Gathering detailed insights and metrics for pnpm
Gathering detailed insights and metrics for pnpm
Gathering detailed insights and metrics for pnpm
Gathering detailed insights and metrics for pnpm
npm install pnpm
Typescript
Module System
Min. Node Version
Node Version
NPM Version
65.3
Supply Chain
100
Quality
96.6
Maintenance
100
Vulnerability
99.6
License
TypeScript (99.4%)
JavaScript (0.53%)
Shell (0.06%)
Batchfile (0.02%)
Total
1,002,621,793
Last Day
835,359
Last Week
17,599,177
Last Month
74,332,633
Last Year
661,303,397
30,005 Stars
9,401 Commits
1,027 Forks
140 Watching
258 Branches
296 Contributors
Latest Version
9.15.0
Package Id
pnpm@9.15.0
Unpacked Size
16.68 MB
Size
4.12 MB
File Count
901
NPM Version
10.8.2
Node Version
20.18.1
Publised On
06 Dec 2024
Cumulative downloads
Total Downloads
Last day
15.6%
835,359
Compared to previous day
Last week
9%
17,599,177
Compared to previous week
Last month
-1.3%
74,332,633
Compared to previous month
Last year
149.8%
661,303,397
Compared to previous year
No dependencies detected.
简体ä¸æ–‡ | 日本語 | í•œêµì–´ | Italiano | Português Brasileiro
Fast, disk space efficient package manager:
node_modules
are linked from a single content-addressable storage.package.json
.pnpm-lock.yaml
.To quote the Rush team:
Microsoft uses pnpm in Rush repos with hundreds of projects and hundreds of PRs per day, and we’ve found it to be very fast and reliable.
Support this project by becoming a sponsor.
pnpm uses a content-addressable filesystem to store all files from all module directories on a disk. When using npm, if you have 100 projects using lodash, you will have 100 copies of lodash on disk. With pnpm, lodash will be stored in a content-addressable storage, so:
pnpm update
will only add 1 new file to the storage.As a result, you save gigabytes of space on your disk and you have a lot faster installations!
If you'd like more details about the unique node_modules
structure that pnpm creates and
why it works fine with the Node.js ecosystem, read this small article: Flat node_modules is not the only way.
💖 Like this project? Let people know with a tweet
pnpm is up to 2x faster than npm and Yarn classic. See all benchmarks here.
Benchmarks on an app with lots of dependencies:
Thank you to all our backers! Become a backer
This project exists thanks to all the people who contribute. Contribute.
Stable Version
3
7.5/10
Summary
pnpm incorrectly parses tar archives relative to specification
Affected Versions
>= 8.0.0, < 8.6.8
Patched Versions
8.6.8
7.5/10
Summary
pnpm incorrectly parses tar archives relative to specification
Affected Versions
< 7.33.4
Patched Versions
7.33.4
8.8/10
Summary
Untrusted Search Path in PNPM
Affected Versions
< 6.15.1
Patched Versions
6.15.1
Reason
30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
Reason
license file detected
Details
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
Reason
no binaries found in the repo
Reason
SAST tool detected but not run on all commits
Details
Reason
Found 10/30 approved changesets -- score normalized to 3
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
Project has not signed or included provenance with any releases.
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
project is not fuzzed
Details
Reason
49 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-12-02
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More