Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

pnpm

Ecosystem:
npm
Package URL:
pkg:npm/pnpm
Total PRs:
1,267 Dependabot PRs
Latest PR:
about 19 hours ago
Unique Repositories:
341 repositories
Unique Repos (30 days):
61 repositories
Security Advisories
pnpm has symlink traversal in file:/git dependencies
GHSA-m733-5w8f-5ggw CVE-2026-24056 MODERATE published about 1 month ago • updated 10 days ago
### Summary When pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining...
pnpm has Windows-specific tarball Path Traversal
GHSA-6x96-7vc8-cm3p CVE-2026-23889 MODERATE published about 1 month ago • updated 11 days ago
### Summary A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on W...
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
GHSA-8cc4-rfj6-fhg4 CVE-2024-47829 MODERATE published 11 months ago • updated 6 days ago
The path shortening function is used in pnpm: ``` export function depPathToFilename (depPath: string, maxLengthWithoutHash: number): string { let...
Untrusted Search Path in PNPM
GHSA-9m87-6fj3-c5xh CVE-2022-26183 HIGH published almost 4 years ago • updated 12 days ago
PNPM prior to v6.15.1 was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execu...
pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies
GHSA-7vhp-vf5g-r2fw CVE-2025-69263 HIGH published 2 months ago • updated 10 days ago
### Summary HTTP tarball dependencies (and git-hosted tarballs) are stored in the lockfile without integrity hashes. This allows the remote server...
View all 12 advisories
Recent PRs
RSS Feed
Bump pnpm from 10.31.0 to 10.32.0 in /package in the npm group across 1 directory

poad/appstore-connect-jwt-generator-core #3446

10.31.0 → 10.32.0 Minor PR
Closed about 19 hours ago 1 comment
poad
Bump the packages group with 28 updates

poad/github-rest-api-executor #372

10.31.0 → 10.32.0 Minor PR
Open about 23 hours ago 1 comment
poad
:arrow_up:(deps): Bump the all-dependencies group with 35 updates

StudentTechUsher/stu #154

10.28.2 → 10.31.0 Minor PR
Open 1 day ago 2 comments
StudentTechUsher
chore(deps): bump the minor-and-patch group in /services/shared-app-api with 4 updates

zkorum/agora #694

10.30.3 → 10.31.0 Minor PR
Open 1 day ago 2 comments
zkorum
deps: bump the dependencies group across 1 directory with 45 updates

coachzee/wfg-crm #23

10.18.0 → 10.31.0 Minor PR
Open 1 day ago 1 comment
coachzee
Bump pnpm from 10.30.3 to 10.31.0 in /package in the npm group across 1 directory

poad/appstore-connect-jwt-generator-core #3445

10.30.3 → 10.31.0 Minor PR
Closed 2 days ago 1 comment
poad
chore(deps-dev): bump pnpm from 8.15.6 to 10.31.0

minazone/mina-zkapp-template #1979

8.15.6 → 10.31.0 Major PR
Closed 2 days ago 1 comment
minazone
npm(dev)(deps-dev): bump the development-dependencies group with 3 updates

skittlz444/stonks #111

10.30.3 → 10.31.0 Minor PR
Open 2 days ago 1 comment
skittlz444
chore(deps-dev)(deps-dev): bump the development-dependencies group with 4 updates

skittlz444/walk-to-mordor #295

10.30.3 → 10.31.0 Minor PR
Open 2 days ago 3 comments
skittlz444
Bump the npm group across 3 directories with 2 updates

poad/aws-lambda-mcp-server #136

10.30.3 → 10.31.0 Minor PR
Closed 2 days ago 1 comment
poad
Bump the npm_and_yarn group across 12 directories with 18 updates

balajirajput96/activepieces #29

9.15.0 → 10.28.2 Major PR
Open 4 days ago 1 comment
balajirajput96
chore(deps): bump the test-versions group across 1 directory with 92 updates

DataDog/dd-trace-js #7698

10.28.0 → 10.30.3 Minor PR
Open 4 days ago 1 comment
DataDog
Bump the dev-tools group across 1 directory with 10 updates

cvalentine99/Dang- #33

10.30.1 → 10.30.3 Patch PR
Closed 5 days ago 3 comments
cvalentine99
Bump the npm_and_yarn group across 12 directories with 18 updates

ANT0071/activepieces #26

9.15.0 → 10.28.2 Major PR
Closed 6 days ago 1 comment
ANT0071
chore(deps): bump the npm_and_yarn group across 13 directories with 18 updates

UniversalStandards/activepieces #27

9.15.0 → 10.28.2 Major PR
Open 6 days ago 2 comments
UniversalStandards
Bump the npm_and_yarn group across 12 directories with 18 updates

balajirajput96/activepieces #27

9.15.0 → 10.28.2 Major PR
Closed 6 days ago 2 comments
balajirajput96
Bump the npm_and_yarn group across 12 directories with 18 updates

balajirajput96/activepieces #25

9.15.0 → 10.28.2 Major PR
Open 6 days ago 1 comment
balajirajput96
chore(deps): bump the npm_and_yarn group across 13 directories with 17 updates

sizzlebop/activepieces #24

9.15.0 → 10.28.2 Major PR
Closed 6 days ago 1 comment
sizzlebop
Bump the npm_and_yarn group across 12 directories with 18 updates

ANT0071/activepieces #24

9.15.0 → 10.28.2 Major PR
Closed 6 days ago 1 comment
ANT0071
Bump the npm_and_yarn group across 6 directories with 10 updates

shinzai-dev/misskey-tempura #1

10.26.2 → 10.28.2 Minor PR
Open 6 days ago 3 comments
shinzai-dev
chore(deps): bump the npm_and_yarn group across 13 directories with 16 updates

UniversalStandards/activepieces #24

9.15.0 → 10.28.2 Major PR
Open 7 days ago 2 comments
UniversalStandards
Bump the npm_and_yarn group across 1 directory with 7 updates

brandonlacoste9-tech/receipt #1

10.18.1 → 10.28.2 Minor PR
Open 7 days ago 1 comment
brandonlacoste9-tech
chore(deps): bump the test-versions group across 1 directory with 92 updates

DataDog/dd-trace-js #7649

10.28.0 → 10.30.3 Minor PR
Open 8 days ago 2 comments
DataDog
Bump the npm_and_yarn group across 1 directory with 24 updates

ZoneCog/zone.bolt #25

9.15.0 → 10.28.2 Major PR
Open 9 days ago 2 comments
ZoneCog
chore(deps): bump the npm_and_yarn group across 5 directories with 10 updates

momoirodouhu/misskey #5

10.25.0 → 10.28.2 Minor PR
Closed 10 days ago 1 comment
momoirodouhu
chore(deps): bump the npm_and_yarn group across 13 directories with 18 updates

UniversalStandards/activepieces #20

9.15.0 → 10.28.2 Major PR
Open 10 days ago 2 comments
UniversalStandards
chore(deps): bump the npm_and_yarn group across 7 directories with 9 updates

rooch-network/rooch #3961

10.27.0 → 10.28.2 Minor PR
Open 10 days ago 1 comment
rooch-network
chore(deps): bump the npm_and_yarn group across 4 directories with 7 updates

gmrrww/eliza #1

9.14.4 → 10.28.2 Major PR
Closed 11 days ago 1 comment
gmrrww
Bump the npm_and_yarn group across 12 directories with 19 updates

balajirajput96/activepieces #18

9.15.0 → 10.28.2 Major PR
Open 11 days ago 1 comment
balajirajput96
Bump the npm_and_yarn group across 11 directories with 8 updates

BoundaryML/baml #3192

9.12.0 → 10.28.2 Major PR
Open 11 days ago 3 comments
BoundaryML
build(deps): bump the npm_and_yarn group across 9 directories with 8 updates

jarlungoodoo73/jabidahscreations-microsoft-365-agents-toolkit #11

10.0.0 → 10.28.2 Minor PR
Closed 11 days ago 1 comment
jarlungoodoo73
Bump the npm group with 16 updates

poad/github-pull-request-auto-merge-enable-action #9685

10.30.2 → 10.30.3 Patch PR
Closed 12 days ago 1 comment
poad
chore(deps): bump pnpm from 10.29.3 to 10.30.1

MTES-MCT/acceslibre #2524

10.29.3 → 10.30.1 Minor PR
Closed 12 days ago 1 comment
MTES-MCT
Bump pnpm from 10.26.1 to 10.30.3

laobinghu/blog #34

10.26.1 → 10.30.3 Minor PR
Open 12 days ago 2 comments
laobinghu
chore(deps): bump the npm_and_yarn group across 8 directories with 11 updates

rooch-network/rooch #3958

10.27.0 → 10.28.2 Minor PR
Open 12 days ago 2 comments
rooch-network
chore(deps): bump the test-versions group across 1 directory with 88 updates

DataDog/dd-trace-js #7623

10.28.0 → 10.30.1 Minor PR
Closed 13 days ago 4 comments
DataDog
chore(deps): bump the npm_and_yarn group across 14 directories with 19 updates

UniversalStandards/activepieces #16

9.15.0 → 10.28.2 Major PR
Open 13 days ago 2 comments
UniversalStandards
Bump the npm_and_yarn group across 12 directories with 19 updates

balajirajput96/activepieces #15

9.15.0 → 10.28.2 Major PR
Closed 13 days ago 2 comments
balajirajput96
chore(deps): bump pnpm from 10.28.0 to 10.28.2

Trancendos/trancendos-ecosystem #492

10.28.0 → 10.28.2 Patch PR
Open 13 days ago 1 comment
Trancendos
chore(deps)(deps-dev): bump the development-dependencies group across 1 directory with 8 updates

HUA-Labs/HUA-Labs-public #140

10.30.1 → 10.30.2 Patch PR
Open 13 days ago 2 comments
HUA-Labs
chore(deps): bump the test-versions group across 1 directory with 87 updates

DataDog/dd-trace-js #7616

10.28.0 → 10.30.1 Minor PR
Closed 14 days ago 4 comments
DataDog
chore(deps-dev): bump the development-dependencies group across 1 directory with 17 updates

sokolovgit/code-hive #19

10.26.0 → 10.30.2 Minor PR
Open 14 days ago 1 comment
sokolovgit
Bump the npm group with 2 updates

poad/github-pull-request-auto-merge-enable-action #9667

10.30.1 → 10.30.2 Patch PR
Closed 15 days ago 1 comment
poad
chore(deps): bump the production-dependencies group across 1 directory with 11 updates

heridotlife/heridotlife #93

10.27.0 → 10.30.1 Minor PR
Open 16 days ago 4 comments
heridotlife
chore(deps-dev): bump the npm_and_yarn group across 1 directory with 4 updates

Psykronicity/enter-NurturaAIHolisticHealing #3

8.6.12 → 10.28.2 Major PR
Open 16 days ago 1 comment
Psykronicity
chore(deps): bump the minor-and-patch group in /services/shared-app-api with 5 updates

zkorum/agora #592

10.30.0 → 10.30.1 Patch PR
Open 16 days ago 2 comments
zkorum
Bump the npm_and_yarn group across 19 directories with 20 updates

GlacierEQ/activepieces #12

9.15.0 → 10.28.2 Major PR
Open 16 days ago 4 comments
GlacierEQ
Bump pnpm from 10.18.0 to 10.28.2

cvalentine99/Dang- #5

10.18.0 → 10.28.2 Minor PR
Open 16 days ago 1 comment
cvalentine99
Bump the npm_and_yarn group across 19 directories with 21 updates

GlacierEQ/activepieces #10

9.15.0 → 10.28.2 Major PR
Open 17 days ago 3 comments
GlacierEQ
chore(deps): bump the npm_and_yarn group across 12 directories with 22 updates

ssushant0011/activepieces #8

9.15.0 → 10.28.2 Major PR
Closed 17 days ago 1 comment
ssushant0011
Package Details
Name: pnpm
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/pnpm
JSON API: View JSON
Security Advisories

12

Active advisories
HIGH 5
MODERATE 7
View All npm Advisories
Package Information
Description:

Fast, disk space efficient package manager

Repository: https://github.com/pnpm/pnpm
Homepage: https://pnpm.io
Latest Release: 10.11.0
10 months ago
Dependent Repos: 2,954
Dependent Packages: 1,314
Downloads: 88,232,668
Ranking: Top 0.3962% by dependent repos Top 0.0377% by downloads Top 0.0551% by dependent pkgs
PR Status
Open 599 (47.3%)
Merged 206 (16.3%)
Closed 380 (30.0%)
PR Types
Major 295 (23.3%)
Patch 244 (19.3%)
Minor 646 (51.0%)