pnpm
antfu/skills
Fast, disk-space efficient Node.js package manager with strict dependency resolution and monorepo support.
What is pnpm?
pnpm is a package manager for Node.js projects that uses content-addressable storage to deduplicate packages and enforces strict dependency resolution by default. Use it when you need efficient dependency management, monorepo/workspace support, or advanced features like catalogs, patches, and overrides.
- Manage dependencies with strict resolution preventing phantom dependencies
- Configure and run monorepos via pnpm-workspace.yaml with workspace filtering
- Define centralized dependency versions using catalogs and enforce them across projects
- Patch third-party packages and override transitive/peer dependencies
- Share configuration, hooks, catalogs, and patches across repositories via configDependencies
- Support peer dependency auto-install with strict mode and deduplication rules
How to install pnpm
npx skills add https://github.com/antfu/skills --skill pnpm- Node.js installed on your system
How to use pnpm
- 1.Run pnpm install to install dependencies listed in pnpm-lock.yaml
- 2.Check pnpm-workspace.yaml for workspace structure and configuration settings
- 3.Use pnpm add/remove/update to manage dependencies in the current package
- 4.Run pnpm run <script> to execute scripts defined in package.json
- 5.Use pnpm --filter <package> to run commands in specific workspace packages
- 6.Configure catalogs in pnpm-workspace.yaml to centralize dependency versions
- 7.Define patches in pnpm-workspace.yaml under patchedDependencies to modify third-party packages
Use cases
- Setting up a monorepo with multiple interdependent packages and shared lockfile
- Centralizing dependency versions across many projects using catalogs
- Patching a third-party package without forking or waiting for upstream fixes
- Migrating from npm or Yarn to pnpm while eliminating phantom dependencies
- Configuring CI/CD pipelines with frozen lockfiles and store caching for reproducible builds
- Node.js developers managing single or multi-package projects
- Monorepo maintainers coordinating dependencies across many packages
- Teams implementing supply-chain security and build approval workflows
- DevOps engineers setting up CI/CD with pnpm in Docker or GitHub Actions
pnpm FAQ
Settings live in pnpm-workspace.yaml (and global config.yaml) using camelCase keys. The .npmrc file is used only for authentication and registry credentials, not general configuration.
Always use pnpm ci or --frozen-lockfile in CI environments to ensure reproducible builds from the locked dependency versions.
pnpm uses a content-addressable store to deduplicate packages across all projects on your machine, storing each package version only once and linking to it from projects that need it.
Yes. pnpm has built-in monorepo support via pnpm-workspace.yaml, shared lockfiles, workspace filtering, and packageConfigs for per-package settings.
Define the patch in pnpm-workspace.yaml under patchedDependencies, then pnpm will apply it during installation.
Full instructions (SKILL.md)
Source of truth, from antfu/skills.
name: pnpm description: Node.js package manager with strict dependency resolution. Use when running pnpm specific commands, configuring workspaces via pnpm-workspace.yaml, or managing dependencies with catalogs, patches, overrides, config dependencies, or the global virtual store. metadata: author: Anthony Fu version: "2026.6.22" source: Generated from https://github.com/pnpm/pnpm, scripts located at https://github.com/antfu/skills
pnpm is a fast, disk space efficient package manager. It uses a content-addressable store to deduplicate packages across all projects on a machine, and enforces strict dependency resolution by default, preventing phantom dependencies.
Configuration model (important): pnpm settings now live in pnpm-workspace.yaml (and the global config.yaml) using camelCase keys. .npmrc is used only for authentication/registry credentials, and the pnpm field of package.json is no longer read. When working in a pnpm project, check pnpm-workspace.yaml for settings/workspace structure and .npmrc only for auth. Always use --frozen-lockfile (or pnpm ci) in CI.
The skill is based on pnpm 10.x, generated at 2026-06-22. It also covers v11 behavior changes (config split, isolated global packages,
allowBuilds,pmOnFail, global virtual store) where current docs describe them.
Core
| Topic | Description | Reference |
|---|---|---|
| CLI Commands | install/add/remove/update, run, dlx/pnx, workspace, runtime, publishing (version, view, sbom, stage) | core-cli |
| Configuration | pnpm-workspace.yaml settings (camelCase), global config.yaml, packageConfigs, .npmrc auth | core-config |
| Workspaces | Monorepo support: filtering, workspace protocol, shared lockfile, packageConfigs | core-workspaces |
| Store | Content-addressable store, virtual store, node linker modes, frozen/read-only store | core-store |
Features
| Topic | Description | Reference |
|---|---|---|
| Catalogs | Centralized dependency versions; catalogMode, catalog: in overrides | features-catalogs |
| Overrides | Force versions (incl. transitive & peer deps); packageExtensions | features-overrides |
| Patches | Modify third-party packages; patchedDependencies in pnpm-workspace.yaml | features-patches |
| Aliases | Install under custom names (npm:) and registry aliases (namedRegistries) | features-aliases |
| Hooks | .pnpmfile.mjs hooks (readPackage, updateConfig, beforePacking), finders, resolvers/fetchers | features-hooks |
| Peer Dependencies | Auto-install, strict mode, rules, dedupePeers, peers check | features-peer-deps |
| Config Dependencies | Share hooks/settings/catalogs/patches across repos via configDependencies | features-config-dependencies |
| Global Virtual Store | Shared node_modules, git-worktree multi-agent setups, isolated global packages | features-global-virtual-store |
| Supply-Chain Security | Build approval (allowBuilds), minimumReleaseAge, trustPolicy, lockfile integrity | features-supply-chain-security |
Best Practices
| Topic | Description | Reference |
|---|---|---|
| CI/CD Setup | GitHub Actions, GitLab, Docker, pnpm ci, store caching, frozen lockfiles | best-practices-ci |
| Migration | npm/Yarn → pnpm, phantom deps, and pnpm v10 → v11 config migration | best-practices-migration |
| Performance | Install optimizations, allowBuilds, global virtual store, workspace parallelization | best-practices-performance |
Related skills
More from antfu/skills and the wider catalog.
vite
Next-generation frontend build tool with fast dev server and optimized production builds.
vue
Vue 3 Composition API with script setup, reactivity, and built-in components for modern SFCs.
vitest
Jest-compatible unit testing framework powered by Vite with native ESM, TypeScript, and JSX support.
vue-best-practices
Vue 3 best practices guide: Composition API, TypeScript, and component architecture for maintainable applications.
nuxt
Full-stack Vue framework with SSR, file-based routing, auto-imports, and universal deployment via Nitro.
vueuse-functions
Apply VueUse composables to build concise, maintainable Vue.js and Nuxt features.