Migrate from npm to pnpm

[Copilot]

Migrates monorepo from npm workspaces to pnpm.

Changes

• Workspace configuration: Created pnpm-workspace.yaml, removed workspaces field from root package.json
• Scripts: Updated all commands to use pnpm syntax (pnpm -r for recursive, pnpm --filter for targeting)
• Internal dependencies: Changed packages/examples/package.json to use workspace:* protocol for @objectstack-starter/core
• CI/CD: Updated workflows to use pnpm/action-setup@v4 with store path caching
• Dependabot: Simplified to single root directory (pnpm resolves all workspace dependencies from root)
• Lockfile: Generated pnpm-lock.yaml, excluded package-lock.json and yarn.lock

Example

Before:

npm run build --workspaces
npm run build -w @objectstack-starter/core

After:

pnpm -r run build
pnpm --filter @objectstack-starter/core run build

Original prompt

改用pnpm

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This PR migrates the ObjectStack Starter monorepo from npm workspaces to pnpm, modernizing the package management approach while maintaining all existing functionality.

Changes:

• Replaced npm workspaces configuration with pnpm workspace setup using pnpm-workspace.yaml
• Updated all build scripts and commands to use pnpm syntax (pnpm -r for recursive operations, pnpm --filter for targeting specific packages)
• Modified CI/CD workflows to install and cache pnpm, updating all commands from npm to pnpm
• Simplified Dependabot configuration to manage dependencies from a single root directory (consolidated from 3 separate configurations)
• Updated documentation in README.md to reflect pnpm commands

Reviewed changes

Copilot reviewed 8 out of 10 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
pnpm-workspace.yaml	Added pnpm workspace configuration defining packages directory
pnpm-lock.yaml	Generated pnpm lock file with lockfileVersion 9.0 for dependency resolution
packages/examples/package.json	Updated internal dependency to use workspace:* protocol
package.json	Removed npm workspaces field and updated all scripts to use pnpm commands
README.md	Updated installation and development commands from npm to pnpm
.gitignore	Added yarn.lock to ignored files alongside package-lock.json
.github/workflows/release.yml	Added pnpm setup with version 9 and store caching
.github/workflows/code-quality.yml	Added pnpm setup with version 9 and store caching
.github/workflows/ci.yml	Added pnpm setup with version 9 and store caching
.github/dependabot.yml	Consolidated to single root directory configuration, increased PR limit from 5 to 10

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Consider adding a "packageManager" field to specify the pnpm version being used. This ensures all developers and CI/CD environments use the same pnpm version, preventing potential compatibility issues. Based on the workflow files specifying version 9, you could add "packageManager": "pnpm@9.0.0" (or the specific version you're using) after the "private" field.

Suggested change

	"private": true,
	"private": true,
	"packageManager": "pnpm@9.0.0",

[Copilot]

The README should include a prerequisites section that mentions pnpm needs to be installed before running the project. Users who are new to pnpm won't know they need to install it first. Consider adding installation instructions before the "Installation" section, such as:

Prerequisites:

• Node.js >= 18.0.0
• pnpm (install with: npm install -g pnpm or corepack enable)

[Copilot]

The "Setup pnpm" step should be placed before "Setup Node.js" for better compatibility with corepack and to ensure pnpm is available when Node.js is configured. This is the recommended order according to pnpm's official documentation for GitHub Actions.

[Copilot]

The "Setup pnpm" step should be placed before "Setup Node.js" for better compatibility with corepack and to ensure pnpm is available when Node.js is configured. This is the recommended order according to pnpm's official documentation for GitHub Actions.

[Copilot]

The "Setup pnpm" step should be placed before "Setup Node.js" for better compatibility with corepack and to ensure pnpm is available when Node.js is configured. This is the recommended order according to pnpm's official documentation for GitHub Actions.

[Copilot]

The open-pull-requests-limit was increased from 5 to 10 for npm dependencies. Consider whether this increase is intentional and appropriate for the team's capacity to review dependency updates. With pnpm consolidating all workspace dependencies at the root, this could result in more simultaneous PRs than before.

Suggested change

	open-pull-requests-limit: 10
	open-pull-requests-limit: 5

[Copilot]

Consider specifying a more precise pnpm version (e.g., "9.0.0" or "9.15.3") instead of just "9" to ensure consistent behavior across workflow runs and prevent potential breaking changes from minor version updates. This aligns with the recommended practice of pinning versions in CI/CD pipelines.

Suggested change

	version: 9
	version: 9.0.0

[Copilot]

Consider specifying a more precise pnpm version (e.g., "9.0.0" or "9.15.3") instead of just "9" to ensure consistent behavior across workflow runs and prevent potential breaking changes from minor version updates. This aligns with the recommended practice of pinning versions in CI/CD pipelines.

Suggested change

	version: 9
	version: '9.15.3'

[Copilot]

Consider specifying a more precise pnpm version (e.g., "9.0.0" or "9.15.3") instead of just "9" to ensure consistent behavior across workflow runs and prevent potential breaking changes from minor version updates. This aligns with the recommended practice of pinning versions in CI/CD pipelines.

Suggested change

	version: 9
	version: 9.15.3