Change8

pnpm

Dev Tools

Fast, disk space efficient package manager

Latest: v12.0.0-alpha.10100 releases38 breaking changes3 common errorsView on GitHub

Release History

v12.0.0-alpha.10
22h ago
v11.13.0
22h ago
v12.0.0-alpha.9
Jul 12, 2026
v12.0.0-alpha.8
Jul 11, 2026
v11.12.0
Jul 11, 2026
v10.34.5
Jul 10, 2026
v11.11.0
Jul 9, 2026
v11.10.0Breaking12 fixes5 features
Jul 4, 2026

This release introduces a robust, structured configuration method for registry authentication via environment variables and global config, fixes several bugs related to package updates and global package management, and improves compatibility with the new Rust-based pnpm executable.

v11.9.014 fixes6 features
Jun 23, 2026

This release introduces improved integrity verification for on-demand registry tarballs and enhances `pnpm audit` performance, especially for graphs with cycles. Several bug fixes address lockfile churn, Windows path length issues in `dlx`, and configuration handling in workspace settings.

v10.34.44 fixes
Jun 18, 2026

This patch release focuses heavily on security, validating configuration dependency names and versions, rejecting malicious lockfile aliases, and hardening warnings related to environment variables in configuration.

v11.8.011 fixes4 features
Jun 18, 2026

This release introduces a `--dry-run` option for `pnpm install`, enhances SBOM generation capabilities, and fixes several security and stability issues, including improved handling of lockfile integrity and macOS binary quarantine attributes.

v11.7.010 fixes3 features
Jun 15, 2026

This release introduces significant features for read-only store installations via `--frozen-store` and optional end-to-end dependency resolution delegation to `pacquet`. Numerous bug fixes address security issues related to lockfile aliases, publishing SSL, and deterministic resolution ordering.

v11.6.0Breaking3 fixes2 features
Jun 11, 2026

This release introduces a critical security fix preventing environment variable leakage from project `.npmrc` files, requiring users to move sensitive configuration to trusted sources. It also enhances installation speed when lockfiles are missing and adds new ways to configure registry settings via environment variables.

v10.34.3Breaking2 fixes
Jun 11, 2026

This release addresses a critical security vulnerability by preventing environment variables from being expanded in repository-controlled `.npmrc` files for sensitive configuration, requiring users to move tokens to trusted configuration sources. A bypass allowing repository config to override trusted file locations was also patched.

v10.34.2Breaking2 fixes3 features
Jun 10, 2026

This patch significantly enhances security by enforcing trust boundaries for package manager bootstrapping and environment variable expansion in configuration. It also introduces cryptographic verification for downloaded pnpm binaries and Node.js release hashes.

v11.5.3Breaking10 fixes2 features
Jun 10, 2026

This patch release introduces significant security enhancements by verifying signatures for package manager binaries and downloaded Node.js runtimes, alongside fixes for configuration expansion, lockfile generation, and CLI flag parsing.

v11.5.24 fixes
Jun 5, 2026

This patch release improves lockfile regeneration stability by reusing peer contexts and enhances security by verifying tarball URLs against registry metadata. It also fixes several critical bugs related to concurrent installs, global virtual store builds, and version cataloging.

v11.5.17 fixes
Jun 2, 2026

This patch release improves performance for pnpm audit, fixes several critical bugs related to lockfile integrity preservation and peer dependency resolution, and ensures correct behavior during package publishing.

v11.5.06 fixes2 features
May 29, 2026

This release introduces configuration for hoisting limits in hoisted mode and replaces the interactive prompt library, fixing scrolling issues across several commands. Several critical bugs related to peer resolution deadlocks, 2FA handling for dist-tags, and lockfile integrity for remote dependencies have also been resolved.

v10.34.1Breaking
May 27, 2026

This patch introduces a critical security fix by enforcing the presence of the `integrity` field in remote tarball resolutions within `pnpm-lock.yaml`, failing builds if it is missing to prevent package tampering.

v10.34.0Breaking5 fixes1 feature
May 27, 2026

This release hardens security by defaulting integrity mismatches to failures and introduces an opt-in flag to update checksums. Several security vulnerabilities related to git resolutions, patch files, and dependency aliases were also fixed.

v11.4.0Breaking10 fixes2 features
May 27, 2026

This release significantly hardens security by enforcing tarball integrity checks by default and preventing credential leakage across registries. It also fixes several vulnerabilities related to malicious lockfile entries and patch files.

v11.3.04 fixes7 features
May 24, 2026

This release introduces several new native commands like `pnpm stage`, `pnpm pkg`, and `pnpm repo`, alongside a new `trustLockfile` setting to optimize supply-chain verification performance. Several critical bugs related to dependency resolution non-determinism and dependency addition regressions have also been fixed.

v11.2.21 fix2 features
May 21, 2026

This release introduces experimental support for delegating the installation materialization phase to the Rust-based pacquet engine when configured. It also improves flag forwarding to pacquet during installation and fixes an issue with outdated lockfile checks when using pacquet.

v11.2.13 fixes2 features
May 20, 2026

This release introduces an experimental opt-in preview of the Rust install engine (@pnpm/pacquet) for dependency materialization. It also includes several bug fixes related to lockfile consistency and registry resolution for npm aliases.

v11.2.07 fixes4 features
May 20, 2026

This release introduces an experimental opt-in preview of the Rust install engine via @pnpm/pacquet and enhances support for platform-specific dependencies within configuration dependencies. Several critical bugs related to configuration loading, login commands, and lockfile pruning stability have also been resolved.

v11.1.33 fixes7 features
May 18, 2026

This patch significantly enhances lockfile verification against age and trust policies during installation, introduces strict/loose modes for handling immature dependency versions, and corrects cache hashing to align with the actual script execution environment.

v11.1.26 fixes
May 14, 2026

This patch release addresses several bugs related to metadata handling, upgrade commands, and lockfile resolution, including stripping problematic HTTP headers for better compatibility with Azure DevOps Artifacts.

v11.1.13 fixes
May 12, 2026

This patch release focuses on fixing spurious warnings during dependency status checks and resolving issues with package resolution involving named registries and Windows shell execution via cmd-shim.

v11.1.05 fixes6 features
May 11, 2026

This major release introduces significant features like registry signature verification, enhanced named registry support (including GitHub Packages), and new commands like `pnpm bugs` and `pnpm owner`. It also fixes several bugs related to global installs, proxy usage during publishing, and CLI version reporting.

v11.0.96 fixes
May 9, 2026

This patch addresses several critical bugs, including fixes for GitLab dependency installation, correct handling of semver build metadata during publishing, and restoring compatibility with custom npm configuration paths in CI environments. It also improves the Node.js version check error message.

v11.0.82 fixes
May 7, 2026

This patch restores critical tarball URL preservation logic to fix fetch errors on certain registries and resolves issues related to compressed tarball size validation during installation.

v11.0.77 fixes3 features
May 6, 2026

This patch release fixes critical issues related to execute permissions on Windows binaries, restores expected JSON output for `pnpm publish`, and enhances configuration flexibility by allowing global user preferences. It also improves lockfile security by pinning git dependency integrity.

v10.33.41 fix1 feature
May 6, 2026

This patch enhances security by pinning the integrity of git-hosted tarballs in the lockfile and fixes a bug where the workspace root was incorrectly included when using negative recursive filters.

v11.0.69 fixes1 feature
May 5, 2026

This patch release improves configuration loading robustness by correctly handling environment variables and fixes several issues related to workspace file ordering, self-updates on v10 installations, and configuration validation errors.

v10.33.32 fixes
May 4, 2026

This patch addresses a critical self-update issue for Intel macOS users by switching to a JS-only binary when upgrading from v10, and prevents accidental downgrades during standard self-updates.

v11.0.5Breaking5 fixes2 features
May 4, 2026

This patch addresses critical issues related to Intel Mac binary stability, fixes global listing commands to output valid JSON/parseable formats, and improves build approval handling in `pnpm dlx`.

v11.0.42 fixes
May 2, 2026

This patch fixes an issue where `pnpm ci` failed to reinstall workspace dependencies after cleaning, and adjusts the behavior of `pnpm self-update` regarding downgrades. Additionally, the default for `minimumReleaseAgeStrict` is now true when `minimumReleaseAge` is configured.

v11.0.32 fixes
Apr 30, 2026

This patch release addresses two specific bugs: one related to file handle limits on Windows and another concerning fetching dependencies with file: tarballs in the lockfile.

v11.0.24 fixes
Apr 30, 2026

This patch release addresses several bugs, including fixing an ENOENT symlink failure on Windows during global installs and ensuring package manager version checks remain accurate when using corepack. It also improves handling of publish summaries and platform filtering.

v11.0.14 fixes2 features
Apr 29, 2026

This patch release improves error handling for workspace manifests, updates SBOM generation for git dependencies, and refines how `pnpm self-update` manages version fields in package.json.

v11.0.0Breaking13 features
Apr 28, 2026

This major release upgrades pnpm to pure ESM, requires Node.js 22+, and introduces significant security enhancements like default supply-chain protection and a new SQLite-backed store index for performance gains. Configuration handling has also been streamlined, restricting `.npmrc` usage and replacing old build dependency settings.

v10.33.22 fixes
Apr 23, 2026

This patch release fixes critical bugs related to globally installed binaries failing under specific conditions and resolves an infinite fork-bomb scenario involving conflicting pnpm version specifications in projects.

v10.33.11 fix
Apr 22, 2026

This patch fixes an issue where certain npm-like commands were incorrectly delegated to npm instead of the native pnpm implementation when using pnpm v11 or newer.

v11.0.0-rc.53 fixes
Apr 21, 2026

This patch addresses critical startup crashes in the `@pnpm/exe` SEA executable when running on Node.js v25.7+ by fixing SEA blob serialization mismatches and updating the CJS entry shim loading mechanism.

v11.0.0-rc.42 fixes2 features
Apr 21, 2026

This release significantly speeds up Node.js runtime installations by excluding bundled tools like npm and npx, and introduces the flexible `--runtime` flag for packaging apps. It also restores compatibility for older `pnpm self-update` versions by reverting a recent package name change.

v11.0.0-rc.3Breaking7 fixes5 features
Apr 20, 2026

This release introduces the `pnpm pack-app` command for creating standalone executables and significantly enhances `pnpm version` to better align with npm's CLI behavior. It also refines security auditing, dependency resolution for git sources, and updates internal platform naming conventions.

v11.0.0-rc.2Breaking1 fix5 features
Apr 17, 2026

This release removes several legacy configuration settings in favor of the unified `pmOnFail` setting and introduces the powerful `pnpm with` command for running specific pnpm versions. New native commands for managing package manager stars were also implemented.

v11.0.0-rc.1Breaking1 fix3 features
Apr 15, 2026

This release updates `pnpm audit` to use the modern registry bulk endpoint, replacing CVE filtering with GHSA filtering, and introduces several new native CLI commands like `pnpm docs`, `pnpm ping`, and `pnpm search`.

v11.0.0-rc.0Breaking2 fixes11 features
Apr 10, 2026

This major release enforces Node.js 22+ compatibility, transitions pnpm to pure ESM, and significantly enhances security by enabling supply-chain protection defaults. It also overhauls configuration handling, moving most settings out of .npmrc, and introduces a new SQLite-backed store index for faster installations.

v11.0.0-beta.8Breaking1 fix13 features
Apr 8, 2026

This release introduces major architectural changes, including migrating the package index store to SQLite and isolating global package installations for better stability. Configuration handling has been significantly updated, moving most settings away from .npmrc files to pnpm-workspace.yaml and standardizing CLI output formats.

v11.0.0-beta.7Breaking1 fix21 features
Apr 5, 2026

This release introduces major architectural changes focused on performance and security, including migrating the store index to SQLite, isolating global packages, and hardening configuration loading by deprecating reliance on `.npmrc` for non-auth settings. CLI output has also been cleaned up.

v11.0.0-beta.6Breaking3 fixes12 features
Mar 30, 2026

This release introduces significant performance improvements via a new SQLite-backed store index and isolated global package installations. It also cleans up CLI output, updates configuration handling (especially around build dependencies and workspace configs), and drops support for older Node.js versions.

v11.0.0-beta.5Breaking3 fixes9 features
Mar 29, 2026

This release introduces major architectural changes, including migrating the content-addressable store index to SQLite (Store v11) and isolating global package installations for better stability. Configuration handling has been significantly overhauled, moving project-specific settings from `.npmrc` to `pnpm-workspace.yaml` and changing CLI output formats.

v11.0.0-beta.4Breaking9 features
Mar 29, 2026

This release introduces significant internal changes, including a new SQLite-based store index format (Store v11) and isolated global package installations for better stability. Configuration handling has been overhauled, moving away from rc files and standardizing CLI output formats to

v11.0.0-beta.3Breaking11 features
Mar 26, 2026

This major release introduces significant architectural changes to the content-addressable store using SQLite and optimizes metadata storage, alongside isolating global package installations for better stability. Configuration handling has been overhauled, moving away from rc files and project-specific .npmrcs in favor of centralized workspace configuration.

v10.33.010 fixes1 feature
Mar 24, 2026

This release introduces the `dedupePeers` setting to significantly reduce peer dependency duplication and includes numerous fixes for concurrent operations, Windows command execution, and lockfile handling.

v11.0.0-beta.2Breaking14 features
Mar 21, 2026

This major release introduces significant architectural changes to the content-addressable store using SQLite and optimizes metadata storage, alongside isolating global package installations for better stability. Many deprecated configuration options and commands have been removed, and pnpm is now pure ESM.

v11.0.0-beta.1Breaking13 features
Mar 21, 2026

This major release introduces significant architectural changes to the content-addressable store using SQLite and optimizes metadata storage, while isolating global package installations for better stability. Configuration handling has been overhauled, moving project-specific settings out of `.npmrc` and standardizing CLI output formats.

v11.0.0-beta.0Breaking1 fix20 features
Mar 19, 2026

This major release introduces significant performance improvements via a new SQLite-backed content-addressable store index and isolates global package installations. Configuration handling has been overhauled, moving project-specific settings from `.npmrc` to `pnpm-workspace.yaml` and standardizing CLI output formats.

v11.0.0-alpha.16Breaking11 features
Mar 15, 2026

This release introduces major architectural changes to the pnpm store, moving to SQLite for metadata indexing and isolating global package installations for better stability. Configuration commands and build dependency handling have also been significantly overhauled, and support for older Node.js versions has been dropped.

v11.0.0-alpha.15Breaking20 features
Mar 15, 2026

This release introduces major architectural changes to the pnpm store, moving to SQLite for indexing and isolating global packages for better stability. Configuration handling has been significantly overhauled, moving away from rc files and standardizing output formats.

v10.32.11 fix
Mar 11, 2026

This patch release fixes a regression related to how pnpm handles `pnpm-workspace.yaml` files that omit the `packages` field, ensuring configuration-only files do not incorrectly define workspace roots.

v11.0.0-alpha.14Breaking15 features
Mar 11, 2026

This release introduces major architectural changes to the content-addressable store using SQLite and optimizes metadata storage, alongside isolating global package installations for better stability. Configuration handling has been significantly overhauled, moving settings out of rc files and standardizing output formats.

v10.32.02 fixes1 feature
Mar 9, 2026

This release introduces the --all flag for approving builds non-interactively and reverts two recent changes that caused regressions, including one related to npm config file path setting and another concerning lockfile-include-tarball-url.

v10.31.011 fixes3 features
Mar 7, 2026

This patch release improves configuration preservation in pnpm-workspace.yaml, fixes several critical bugs related to linking, race conditions during store imports, and patch operations, and adds a short alias for the --filter option.

v11.0.0-alpha.13Breaking14 features
Mar 7, 2026

This release introduces major architectural changes to the pnpm store, moving to SQLite for metadata indexing and isolating global package installations for improved stability. Configuration handling has been significantly overhauled, favoring JSON output and consolidating workspace settings into `pnpm-workspace.yaml`.

v11.0.0-alpha.12Breaking1 fix12 features
Mar 1, 2026

This release introduces major architectural changes focused on performance and isolation, including switching internal store formats to MessagePack, isolating global packages, and updating configuration handling. Several deprecated features and configuration options related to build dependencies and linking have been removed.

v10.30.31 fix
Feb 26, 2026

This patch release fixes an issue where version switching failed when pnpm was installed as a standalone executable without a system Node.js environment.

v11.0.0-alpha.11Breaking3 fixes17 features
Feb 24, 2026

This release introduces major performance improvements across the store by switching to MessagePack and optimizing index formats, alongside significant changes to configuration loading, moving away from INI/rc files towards YAML for pnpm-specific settings. Many deprecated configuration options and commands have been removed, and the package is now pure ESM.

v10.30.22 fixes
Feb 23, 2026

This patch release fixes an issue where auto-installed peer dependencies ignored overrides and resolves an input line length error on Windows when using the global virtual store. It also includes a dependency update to patch a moderate vulnerability.

v11.0.0-alpha.10Breaking2 fixes16 features
Feb 23, 2026

This release introduces major performance improvements by switching internal store formats to MessagePack and optimizing index storage. Configuration handling has been significantly overhauled, moving away from rc files and standardizing on YAML for pnpm-specific settings, alongside dropping support for older Node.js versions.

v10.30.11 fix
Feb 20, 2026

This patch release updates the primary endpoint used for fetching security audits to improve reliability.

v10.30.01 fix1 feature
Feb 17, 2026

This release updates pnpm why to display a reverse dependency tree for better readability and reverts a dependency pruning change in pnpm why to ensure correctness. Performance for pnpm why and pnpm list in large workspaces has also been improved.

v11.0.0-alpha.5Breaking2 fixes12 features
Feb 17, 2026

This major release introduces significant performance improvements by switching internal store formats to MessagePack and optimizing index storage. It also brings substantial changes to configuration handling, replacing INI formats with JSON for config commands and standardizing workspace configuration via `pnpm-workspace.yaml`.

v11.0.0-alpha.4Breaking3 fixes21 features
Feb 17, 2026

This major release introduces significant performance improvements by switching internal store formats to MessagePack and optimizing index storage. Configuration handling has been overhauled, moving project-specific settings out of .npmrc files into pnpm-workspace.yaml and changing CLI output formats.

v10.29.34 fixes
Feb 11, 2026

This patch release resolves several bugs, including an out-of-memory error in dependency listing commands and issues with configuration settings in `.pnpmfile.cjs` and `pnpm dlx`. Additionally, `pnpm deploy` behavior is corrected regarding the global virtual store setting.

v10.29.21 fix
Feb 9, 2026

This patch release reverts a previous fix (from v10.29.1) that was causing issues, restoring functionality for 'pnpm run -r' when an empty workspace file is present.

v10.29.110 fixes3 features
Feb 7, 2026

This release introduces support for the `catalog:` protocol in `pnpx` and allows configuring `auditLevel` in `pnpm-workspace.yaml`. Numerous bug fixes address issues related to JSON output, store path resolution, audit command behavior, and dependency handling.

v10.29.010 fixes3 features
Feb 7, 2026

This release introduces support for the `catalog:` protocol in `pnpx` and allows configuring `auditLevel` in `pnpm-workspace.yaml`. Numerous bugs were fixed, including issues related to JSON output, store path resolution, audit command behavior, and dependency hoisting configuration.

v10.28.23 fixes
Jan 26, 2026

This patch release focuses on security improvements by preventing path traversal in `directories.bin` and securing symlink handling for local dependencies. It also fixes an issue related to optional dependency metadata fetching for platform checks.

v10.28.17 fixes2 features
Jan 19, 2026

This patch release focuses heavily on security by fixing multiple path traversal vulnerabilities in ZIP and binary fetching, and improves dependency resolution by supporting plain HTTP/HTTPS git URLs. It also adjusts the exit code behavior for filtered script execution.

v11.0.0-alpha.3Breaking1 fix8 features
Jan 13, 2026

This release introduces significant configuration restructuring, replacing project-specific .npmrc files with packageConfigs in pnpm-workspace.yaml and restricting configuration loading from rc files. It also updates default behaviors, removes deprecated build dependency settings, and shifts the runtime environment to a bundled Node.js version.

v10.28.0
Jan 9, 2026
v10.27.0Breaking5 fixes4 features
Dec 30, 2025

This release adds trust‑policy ignore options, project registry and mark‑and‑sweep pruning for the global virtual store, and includes several bug fixes, with a semi‑breaking change to unscoped package storage layout.

v10.26.22 fixes4 features
Dec 23, 2025

This patch release improves error messages, fixes Git annotated‑tag handling, writes runtime binaries earlier in the install lifecycle, and reduces network calls when `preferOffline` is used.

v10.26.12 fixes
Dec 19, 2025

Patch release fixing pnpm add behavior with blockExoticSubdeps and improving git reference resolution to full commits.

v11.0.0-alpha.2Breaking11 features
Dec 15, 2025

pnpm 9.x introduces pure ESM packaging, a bundled Node runtime, JSON‑based config output, camelCase keys, and V8‑binary store, while dropping Node 18/19 support and changing several CLI behaviours.

v10.26.0Breaking3 fixes7 features
Dec 15, 2025

This release adds supply‑chain security features like `blockExoticSubdeps` and integrity hashing, introduces the unified `allowBuilds` config, and brings several usability improvements such as `--dry‑run` for `pack` and better deprecation displays.

v10.25.04 fixes2 features
Dec 8, 2025

This release adds certificate loading via `cert`, `ca`, and `key` fields and a `--bare` flag for `pnpm init`, plus several bug fixes around script reporting, build handling, forced publishing, and trust‑policy time errors.

v10.24.05 fixes1 feature
Nov 27, 2025

This release adds automatic network concurrency scaling for high‑core systems and includes several bug fixes around trust policies, file linking, self‑update behavior, package detection, and auth token handling.

v10.23.0Breaking4 fixes2 features
Nov 20, 2025

This release adds a new `--lockfile-only` flag to `pnpm list`, improves self‑update handling, displays npm protocols for aliased packages, and includes several bug fixes and stricter trust‑policy enforcement.

v11.0.0-alpha.0Breaking1 fix11 features
Nov 13, 2025

pnpm 9 introduces pure ESM, JSON‑based config output, V8‑serialized store files, and drops Node.js v18/v19 support, requiring migration of config files, imports, and runtime versions.

v10.22.01 fix2 features
Nov 12, 2025

This release introduces `trustPolicyExclude` and `publishConfig.engines` support, and fixes a hardlinking crash.

v10.21.03 fixes3 features
Nov 9, 2025

This release adds automatic Node.js runtime installation for dependencies, introduces a new \"trustPolicy\" setting, and adds a command to retrieve the global config path, while fixing several bugs around update behavior, hardlinking, and workspace configuration.

v10.20.03 fixes1 feature
Oct 28, 2025

This release adds the `--all` option to `pnpm --help` and includes several bug fixes related to version selection, the `create` command, and package manager version handling.

v10.19.02 features
Oct 21, 2025

This release introduces version‑specific controls for postinstall scripts and release‑age exclusions, enhancing security and flexibility in dependency management.

v10.18.39 fixes
Oct 14, 2025

This patch release fixes several bugs related to configuration handling, publishing, bin linking, and workspace behavior, improving the stability of pnpm commands.

v10.18.25 fixes
Oct 9, 2025

This patch release fixes several command issues, reduces the CLI bundle size by swapping ndjson for split2, and improves metadata handling for pnpm dlx.

v10.18.12 fixes1 feature
Oct 6, 2025

This patch release silences an unnecessary warning for `--lockfile-only`, adds a Windows shim for `pnpm setup` to support self‑updates, and corrects catalog warning behavior.

Common Errors

Related Dev Tools Packages

Subscribe to Updates

Get notified when new versions are released

RSS Feed