Data

Tools

Indexes

Applications

Experiments

Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 0.4% on npmjs.org
Top 0.1% downloads on npmjs.org
Top 0.1% dependent packages on npmjs.org
Top 0.4% dependent repos on npmjs.org
Top 1.3% forks on npmjs.org
Top 0.1% docker downloads on npmjs.org

npmjs.org : pnpm

Fast, disk space efficient package manager

Registry - Source - Homepage - JSON
purl: pkg:npm/pnpm
Keywords: pnpm , pnpm10 , dependencies , dependency manager , efficient , fast , hardlinks , install , installer , link , lockfile , modules , monorepo , multi-package , npm , package manager , package.json , packages , prune , rapid , remove , shrinkwrap , symlinks , uninstall , workspace , dependency-manager , javascript , node , nodejs , package-manager
License: MIT
Latest release: 3 days ago
First release: over 4 years ago
Dependent packages: 1,314
Dependent repositories: 2,954
Downloads: 89,932,827 last month
Stars: 29,607 on GitHub
Forks: 1,008 on GitHub
Docker dependents: 950
Docker downloads: 327,961,745
Total Commits: 8792
Committers: 273
Average commits per author: 32.205
Development Distribution Score (DDS): 0.47
More commit stats: commits.ecosyste.ms
See more repository details: repos.ecosyste.ms
Funding links: https://opencollective.com/pnpm, https://github.com/sponsors/pnpm, https://pnpm.io/crypto-donations
Last synced: 3 days ago

Moderate
GSA_kwCzR0hTQS04Y2M0LXJmajYtZmhnNM4ABHG-
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
Ecosystems: npm
Packages: pnpm
Source: github
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS12bTMyLTlycWYtcmgzcs4ABCQL
pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion
Ecosystems: npm
Packages: pnpm
Source: github
Published: 5 months ago
High
GSA_kwCzR0hTQS05bTg3LTZmajMtYzV4aM01Lg
Untrusted Search Path in PNPM
Ecosystems: npm
Packages: pnpm
Source: github
Published: about 3 years ago
High
GSA_kwCzR0hTQS01cjk4LWYzM2otZzhoN84AA0-_
pnpm incorrectly parses tar archives relative to specification
Ecosystems: npm
Packages: @pnpm/win-x64, @pnpm/macos-x64, @pnpm/macos-arm64, @pnpm/linuxstatic-arm64, @pnpm/linux-x64, @pnpm/linux-arm64, @pnpm/exe, pnpm, @pnpm/cafs
Source: github
Published: over 1 year ago