thesethrose/pnpm
.github/skills/pnpm/SKILL.md
Node.js package manager with strict dependency resolution. Use when running pnpm specific commands, configuring workspaces, or managing dependencies with catalogs, patches, or overrides.
testing
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add thesethrose/peptidecalc pnpmInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 11:22 AM44.9s15 files scanned
SKILL.md
- name:
- pnpm
- description:
- Node.js package manager with strict dependency resolution. Use when running pnpm specific commands, configuring workspaces, or managing dependencies with catalogs, patches, or overrides.
- author:
- Anthony Fu
- version:
- 2026.1.28
- source:
- Generated from https://github.com/pnpm/pnpm, scripts located at https://github.com/antfu/skills
pnpm is a fast, disk space efficient package manager. It uses a content-addressable store to deduplicate packages across all projects on a machine, saving significant disk space. pnpm enforces strict dependency resolution by default, preventing phantom dependencies. Configuration should preferably be placed in pnpm-workspace.yaml for pnpm-specific settings.
Important: When working with pnpm projects, agents should check for pnpm-workspace.yaml and .npmrc files to understand workspace structure and configuration. Always use --frozen-lockfile in CI environments.
The skill is based on pnpm 10.x, generated at 2026-01-28.
Core
| Topic | Description | Reference | | ------------- | ------------------------------------------------------------------------ | ------------------------------------------------ | | CLI Commands | Install, add, remove, update, run, exec, dlx, and workspace commands | core-cli | | Configuration | pnpm-workspace.yaml, .npmrc settings, and package.json fields | core-config | | Workspaces | Monorepo support with filtering, workspace protocol, and shared lockfile | core-workspaces | | Store | Content-addressable storage, hard links, and disk efficiency | core-store |
Features
| Topic | Description | Reference | | ----------------- | ------------------------------------------------------------ | ------------------------------------------------------ | | Catalogs | Centralized dependency version management for workspaces | features-catalogs | | Overrides | Force specific versions of dependencies including transitive | features-overrides | | Patches | Modify third-party packages with custom fixes | features-patches | | Aliases | Install packages under custom names using npm: protocol | features-aliases | | Hooks | Customize resolution with .pnpmfile.cjs hooks | features-hooks | | Peer Dependencies | Auto-install, strict mode, and dependency rules | features-peer-deps |
Best Practices
| Topic | Description | Reference | | ----------- | ------------------------------------------------------------------ | ---------------------------------------------------------------------- | | CI/CD Setup | GitHub Actions, GitLab CI, Docker, and caching strategies | best-practices-ci | | Migration | Migrating from npm/Yarn, handling phantom deps, monorepo migration | best-practices-migration | | Performance | Install optimizations, store caching, workspace parallelization | best-practices-performance |
Related Skills
thesethrose/web-design-guidelines
development
VerifiedTrustedCommunity
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
SKILL.mdUpdated Apr 16, 2026
thesethrose/vite
tools
VerifiedTrustedCommunity
Vite build tool configuration, plugin API, SSR, and Vite 8 Rolldown migration. Use when working with Vite projects, vite.config.ts, Vite plugins, or building libraries/SSR apps with Vite.
SKILL.mdUpdated Apr 16, 2026
thesethrose/threat-mitigation-mapping
testing
VerifiedTrustedCommunity
Map identified threats to appropriate security controls and mitigations. Use when prioritizing security investments, creating remediation plans, or validating control effectiveness.
SKILL.mdUpdated Apr 16, 2026
thesethrose/stride-analysis-patterns
testing
VerifiedTrustedCommunity
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
SKILL.mdUpdated Apr 16, 2026