keep them.

[mnajdova]

I just left a comment above too. The pull request is anyways heavy, it would be great if we can revert this particular change.

[mnajdova]

What was failing here?

[michaldudak]

Mismatched NextJS version. I just pinned the nextjs version and removed this compiler option.

[mnajdova]

We are ready to go! 🎉 🚀

[oliviertassinari]

"preinstall": "npx only-allow pnpm",

Awesome, love to see this.

[oliviertassinari]

I think I found a regression with pnpm:

material-ui/packages/mui-base/package.json

Lines 43 to 47 in 9e0af1b

	"dependencies": {
	"@babel/runtime": "^7.23.7",
	"@floating-ui/react-dom": "^2.0.5",
	"@mui/types": "workspace:^",
	"@mui/utils": "workspace:^",

As far as I can read this: we can no longer control the minimum version dependency, we are forced to force every developer to update all their dependencies even if there are no breaking changes or reliance on new features, leading to a higher chance of package duplication in the bundle (good for our npm downloads stats, not good for end-users)

[michaldudak]

How is this different from the workflow we had with Yarn? We used to update the versions of internal dependencies each release to the most current one. Now it's done automatically by pnpm.

Anyway, if you want to allow earlier versions, pnpm does allow to do it (for example workspace:^5.0.0)

[oliviertassinari]

We used to update the versions of internal dependencies each release to the most current one.

@michaldudak It's simpler during the release process, and a lot less likely to do it wrong. But in theory, if we aren't dependent on the new feature, it's not necessary to increase the range.

Anyway, if you want to allow earlier versions, pnpm does allow to do it (for example workspace:^5.0.0)

Great to know 👍. So if we ever want to change the tradeoff, it looks like we are good.

[Janpot]

it's not necessary to increase the range.

I thought we kept versioning in lerna, if lerna wasn't increasing the range before pnpm migration, it won't increase it after. Or am I missing something?

[oliviertassinari]

I thought we kept versioning in lerna, if lerna wasn't increasing the range before pnpm migration, it won't increase it after. Or am I missing something?

@Janpot This indeed didn't change. The conclusion for me is:

• [core] Use Lerna to publish #23793 came with the cons of making it hard to have optimal scope in the dependencies. It's not great, but the alternative is worse. For external dependencies, we still manage this by hand. We only bump the scope when we know we need it.
• pnpm makes it harder for developers who check the source to know what's the actual version dependency (there is an indirection) but make it clear that it's from the same workspace.

[Janpot]

The benefit of the workspace:* version range is that it 100% guarantees that they are locally linked. pnpm will never download them from the registry. This is something that could happen in the previous setup if the versions don't match up for some reason. During publishing pnpm does all the work filling in the correct versions.

• pnpm makes it harder for developers who check the source to know what's the actual version dependency (there is an indirection) but make it clear that it's from the same workspace.

Those people should instead run

npm info @mui/material
# or
pnpm info @mui/material
# or
yarn info @mui/material

It's a much more reliable source for this information as it shows the actually published package. It's also much easier to find the dependencies of a specific version of a package by adding a version range pnpm info @mui/material@5.14.8.

[oliviertassinari]

I was curious about the CI metric impact of this PR:

• CI cost: https://docs.google.com/spreadsheets/d/1VQFM0bcX1oFrvt6tKjdqQDi5KJac_-HZcNavfvFk2tQ/edit#gid=0. I didn't see much conclusive evidence, maybe a bit more expensive but it is unclear.
• CI speed: https://app.circleci.com/insights/github/mui/material-ui/workflows/pipeline/overview?reporting-window=last-90-days median duration seems also about the same.