Introduction
Are you tired of your node_modules folder eating up all your disk space? Slow installations got you down? Worried about security holes in your dependencies? There is a better way!
pnpm is a modern package manager. It solves these problems with a new approach. It saves disk space, installs packages faster, and boosts security. Plus, it handles monorepos with ease.
This guide is your one-stop shop for pnpm. We'll cover the basics, benefits, how to use it, and cool advanced features. Let's get started!
Understanding pnpm's Core Concepts
pnpm isn't like npm or Yarn. It works differently under the hood.
How pnpm Uses Hard Links and Symlinks
pnpm uses hard links and symlinks to build a node_modules folder that is not flat. It has a global store. This store keeps one copy of each package.
When you install a package, pnpm creates hard links to it in a virtual store. Then, it uses symlinks to link these packages into your project's node_modules folder.
Imagine it like this: The global store is your library. The virtual store is a temporary shelf. Your project's node_modules is your bookshelf. pnpm only puts books on your shelf that you need.
This is possible thanks to content-addressable storage. Each package version is saved based on its content. If you install the same version in many projects, it's only saved once.
The node_modules Structure: Flat vs. Nested
npm and Yarn create a flat node_modules folder. All dependencies are in one level. pnpm creates a nested structure. Dependencies are organized based on how they depend on each other.
-
Flat structure advantages: simpler, easier to debug. Disadvantages: wastes space, can lead to dependency confusion.
-
Nested structure advantages: saves space, prevents sneaky dependencies. Disadvantages: can be more complex.
The pnpm-lock.yaml File
The pnpm-lock.yaml file keeps track of the exact versions of your dependencies. It makes sure everyone on your team uses the same versions. This avoids problems caused by different versions.
It lists every dependency and its sub-dependencies. It includes their exact versions and where to get them.
This file is different from package-lock.json (npm) and yarn.lock (Yarn). pnpm's lockfile is more strict, making sure everything is the same.
Benefits of Using pnpm
Why should you switch to pnpm? Let's look at the benefits.
Disk Space Efficiency
pnpm saves a lot of disk space. It only saves one copy of each package version. Other package managers save multiple copies.
If you have many projects, this can really add up. Some users report saving gigabytes of space by switching to pnpm. Hard links are responsible for this efficiency.
Installation Speed
pnpm installs packages fast. It can install many packages at the same time. It also uses a cache to speed things up.
If a package is already in the global store, pnpm just links to it. It doesn't need to download it again.
Enhanced Security
pnpm's nested node_modules structure boosts security. It prevents phantom dependencies. These dependencies can be used even if they are not listed in your package.json file.
With pnpm, you can only use dependencies that you've declared. This reduces the risk of security holes.
pnpm also supports security audits. You can check your dependencies for known problems.
Monorepo Support
pnpm has built-in monorepo support. A monorepo is a single repository that contains multiple packages.
pnpm workspaces make it easy to manage monorepos. You can share code and dependencies between packages. This can save time and effort.
Getting Started with pnpm
Ready to try pnpm? Here's how to get started.
Installation
You can install pnpm globally using npm:
.ssh1npm install -g pnpmOr you can use Corepack:
.ssh1corepack enable pnpmYou can also install it alone. After install, check the installation:
.ssh1pnpm --versionBasic pnpm Commands
Here are some basic pnpm commands:
- pnpm install: Installs dependencies from package.json.
- pnpm add <package>: Adds a new dependency to package.json.
- pnpm remove <package>: Removes a dependency.
- pnpm update: Updates dependencies to the latest versions.
- pnpm run <script>: Runs a script defined in package.json.
For example, to install the react package, run:
.ssh1pnpm add reactMigrating from npm or Yarn
Migrating from npm or Yarn to pnpm is easy. First, remove your old node_modules folder and lockfile.
.ssh1rm -rf node_modules package-lock.json yarn.lockThen, run pnpm install. pnpm will create a new node_modules folder and pnpm-lock.yaml file. You may need to update your scripts in package.json.
Advanced pnpm Features
pnpm has many cool advanced features.
pnpmfile.js
The pnpmfile.js file lets you change dependencies during installation. You can use it to patch dependencies or change their configurations.
For example, you can replace a dependency with a different version. Or you can add a postinstall script to a package.
Configuration Options
You can configure pnpm using .npmrc and pnpm-workspace.yaml files. These files let you set up registries, configure caching, and change install behavior.
You can set a custom registry:
.ssh1registry=https://my.custom.registry.com/Working with Docker
pnpm works great in Docker containers. To shrink your Docker image size and speed up build times, you can cache dependencies in Docker layers.
Use multi-stage builds. First, install dependencies. Then, copy only the necessary files to the final image.
Conclusion
pnpm is a powerful package manager with many benefits. It saves disk space, installs packages faster, and enhances security. It also supports monorepos.
Give pnpm a try! Explore its features. See how it can improve your projects.