Is this a thing? Am I just tired?
(ps i know I can filter instead of cd)
Recent searches
Search options
#pnpm
0 posts0 participants0 posts today
Anyone know how to fix ERR_PNPM_RECURSIVE_RUN_FIRST_FAIL errors?
I have a build script that ends up outputting a build/package.json which is a copy of the parent directories package.json — pnpm seems to want to execute that too.
My pnpm-workspaces.yaml file…
OH!!
OH FUCKING WAIT!!
it's pnpm-workspace.yaml not pnpm-workspaces.yaml 
wait... wait! are you telling me that #pnpm supports `package.json5` instead of `package.json`??? and I learn about it years later?
I've been praying for something like this for ages... and it turns out that we already had it.
Finally! #pnpm has disabled `postinstall` scripts by default in npm module - something I reported 8 years ago as a major security risk and provided a POC of it. Now let's see if #npm does the same... #nodejs #cyberSecurity
GitHubfeat!: use an allow list of built dependencies by default by zkochan · Pull Request #8897 · pnpm/pnpm
Big changes in @pnpm 10.0.0: Lifecycle scripts are now blocked by default to combat supply chain attacks. This change is widely supported but comes with some friction.
https://socket.dev/blog/pnpm-10-0-0-blocks-lifecycle-scripts-by-default #NodeJS #pnpm #JavaScript
Socketpnpm 10.0.0 Blocks Lifecycle Scripts by Default - Socketpnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workf...
@pnpm 10 is out: https://github.com/pnpm/pnpm/releases/tag/v10.0.0
Interesting change: “Lifecycle scripts of dependencies are not executed during installation by default! This is a breaking change aimed at increasing security. In order to allow lifecycle scripts of specific dependencies, they should be listed in the pnpm.onlyBuiltDependencies field of package.json.”
GitHubRelease pnpm 10 · pnpm/pnpmMajor Changes
Lifecycle scripts of dependencies are not executed during installation by default! This is a breaking change aimed at increasing security. In order to allow lifecycle scripts of spe...
Okay so i got #Headplane running manually (non-nix) on my #NixOS host, but i fail to write a working package flake.
Why oh why does it have to be a #PNPM application. The wiki does not help much either.
Did any of you know of an app where i can get inspired? Or has done it themselves?
I am so close.
If anyone needs it, here's a minimal Dockerfile for #SvelteKit node apps and #pnpm. It maximizes layer caching without eating more disk space after each run.
I'm far from being a Docker expert and it took me enough time to understand and write this, so I might as well share it 
https://git.scambier.xyz/scambier/gists/src/branch/main/Dockerfile%20SvelteKit%20Node.md
![FROM node:22-alpine AS base
ENV PNPM_HOME="/pnpm"
ENV PATH="$PNPM_HOME:$PATH"
RUN corepack enable
WORKDIR /app
# Fetch dependencies
FROM base AS install
COPY pnpm-lock.yaml ./
RUN pnpm fetch
COPY . .
# Install production dependencies
RUN pnpm install --offline --prod --frozen-lockfile
# Install dev dependencies (needed for the build step)
RUN pnpm install --offline --frozen-lockfile
# Build the app
ENV NODE_ENV=production
RUN pnpm build
ENTRYPOINT ["node", "build"]
EXPOSE 3000](https://media.hachyderm.io/media_attachments/files/113/639/870/272/550/546/original/8ce84189186729e9.png "FROM node:22-alpine AS base
ENV PNPM_HOME=\"/pnpm\"
ENV PATH=\"$PNPM_HOME:$PATH\"
RUN corepack enable
WORKDIR /app
# Fetch dependencies
FROM base AS install
COPY pnpm-lock.yaml ./
RUN pnpm fetch
COPY . .
# Install production dependencies
RUN pnpm install --offline --prod --frozen-lockfile
# Install dev dependencies (needed for the build step)
RUN pnpm install --offline --frozen-lockfile
# Build the app
ENV NODE_ENV=production
RUN pnpm build
ENTRYPOINT [\"node\", \"build\"]
EXPOSE 3000")
Replied in thread
@deadparrot That was a shitty starter repo! Monorepo with TS, instant HMR and <1m build time is state-of-the-art.
We've got to take responsibility for our tools. I was just part of an effort to migrate an app with 25 microfrontends from CRA + Yarn Classic + Jest to #Rsbuild + #pnpm + #vitest. It took a couple of weeks, while continuing work on features.
There's a lot of shitty legacy tooling, so we need to teach juniors the good stuff, and tell mgmt to smoke it and eat the costs of upgrading.
Am 9.12. darf ich in Dortmund bei der #Angular Ruhr etwas über #pnpm erzählen. Kommt gerne vorbei! https://www.meetup.com/angular-ruhr/events/304576825
MeetupHoHoHo - AngularRuhr Dez. 2024, Mon, Dec 9, 2024, 6:00 PM | MeetupHey folks,
it's that time again. We cordially invite you to celebrate the last AngularRuhr of 2024 with us at the end of the year.
We're meeting at Adesso in Dortmund and
In case you're using PNPM and always struggle with `add` syntax for anything but plain package name, my docs improvement to list out (pretty much) all the possible formats is out now: https://pnpm.io/cli/add
pnpm.iopnpm add <pkg> | pnpmInstalls a package and any packages that it depends on.
Installing EmberJS v2 addons from GitHub forks using PNPM
https://dev.to/michalbryxi/installing-emberjs-v2-addons-from-github-forks-using-pnpm-556
DEV CommunityInstalling EmberJS v2 addons from GitHub forks using PNPMThis article explains how to install EmberJS v2 addons from GitHub forks using PNPM, especially when dealing with monorepos. It provides a solution for adding a patched version of an addon from a specific commit in a GitHub fork.
Package managers:
I’m wondering whether to give pnpm a go, which seems simple enough to do.
But, that’s likely to mean updating _all_ projects at some point, as I wouldn’t want to recall what manager I use where, or install extra tooling just for managing package managers.
The question: Where does pnpm’s better performance show exactly? I understand in installing deps, yet that’s not a recurring activity for most of my projects.
Would pnpm solve a problem then?
pnpm.ioFast, disk space efficient package manager | pnpmFast, disk space efficient package manager
People versed in Javascript/Node.js package managers (npm, yarn, and company): Is there any reason that a lockfile *shouldn't* be committed to a repository?
I'm usually *for* committing lockfiles, but I've noticed some people in the JS ecosystem don't include them for reasons that are unclear to me.
New blog: "'New Job, Better Programmer'"
https://michaelchadwick.info/blog/2024/06/15/new-job-better-programmer
#development #dynamic-analysis #emberjs #eslint #husky #introspection #linting #npm #pnpm #programming #static-analysis #stylelint #testing #blog
michaelchadwick.infoAll the Info About Me - Michael Chadwickcode, audio, and life developments by michael chadwick
DEV Communitynpx alternative for pnpmHow do I npx with pnpm?
And now open source projects start to inject sponsor logos into the changelog/ release notes.
I get why they are doing it. Especially given the complex discussions around the viability and sustainability of open source.
But the release notes are really the worst place for advertisements, I feel.
I'm looking at you, #pnpm