build: migrate package management to pnpm and harden installs by tharropoulos · Pull Request #346 · typesense/typesense-js

tharropoulos · 2026-05-12T16:13:03Z

Change Summary

switch the repo from npm to pnpm for local development and ci
add pnpm-lock.yaml, remove package-lock.json, and declare pnpm as the
package manager
update package scripts and developer workflows to use pnpm
update github actions to install dependencies with pnpm install --frozen-lockfile and run build, lint, typecheck, and test with pnpm
use .nvmrc in ci and bump the node version from 22 to 24
update the readme examples and development instructions to use pnpm
remove dangling and unused dependencies from package.json
add pnpm-workspace.yaml safeguards as a security change to reduce supply chain risk
avoid issues from compromised packages and unexpected preinstall / postinstall scripts during dependency installation

tharropoulos requested a review from jasonbosco May 12, 2026 16:13

tharropoulos added 6 commits May 12, 2026 19:20

chore: add flake

854f53d

chore: remove dangling deps

300758f

build: migrate to pnpm

e6f8fa7

build: update node ver to 24

d8272bf

docs(readme): use pnpm instead of npm

9d57344

ci: use pnpm on ci

2297fff

tharropoulos force-pushed the security branch from f761f9d to 2297fff Compare May 12, 2026 16:20