We announced at ViteConf that our WebContainers now support pnpm. It was a major achievement in our commitment to support the Vite ecosystem as man...
For further actions, you may consider blocking this person and/or reporting abuse
Very interesting, thanks!
How does pnpm manages cleanup though? With npm, you delete the project folder, and node_modules disappear. Is pnpm able to detect some deps in the cache are now dangling and useless?
If not, does it mean cleanup requires deleting the pnpm folder, and re-run pnpm install on all projects? (which no one will do and thus the pnpm folder may grow indefinitely?)
Thank you for your questions, @derlin!
Yes, the pnpm cache grows indefinitely basically but there is usually a lot of overlap of dependencies between projects. Pruning the store every once in a while is a good idea. You can do it via
pnpm store prune, which removes unreferenced packages that are not used by any project.great question, I use pnpm daily and I see it has
pnpm prunecommand, but I never tested it. If it works as same asdocker volume prune, it's exactly what we need.Unfortunately, even the document:
It doesn't seems easy to understand how it actually works.
May Sylwia help us to clarify?
Thank you, @ndaidong! I think we posted at the same time - yes, you're right about
pnpm prune!Thank you for your questions, @derlin!
Yes, the pnpm cache grows indefinitely basically but there is usually a lot of overlap of dependencies between projects. Pruning the store every once in a while is a good idea. You can do it via
pnpm store prune, which removes unreferenced packages that are not used by any project.You're rock! We need
pnpm store prune. Just cleaned :)This really open my eyes about pnpm.
Ive been only using npm, and not looking at others as i felt it unnecessary. But its tempting to test out and try using pnpm because why not right? hahaha
Would definitely try it! Thanks @sylwiavargas!
Ah thank you for sharing this! I'm happy this post brought some clarity and curiosity 💕
Insightful and a great alternative 👍✨
Thank you!
PNPM not secure
Could you say more about that ?
IT companies of Belarus and Russia encountered problems in the work, to be exact one of the authors has sewn the code that does not allow to run CLI from the territory of these countries, such childishness neither the authors of NPM, nor the authors of Yarn do not do.
So the use of PNPM is a potential problem for any of the countries if the author of the bibliography, you regular business didn't like something, lol.
Would you provide links where this is documented?
I've set my VPN to Belarus and I'm able to run it.
This is PNPM website from Belarus IP address
Ok I see, I think he is mentioning the pnpm decision on twitter : https://twitter.com/pnpmjs/status/1498306992577957890?s=46&t=0bwOqnztoi2cUIkmGvGBow
Yes, I see that on my end as well. Given that the author of pnpm is from Ukraine and still in Ukraine, I don’t find this surprising.
(EDIT: I see that he was also open about this decision so nothing sneaky there)
However, you were talking about CLI - could you provide links?
Blocking a website based on the location is not a security threat, especially if the website and docs are open sourced and accessible on GitHub.
What I mean is that CLI commands just don't work from specific IP addresses, that is, if your servers are located in 4 countries, there is a risk for your business that your batch manager will stop working at some point because of a free decision of the library's author, which in serious projects is not acceptable.
If you want to reproduce the problem, the ideal solution would be a server in Belarus. Try to install PNPM, and install some package.
I hear you and what you’re saying is not overlapping with the experience of my friend in Belarus nor with my experience on VPN. Would you provide links to where this issue is documented?
You also mentioned this as “childishness” and “serious project” but this is a common practice in tech - whether it’s good or bad, that’s a subject for opening a discussion. To give you an example, GitHub blocked Devs from Iran, Syria, and Crimea two years ago and here’s a whole list of serious business blocking Iran. Here’s a Wikipedia entry on GitHub’s track record in this field. It is a common practice by the protect authors or whole businesses.
A discussion about political decisions of a project or a business and its merits is one thing. You’re throwing an accusation without documentation. I’m not saying that what you’re saying is not true but so far I haven’t managed to see evidence of that and you’ve avoided providing me with one, even if it’s a link to an issue or a tweet which engaged Zoltan. Moreover, Zoltan was asked if the CLI will be affected:
to which he responded:
I understand that a decision like this is bound to trigger responses and emotions - and it’s fair to express them.
As Sylwia already stated, only the website with the docs is blocked. The CLI works. Also, the standalone install script doesn't work because it is a script from the website. Other install methods work, like
corepack enableandnpm i -g pnpm.However, if companies in Russia and Belarus decide not to use pnpm, my goal is achieved. I don't want my work to help such companies and people. I live in Ukraine, my life is in constant danger because of Russia and Belarus.
So, if you don't need the 3x speed increase for the dependencies installation and don't want to reduce some disc space consumption then you can continue to be happy with npm 🤷♂️
There is a feature parity between pnpm and npm, but the later wins because it is shipped with Node and it has much broader adoption. I think that all the innovation from the pnpm eventually will come to the npm, it is just a matter of time.
Yes! It's always good continue to be happy with whatever makes you happy 🙂
I appreciate your optimism about npm roadmap - let's hope it will be that way.