Skip to main content

pnpm

· 3 min read
Shi Xinyu
Shi Xinyu
Front End Developer

pnpm is a package manager for Node.js packages, or any other packages that are compatible with the npm ecosystem. It is optimized for fast installations and uses a shared cache for all packages.

why we use only pnpm is that it 1. saves disk space. 2. it solved the problem of phantom dependencies.

you will get a pnpm-lock.yaml file in your project. Ideally you don't need to commit it. For this file are to be a pure function of package.json. But in reality, we need to commit it. Some packages in package.json are labeled with a version range.

{
  "dependencies": {
    "react": "^16.13.1",
    "react-dom": "^16.13.1"
  }
}

here ^ means that the version range is any version that is compatible.

When you run pnpm install, pnpm will install the latest version of react and react-dom. If you run pnpm install again, pnpm will install the latest version of react and react-dom again. This is because the version range is not fixed. If you commit the pnpm-lock.yaml file, pnpm will install the same version of react and react-dom every time you run pnpm install.

under the hood

pnpm, much like maven, use hard link (and soft link).

Most single files are stored in the ~/.pnpm-store folder, based on hash of each file. Then when install, they are hard linked to the target project store.

Inside the node_modules folder, dependencies are soft linked.

tip

Consider this situation, when you delete the node_module folder to bin, and clean the bin, what is lost? Nothing is lost. inodes has referance count, files are not to be removed before reference is zero.

For typical linux systems, the process of creating hard link creates no new inode.

Creating a soft link creates a new special file.

(see Link)

tip

Some useful commands

pnpm why

pnpm prune

pnpm rebuild node-sass #who is still using node-sass in 2024?

if you read chinese, this is a good article to read: pnpm 是凭什么对 npm 和 yarn 降维打击的

首先介绍下 link,也就是软硬连接,这是操作系统提供的机制,硬连接就是同一个文件的不同引用,而软链接是新建一个文件,文件内容指向另一个路径。当然,这俩链接使用起来是差不多的。

所有的依赖都在这里铺平了,都是从全局 store 硬连接过来的,然后包和包之间的依赖关系是通过软链接组织的。

也就是说,所有的依赖都是从全局 store 硬连接到了 node_modules/.pnpm 下,然后之间通过软链接来相互依赖。