Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
pnpm 10.x reference skill covering workspaces, catalogs, patches, peer deps, overrides, and CI/CD caching strategies.
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/best-practices-migration.md
1---2name: migration-to-pnpm3description: Migrating from npm or Yarn to pnpm with minimal friction4---56# Migration to pnpm78Guide for migrating existing projects from npm or Yarn to pnpm, plus upgrading pnpm v10 → v11.910## Upgrading pnpm v10 → v111112v11 changes how configuration is read. Most of it is mechanical — run the codemod:1314```bash15cd /path/to/project16pnpx codemod run pnpm-v10-to-v1117```1819The codemod automatically:2021- **Moves `package.json#pnpm` settings into `pnpm-workspace.yaml`** (the `pnpm` field is no longer read).22- **Splits `.npmrc`**: only auth/registry settings stay in `.npmrc`; every other key moves to `pnpm-workspace.yaml` as **camelCase** (e.g. `node-linker` → `nodeLinker`). Per-subproject `.npmrc` files become `packageConfigs["<name>"]`.23- **Consolidates build settings** (`onlyBuiltDependencies`, `neverBuiltDependencies`, `ignoredBuiltDependencies`, `onlyBuiltDependenciesFile`) into one `allowBuilds: { name: true|false }` map.24- **Replaces** `managePackageManagerVersions`/`packageManagerStrict`/`packageManagerStrictVersion` with `pmOnFail: download|ignore|warn|error`.25- **Renames** `allowNonAppliedPatches` → `allowUnusedPatches`, `auditConfig.ignoreCves` → `auditConfig.ignoreGhsas`.26- **Converts** `useNodeVersion` → `devEngines.runtime`, and bumps `packageManager`.2728Manual follow-ups (not automatable):2930- Convert `CVE-…` IDs to `GHSA-…` in `auditConfig.ignoreGhsas`.31- `ignorePatchFailures` removed — failed patches now always throw.32- `npm_config_*` env vars → `pnpm_config_*` (CI, shell profiles, Docker).33- `pnpm link <name>` → use a path (`pnpm link ./foo`); `pnpm link --global` → `pnpm add -g .`.34- `pnpm install -g` (no args) and `pnpm server` removed.35- A `package.json` script named `clean`/`setup`/`deploy`/`rebuild` now shadows the built-in — use `pnpm pm <name>` for the built-in.3637## Migrating from npm / Yarn3839## Quick Migration4041### From npm4243```bash44# Remove npm lockfile and node_modules45rm -rf node_modules package-lock.json4647# Install with pnpm48pnpm install49```5051### From Yarn5253```bash54# Remove yarn lockfile and node_modules55rm -rf node_modules yarn.lock5657# Install with pnpm58pnpm install59```6061### Import Existing Lockfile6263pnpm can import existing lockfiles:6465```bash66# Import from npm or yarn lockfile67pnpm import6869# This creates pnpm-lock.yaml from:70# - package-lock.json (npm)71# - yarn.lock (yarn)72# - npm-shrinkwrap.json (npm)73```7475## Handling Common Issues7677### Phantom Dependencies7879pnpm is strict about dependencies. If code imports a package not in `package.json`, it will fail.8081**Problem:**82```js83// Works with npm (hoisted), fails with pnpm84import lodash from 'lodash' // Not in dependencies, installed by another package85```8687**Solution:** Add missing dependencies explicitly:88```bash89pnpm add lodash90```9192### Missing Peer Dependencies9394pnpm reports peer dependency issues by default.9596**Option 1:** Let pnpm auto-install (default in v8+):97```yaml title="pnpm-workspace.yaml"98autoInstallPeers: true99```100101**Option 2:** Install manually:102```bash103pnpm add react react-dom104```105106**Option 3:** Suppress warnings if acceptable:107```yaml title="pnpm-workspace.yaml"108peerDependencyRules:109ignoreMissing:110- react111```112113### Symlink Issues114115Some tools don't work with symlinks. Use hoisted mode:116117```yaml title="pnpm-workspace.yaml"118nodeLinker: hoisted119```120121Or hoist specific packages:122123```yaml title="pnpm-workspace.yaml"124publicHoistPattern:125- '*eslint*'126- '*babel*'127```128129### Native Module Rebuilds130131If native modules fail, try:132133```bash134# Rebuild all native modules135pnpm rebuild136137# Or reinstall138rm -rf node_modules139pnpm install140```141142## Monorepo Migration143144### From npm Workspaces1451461. Create `pnpm-workspace.yaml`:147```yaml148packages:149- 'packages/*'150```1511522. Update internal dependencies to use workspace protocol:153```json154{155"dependencies": {156"@myorg/utils": "workspace:^"157}158}159```1601613. Install:162```bash163rm -rf node_modules packages/*/node_modules package-lock.json164pnpm install165```166167### From Yarn Workspaces1681691. Remove Yarn-specific files:170```bash171rm yarn.lock .yarnrc.yml172rm -rf .yarn173```1741752. Create `pnpm-workspace.yaml` matching `workspaces` in package.json:176```yaml177packages:178- 'packages/*'179```1801813. Update `package.json` - remove Yarn workspace config if not needed:182```json183{184// Remove "workspaces" field (optional, pnpm uses pnpm-workspace.yaml)185}186```1871884. Convert workspace references:189```json190// From Yarn191"@myorg/utils": "*"192193// To pnpm194"@myorg/utils": "workspace:*"195```196197### From Lerna198199pnpm can replace Lerna for most use cases:200201```bash202# Lerna: run script in all packages203lerna run build204205# pnpm equivalent206pnpm -r run build207208# Lerna: run in specific package209lerna run build --scope=@myorg/app210211# pnpm equivalent212pnpm --filter @myorg/app run build213214# Lerna: publish215lerna publish216217# pnpm: use changesets instead218pnpm add -Dw @changesets/cli219pnpm changeset220pnpm changeset version221pnpm publish -r222```223224## Configuration Migration225226Keep only **auth/registry** in `.npmrc`; put everything else in `pnpm-workspace.yaml` (camelCase).227228```ini title=".npmrc (auth only, gitignored)"229//registry.npmjs.org/:_authToken=${NPM_TOKEN}230//npm.myorg.com/:_authToken=${MYORG_TOKEN}231```232233```yaml title="pnpm-workspace.yaml"234registries:235default: https://registry.npmjs.org/236'@myorg': https://npm.myorg.com/237autoInstallPeers: true238strictPeerDependencies: false239```240241### Scripts Migration242243Most scripts work unchanged. Update pnpm-specific patterns:244245```json246{247"scripts": {248// npm: recursive scripts249"build:all": "npm run build --workspaces",250// pnpm: use -r flag251"build:all": "pnpm -r run build",252253// npm: run in specific workspace254"dev:app": "npm run dev -w packages/app",255// pnpm: use --filter256"dev:app": "pnpm --filter @myorg/app run dev"257}258}259```260261## CI/CD Migration262263Update CI configuration:264265```yaml266# Before (npm)267- run: npm ci268269# After (pnpm)270- uses: pnpm/action-setup@v4271- run: pnpm install --frozen-lockfile # or: pnpm ci272```273274Add to `package.json` for Corepack:275```json276{277"packageManager": "[email protected]"278}279```280281## Gradual Migration282283For large projects, migrate gradually:2842851. **Start with CI**: Use pnpm in CI, keep npm/yarn locally2862. **Add pnpm-lock.yaml**: Run `pnpm import` to create lockfile2873. **Test thoroughly**: Ensure builds work with pnpm2884. **Update documentation**: Update README, CONTRIBUTING2895. **Remove old files**: Delete old lockfiles after team adoption290291## Rollback Plan292293If migration causes issues:294295```bash296# Remove pnpm files297rm -rf node_modules pnpm-lock.yaml pnpm-workspace.yaml298299# Restore npm300npm install301302# Or restore Yarn303yarn install304```305306Keep old lockfile in git history for easy rollback.307308<!--309Source references:310- https://pnpm.io/migration311- https://pnpm.io/cli/import312- https://pnpm.io/configuring313-->314315