Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

pnpm

Ecosystem:
npm
Package URL:
pkg:npm/pnpm
Total PRs:
1,356 Dependabot PRs
Latest PR:
about 9 hours ago
Unique Repositories:
373 repositories
Unique Repos (30 days):
24 repositories
Security Advisories
pnpm has Windows-specific tarball Path Traversal
GHSA-6x96-7vc8-cm3p CVE-2026-23889 MODERATE published 4 months ago • updated 2 days ago
### Summary A path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on W...
pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin
GHSA-xpqm-wm3m-f34h CVE-2026-23890 MODERATE published 4 months ago • updated 2 days ago
### Summary A path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `n...
pnpm has symlink traversal in file:/git dependencies
GHSA-m733-5w8f-5ggw CVE-2026-24056 MODERATE published 4 months ago • updated 2 days ago
### Summary When pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining...
pnpm vulnerable to Command Injection via environment variable substitution
GHSA-2phv-j68v-wwqx CVE-2025-69262 HIGH published 5 months ago • updated 4 days ago
## Summary A command injection vulnerability exists in pnpm when using environment variable substitution in `.npmrc` configuration files with `tok...
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
GHSA-8cc4-rfj6-fhg4 CVE-2024-47829 MODERATE published about 1 year ago • updated 7 days ago
The path shortening function is used in pnpm: ``` export function depPathToFilename (depPath: string, maxLengthWithoutHash: number): string { let...
View all 12 advisories
Recent PRs
RSS Feed
chore(deps): bump the test-versions group across 1 directory with 20 updates

DataDog/dd-trace-js #8737

11.1.3 → 11.4.0 Minor PR
Open about 9 hours ago 3 comments
DataDog
chore(deps-dev)(deps-dev): bump the development-dependencies group with 5 updates

skittlz444/walk-to-mordor #433

11.3.0 → 11.5.0 Minor PR
Open about 12 hours ago 6 comments
skittlz444
chore(deps): bump the test-versions group across 1 directory with 17 updates

DataDog/dd-trace-js #8696

11.1.3 → 11.3.0 Minor PR
Open 3 days ago 4 comments
DataDog
chore(deps): bump the test-versions group across 1 directory with 13 updates

DataDog/dd-trace-js #8650

11.1.3 → 11.2.2 Minor PR
Closed 5 days ago 5 comments
DataDog
chore(deps-dev): bump pnpm from 11.1.3 to 11.3.0 in /frontend

nagyonmarci/diet-pixels #15

11.1.3 → 11.3.0 Minor PR
Closed 7 days ago 1 comment
nagyonmarci
chore(deps-dev)(deps-dev): bump pnpm from 10.33.2 to 11.3.0

skittlz444/walk-to-mordor #427

10.33.2 → 11.3.0 Major PR
Open 8 days ago 9 comments
skittlz444
chore(deps-dev): bump pnpm from 11.1.2 to 11.2.2 in /frontend

karimz1/imgcompress #656

11.1.2 → 11.2.2 Minor PR
Open 9 days ago 4 comments
karimz1
Bump the npm_and_yarn group across 9 directories with 19 updates

Surfndez/next.js #15

5.14.3 → 10.28.2 Major PR
Closed 10 days ago 1 comment
Surfndez
Bump pnpm from 11.1.3 to 11.2.2

gflohr/pdf-lab #54

11.1.3 → 11.2.2 Minor PR
Closed 11 days ago 1 comment
gflohr
build(deps-dev): Bump pnpm from 11.1.2 to 11.1.3

AtCoder-NoviSteps/AtCoderNoviSteps #3567

11.1.2 → 11.1.3 Patch PR
Open 12 days ago 1 comment
AtCoder-NoviSteps
Bump the all-dependencies group across 1 directory with 38 updates

TeamFirefli/firefli #75

10.33.4 → 11.1.3 Major PR
Closed 13 days ago 1 comment
TeamFirefli
npm(dev)(deps-dev): bump the development-dependencies group with 7 updates

skittlz444/stonks #135

11.0.9 → 11.1.2 Minor PR
Open 15 days ago 1 comment
skittlz444
build(deps): bump the non-breaking-changes group across 1 directory with 11 updates

esdora-js/esdora #214

11.0.8 → 11.1.2 Minor PR
Closed 17 days ago 1 comment
esdora-js
Bump the npm_and_yarn group across 1 directory with 25 updates

ZoneCog/zone.bolt #32

9.15.0 → 10.28.2 Major PR
Closed 17 days ago 3 comments
ZoneCog
Bump pnpm from 11.0.6 to 11.1.1

mallowlabs/npm-ls-overrides #80

11.0.6 → 11.1.1 Minor PR
Closed 18 days ago 1 comment
mallowlabs
Bump the npm_and_yarn group across 7 directories with 20 updates

Surfndez/next.js #12

5.14.3 → 10.28.2 Major PR
Closed 18 days ago 1 comment
Surfndez
Bump the all-dependencies group across 1 directory with 31 updates

TeamFirefli/firefli #72

10.33.4 → 11.1.1 Major PR
Closed 19 days ago 1 comment
TeamFirefli
chore(deps): bump the minor-and-patch group across 1 directory with 50 updates

sirjamesoffordii/CMC-Go #641

10.29.1 → 10.33.4 Minor PR
Open 19 days ago 2 comments
sirjamesoffordii
Bump the npm_and_yarn group across 1 directory with 15 updates

drzo/bolt.ceo #28

9.15.9 → 10.28.2 Major PR
Closed 20 days ago 2 comments
drzo
build(deps): bump the non-breaking-changes group with 10 updates

esdora-js/esdora #210

11.0.8 → 11.1.0 Minor PR
Closed 20 days ago 1 comment
esdora-js
chore(deps): bump pnpm from 10.28.2 to 11.0.9

heridotlife/heridotlife #146

10.28.2 → 11.0.9 Major PR
Open 21 days ago 4 comments
heridotlife
chore(deps): bump pnpm from 10.33.0 to 11.0.9 in /frontend

kiuci/ArcReelVN #29

10.33.0 → 11.0.9 Major PR
Open 21 days ago 1 comment
kiuci
chore(deps-dev)(deps-dev): bump pnpm from 10.33.2 to 11.0.9

skittlz444/walk-to-mordor #420

10.33.2 → 11.0.9 Major PR
Open 22 days ago 6 comments
skittlz444
chore(deps-dev): bump the dev-deps group across 1 directory with 8 updates

gtmc-dev/gtmc #56

10.33.2 → 11.0.9 Major PR
Open 22 days ago 1 comment
gtmc-dev
Bump the npm_and_yarn group across 1 directory with 13 updates

protae5544/copy-of-orchestra-coder #1

10.18.1 → 10.28.2 Minor PR
Closed 25 days ago 1 comment
protae5544
Bump pnpm from 10.33.4 to 11.0.8

fireknight-coder/Knight-Blog #8

10.33.4 → 11.0.8 Major PR
Closed 25 days ago 2 comments
fireknight-coder
Bump the npm_and_yarn group across 1 directory with 19 updates

6q58j2q4fc-cmd/MoneyMachine #2

10.18.0 → 10.28.2 Minor PR
Closed 25 days ago 1 comment
6q58j2q4fc-cmd
chore(deps): bump the minor-and-patch group across 1 directory with 20 updates

mherod/get-cookie #509

10.30.3 → 10.33.4 Minor PR
Closed 25 days ago 1 comment
mherod
chore(deps): bump the minor-and-patch group across 1 directory with 11 updates

zkorum/agora #1020

10.33.0 → 10.33.2 Patch PR
Open 28 days ago 2 comments
zkorum
chore(deps): bump the npm-minor group across 1 directory with 16 updates

0xReLogic/Zeltra #77

10.30.1 → 10.33.2 Minor PR
Open 28 days ago 2 comments
0xReLogic
build(deps): bump the npm_and_yarn group across 8 directories with 11 updates

QueenFi703/microsoft-365-agents-toolkit #4

8.15.9 → 10.28.2 Major PR
Closed about 1 month ago 1 comment
QueenFi703
chore(deps): bump pnpm from 10.33.0 to 10.33.2 in /frontend

CreateIntelligens/arcreel360 #7

10.33.0 → 10.33.2 Patch PR
Closed about 1 month ago 2 comments
CreateIntelligens
:arrow_up:(deps): Bump the all-dependencies group across 1 directory with 46 updates

StudentTechUsher/stu #162

10.28.2 → 10.33.2 Minor PR
Closed about 1 month ago 2 comments
StudentTechUsher
chore(deps): bump the minor-and-patch group across 1 directory with 42 updates

Rieki777/ReGenCivics.Earth #12

10.30.3 → 10.33.2 Minor PR
Open about 1 month ago 1 comment
Rieki777
chore(deps)(deps-dev): bump the development-dependencies group across 1 directory with 26 updates

HUA-Labs/hua-packages #21

10.30.3 → 10.33.2 Minor PR
Open about 1 month ago 1 comment
HUA-Labs
chore(deps)(deps-dev): bump the development-deps group with 6 updates

brandonlacoste9-tech/flow-guru-web #10

10.33.0 → 10.33.2 Patch PR
Open about 1 month ago 2 comments
brandonlacoste9-tech
chore(deps): bump the dev-dependencies group across 1 directory with 12 updates

T3a165/Aurora-Core #7

10.18.0 → 10.33.2 Minor PR
Closed about 1 month ago 2 comments
T3a165
Bump pnpm from 10.33.0 to 10.33.2

gflohr/e-invoice-eu #558

10.33.0 → 10.33.2 Patch PR
Open about 1 month ago 2 comments
gflohr
chore(deps): bump the production-dependencies group across 1 directory with 20 updates

elKevin24/FIX-AI-NEXT #48

10.28.2 → 10.33.0 Minor PR
Open about 1 month ago 5 comments
elKevin24
chore(deps): bump the npm-non-major group across 1 directory with 45 updates

Trancendos/trancendos-ecosystem #686

10.30.3 → 10.33.0 Minor PR
Open about 2 months ago 4 comments
Trancendos
chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates

dpschen/radix-vue #11

8.15.4 → 10.28.2 Major PR
Closed about 2 months ago 1 comment
dpschen
Bump the npm_and_yarn group across 1 directory with 25 updates

ZoneCog/zone.bolt #29

9.15.0 → 10.28.2 Major PR
Open about 2 months ago 4 comments
ZoneCog
Bump the npm_and_yarn group across 1 directory with 24 updates

EchoCog/bolt.marduk #34

9.15.0 → 10.28.2 Major PR
Open about 2 months ago 2 comments
EchoCog
chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

dpschen/radix-vue #10

8.15.4 → 10.28.2 Major PR
Closed about 2 months ago 1 comment
dpschen
chore(deps): bump the npm-non-major group across 1 directory with 38 updates

Trancendos/trancendos-ecosystem #669

10.30.3 → 10.33.0 Minor PR
Open about 2 months ago 4 comments
Trancendos
Bump the npm_and_yarn group across 1 directory with 22 updates

drzo/bolt-diy-55 #23

10.0.0 → 10.28.2 Minor PR
Open about 2 months ago 1 comment
drzo
Bump the npm_and_yarn group across 1 directory with 21 updates

drzo/bolt.ceo #22

9.15.9 → 10.28.2 Major PR
Closed about 2 months ago 1 comment
drzo
chore(deps): bump the npm-non-major group across 1 directory with 38 updates

Trancendos/trancendos-ecosystem #659

10.30.3 → 10.33.0 Minor PR
Open 2 months ago 5 comments
Trancendos
Bump the patch-minor group across 1 directory with 14 updates

Balssh/blog #7

10.28.0 → 10.33.0 Minor PR
Open 2 months ago 2 comments
Balssh
chore(deps): bump the minor-and-patch group across 1 directory with 40 updates

sirjamesoffordii/CMC-Go #624

10.29.1 → 10.33.0 Minor PR
Closed 2 months ago 2 comments
sirjamesoffordii
Package Details
Name: pnpm
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/pnpm
JSON API: View JSON
Security Advisories

12

Active advisories
HIGH 5
MODERATE 7
View All npm Advisories
Package Information
Description:

Fast, disk space efficient package manager

Repository: https://github.com/pnpm/pnpm
Homepage: https://pnpm.io
Latest Release: 10.11.0
about 1 year ago
Dependent Repos: 2,954
Dependent Packages: 1,314
Downloads: 88,232,668
Ranking: Top 0.3962% by dependent repos Top 0.0377% by downloads Top 0.0551% by dependent pkgs
PR Status
Open 642 (47.3%)
Merged 206 (15.2%)
Closed 426 (31.4%)
PR Types
Major 323 (23.8%)
Minor 698 (51.5%)
Patch 253 (18.7%)