Gathering detailed insights and metrics for pnpm
Gathering detailed insights and metrics for pnpm
Gathering detailed insights and metrics for pnpm
Gathering detailed insights and metrics for pnpm
npm install pnpm
Typescript
Module System
Min. Node Version
Node Version
NPM Version
TypeScript (99.44%)
JavaScript (0.54%)
Batchfile (0.02%)
Total Downloads
1,635,878,018
Last Day
4,809,813
Last Week
25,599,255
Last Month
113,933,978
Last Year
969,838,815
MIT License
32,084 Stars
9,838 Commits
1,160 Forks
143 Watchers
281 Branches
329 Contributors
Updated on Jul 11, 2025
Latest Version
10.13.0
Package Id
pnpm@10.13.0
Unpacked Size
16.85 MB
Size
4.01 MB
File Count
1,111
NPM Version
10.8.2
Node Version
20.19.3
Published on
Jul 09, 2025
Cumulative downloads
Total Downloads
Last Day
7.5%
4,809,813
Compared to previous day
Last Week
-2%
25,599,255
Compared to previous week
Last Month
12.9%
113,933,978
Compared to previous month
Last Year
103.4%
969,838,815
Compared to previous year
No dependencies detected.
简体中文 | 日本語 | 한국어 | Italiano | Português Brasileiro
Fast, disk space efficient package manager:
node_modules
are linked from a single content-addressable storage.package.json
.pnpm-lock.yaml
.To quote the Rush team:
Microsoft uses pnpm in Rush repos with hundreds of projects and hundreds of PRs per day, and we’ve found it to be very fast and reliable.
|
|
|
|
|
|
|
|
![]() |
|
|
|
|
|
Support this project by becoming a sponsor.
pnpm uses a content-addressable filesystem to store all files from all module directories on a disk. When using npm, if you have 100 projects using lodash, you will have 100 copies of lodash on disk. With pnpm, lodash will be stored in a content-addressable storage, so:
pnpm update
will only add 1 new file to the storage.As a result, you save gigabytes of space on your disk and you have a lot faster installations!
If you'd like more details about the unique node_modules
structure that pnpm creates and
why it works fine with the Node.js ecosystem, read this small article: Flat node_modules is not the only way.
💖 Like this project? Let people know with a tweet
pnpm is up to 2x faster than npm and Yarn classic. See all benchmarks here.
Benchmarks on an app with lots of dependencies:
7.5/10
Summary
pnpm incorrectly parses tar archives relative to specification
Affected Versions
>= 8.0.0, < 8.6.8
Patched Versions
8.6.8
7.5/10
Summary
pnpm incorrectly parses tar archives relative to specification
Affected Versions
< 7.33.4
Patched Versions
7.33.4
8.8/10
Summary
Untrusted Search Path in PNPM
Affected Versions
< 6.15.1
Patched Versions
6.15.1
6.5/10
Summary
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
Affected Versions
< 10.0.0
Patched Versions
10.0.0
0/10
Summary
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Affected Versions
< 9.15.0
Patched Versions
9.15.0
Reason
security policy file detected
Details
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Reason
GitHub workflow tokens follow principle of least privilege
Details
Reason
license file detected
Details
Reason
no binaries found in the repo
Reason
SAST tool is run on all commits
Details
Reason
Found 17/30 approved changesets -- score normalized to 5
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
Project has not signed or included provenance with any releases.
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
project is not fuzzed
Details
Reason
119 existing vulnerabilities detected
Details
Score
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More