pnpm support

[AlexWayfer]

Hello.

It'd be nice to see pnpm support (pnpm-lock.yaml lock file).

[sozonome]

Would love and appreciate it if depfu can cupport pnpm soon.

[bigint]

Yes waiting for pnpm support too!

[pepicrft]

Same here. Support for pnpm would be awesome

[prabhuignoto]

+1 can we have the support for pnpm

[grug]

Would also love pnpm support!

[mgcrea]

Any chance we could have some kind of official comment on this? Like is it planned or in progress? Or is there specific issues blocking this? Thanks!

pnpm is currently rapidly gaining steam: https://npmtrends.com/pnpm-vs-yarn

[AlexWayfer]

Any chance we could have some kind of official comment on this?

I've got some kind of, from the co-founder of Depfu, in Twitter: https://twitter.com/halfbyte/status/1481634108203798529?s=20

It was rude at the beginning, then we got an understanding.

BTW, what I've got, it's "pay us more to implement such features".

[airhorns]

We're a depfu paying customer and were migrating to pnpm, which means we can't use depfu anymore :( would be great to keep using the product but its not key enough to stop us migrating for all the other benefits

[airhorns]

pay us more to implement such features

I feel like he said "pay us anything" to implement such features, that seems fair to me. We're paying though!

[halfbyte]

Hey everyone. It's me, the guy with the twitter thread. :)

When I wrote that twitter thread, the reality was that the only people we had requests for pnpm for were people using free tiers. This has changed. Not only that, we recently got a lot more requests in general to implement pnpm.

We're currently in the summer vacation season and so there currently isn't much progress, but I think I can safely say that by the end of the summer we should have something for you to test. We're not sure yet what exactly we'll be able to provide with that first release but I hope some of you in this thread will be willing to beta test.

We usually don't do prior announcements and all, but obviously it also doesn't make sense to leave this GitHub issue in a state where it looks like we don't care at all. We are a very small team with a very limited time budget on our hands and prioritising is always a massive challenge and not always entirely in our hands.

Thanks to all of your for your patience, for caring enough about our product to open up these issues and for your understanding.

[AlexWayfer]

@halfbyte thanks! Nice news. All the best to your team. It's difficult to compete with large companies, but I hope you'll grow, because you have a qualitative product.

[halfbyte]

@AlexWayfer and others, I have a couple of questions:

• Would you expect us to support older versions of pnpm for repos with lockfiles using older lockfile versions? The lockfiles have drastically changed for V8 of pnpm and pnpm automatically upgrades when you run a neweer version against an old lockfile. (This would require us to detect the correct pnpm version from the lockfile version and also have multiple pnpm versions available which is a bit of a hassle)
• If so, what do you think would be the set of versions we would need to support? Just 7 and 8? Or even older versions?
• Latest versions of 8.x added the settings block - Would it be okay to just introduce that to files where it is absent with the default values or would you expect us to keep this as close to the original (pre-update) as possible?

I'm currently testing a very early version of pnpm support for Depfu and I'm running into all of these issues, so I thought you should probably know best.

Also, if you could maybe point me to a couple of bigger open source repos we could use for testing (bigger = larger sets of dependencies, not necessarily code), that would be awesome.

[AlexWayfer]

• Would you expect us to support older versions of pnpm for repos with lockfiles using older lockfile versions? The lockfiles have drastically changed for V8 of pnpm and pnpm automatically upgrades when you run a neweer version against an old lockfile. (This would require us to detect the correct pnpm version from the lockfile version and also have multiple pnpm versions available which is a bit of a hassle)

Right now, at the current moment, I don't care about old pnpm versions. But yes: there can be a new ones with new lock file versions. I believe we should support such migration, or at least notify users to do this manually.

I think I've faced similar issues with package-lock.json file (npm's default) and Depfu, when local npm install returned different result from PR's changes.

• If so, what do you think would be the set of versions we would need to support? Just 7 and 8? Or even older versions?

Again: I'm only for the current and newer versions. I don't care about old versions (maybe someone does), but we must have such mechanism.

• Latest versions of 8.x added the settings block - Would it be okay to just introduce that to files where it is absent with the default values or would you expect us to keep this as close to the original (pre-update) as possible?

I don't know about this block, didn't use it, and unable to answer the question. Even with choice between "default values" and "keep it close to the original" I'm confused.

Also, if you could maybe point me to a couple of bigger open source repos we could use for testing (bigger = larger sets of dependencies, not necessarily code), that would be awesome.

I don't know a lot of repos, can link somes:

• https://github.com/AlexWayfer/stream_timer
• https://github.com/getsentry/sentry (there is Yarn, not sure, can you "test" the project with pnpm)
• https://gitlab.com/gitlab-org/gitlab (there is Yarn too)
• https://github.com/badges/shields (there is NPM)

[kevinwolfcr]

@halfbyte: I am currently not a Depfu user, but I have been comparing various solutions to suggest to my company. We just spent a whole sprint upgrading dependencies, so something like Depfu would be helpful. However, what is currently stopping me from using it is the lack of support for PNPM 😢 .

Also, if you could maybe point me to a couple of bigger open source repos we could use for testing (bigger = larger sets of dependencies, not necessarily code), that would be awesome.

A good example of a big project using PNPM is https://github.com/vitejs/vite.

[alfaproject]

Another big project using pnpm: https://github.com/nrwl/nx

[sozonome]

Also, if you could maybe point me to a couple of bigger open source repos we could use for testing (bigger = larger sets of dependencies, not necessarily code), that would be awesome.

Projects using pnpm:

• https://github.com/kamranahmedse/developer-roadmap
• https://github.com/vercel/next.js
• https://github.com/nuxt/nuxt
• https://github.com/withastro/astro
• https://github.com/shadcn-ui/ui
• https://github.com/trpc/trpc
• https://github.com/chakra-ui/chakra-ui/

[halfbyte]

Hey everyone. We had to solve a couple of hairy problems with pnpm (more on that probably in a blog post) but we have this now available for you to test. It is very much in beta and I totally expect you to run into issues for specific cases.

Thanks for your suggestions of projects, some of these actually helped uncovering some issues or cases we haven't thought about.

[alfaproject]

We are now going to move from Yarn to pnpm due to popular internal demand in our organization. I guess I will let you know how it goes but if you have any tips, so we avoid any pitfall with depfu, please let me know

[alfaproject]

Alright, so we finished the migration, and now we get this message:

No dependency files found This probably means that this repo is not yet supported by Depfu. Currently, we can handle Ruby and JavaScript.

We do support monorepos and non-root files, but only added auto-detection recently. Click the + Add link to see if we can find the subfolder you're trying to set up.

Project #20784 for example

[alfaproject]

Never mind, it seems you need to add a new project for each repository for Pnpm and then delete the Yarn one