Skip to content

chore(infra): switch to pnpm 11#28

Draft
Corey-T1000 wants to merge 1 commit into
mainfrom
chore/pnpm-migration
Draft

chore(infra): switch to pnpm 11#28
Corey-T1000 wants to merge 1 commit into
mainfrom
chore/pnpm-migration

Conversation

@Corey-T1000
Copy link
Copy Markdown
Contributor

@Corey-T1000 Corey-T1000 commented May 19, 2026

Summary

  • Migrates package management from npm to pnpm 11.1.1, matching authzed/web#1508 which adopted pnpm 11 last week
  • Root package.json adds packageManager field, drops npm workspaces array, scripts now use pnpm --filter @authzed/sandworm <task>
  • New pnpm-workspace.yaml declares the sandworm package and approves native-build dependencies (sharp for Next.js Image, unrs-resolver for ESLint tooling)
  • package-lock.json removed, pnpm-lock.yaml added

Why

One package manager per monorepo avoids Corepack / lockfile / CI drift. With web on pnpm and design on npm we'd hit subtle differences (peer-dep resolution, hoisting rules, lockfile semantics) when sharing tooling.

Test plan

  • pnpm install from repo root resolves cleanly (~640 packages)
  • pnpm dev boots Sandworm at http://localhost:3000
  • pnpm build produces a clean production build
  • pnpm lint runs Next.js lint without errors
  • CI (if any) updated to use pnpm instead of npm — flag for reviewer

Notes for reviewer

  • Verified locally: pnpm dev boots in ~3s vs ~6s under npm, page compiles clean, no module-resolution errors
  • Sharp + unrs-resolver builds are explicitly approved in pnpm-workspace.yaml (pnpm 11 requires explicit consent for native postinstalls — security-positive default)
  • Next.js minor version moved from 14.2.23 → 14.2.35 due to fresh resolution of ^14.1.0; verified working

🤖 Generated with Claude Code

@Corey-T1000
chore(infra): switch to pnpm 11
9963b3d 
Migrates package management from npm to pnpm, matching authzed/web which
adopted pnpm 11 last week (authzed/web#1508).

Changes:
- Add `packageManager: "pnpm@11.1.1"` to root package.json
- Replace `workspaces` array with pnpm-workspace.yaml
- Rewrite root scripts to use `pnpm --filter @authzed/sandworm <task>`
  instead of `cd sandworm && npm run <task>`
- Delete package-lock.json, add pnpm-lock.yaml
- Approve native-build packages (sharp, unrs-resolver) used by Next.js
  Image and ESLint tooling

Verified:
- `pnpm install` resolves 640 packages clean
- `pnpm dev` boots in ~3s (vs ~6s under npm)
- Sandworm builds and serves identically

Why now: one package manager per monorepo avoids Corepack / lockfile / CI
drift. Web is on pnpm; aligning design here keeps them coherent.
@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented May 19, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
design-basin Ready Ready Preview, Comment May 19, 2026 5:43pm
design-sandworm Ready Ready Preview, Comment May 19, 2026 5:43pm

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Corey-T1000