pnpm 11 is here! This release tightens the security defaults introduced throughout the v10 cycle, drops the npm CLI fallback for publishing in favor of a native implementation, replaces the JSON-per-package store index with a single SQLite database, and isolates global installs so they no longer interfere with each other.

pnpm 10.32 adds an --all flag to pnpm approve-builds for approving all pending builds without interactive prompts.

pnpm 10.31 preserves comments and formatting when updating pnpm-workspace.yaml, and includes numerous bug fixes.

pnpm 10.30 redesigns pnpm why to show a reverse dependency tree, making it much easier to understand why a package is installed.

pnpm 10.29 adds catalog specifier, and includes several bug fixes.

pnpm 10.28 introduces a new beforePacking hook to customize package.json at publish time, improves filtered install performance, and includes several bug fixes.

pnpm 10.27 adds a new setting to ignore trust policy checks for older package versions, introduces a project registry for global virtual store pruning, and includes several bug fixes.

2025 has been a transformative year for pnpm. While our primary focus was redefining the security model of package management, we also delivered significant improvements in performance and developer experience.

pnpm 10.26 introduces stricter security defaults for git-hosted dependencies, adds allowBuilds for granular script permissions, and includes a new setting to block exotic transitive dependencies.

pnpm 10.25 improves certificate handling, adds a bare pnpm init, and ships several quality-of-life fixes.

We got lucky with Shai-Hulud 2.0.

pnpm now scales network concurrency automatically on high-core machines and ships several reliability fixes.

Added --lockfile-only option to pnpm list and various improvements to pnpm self-update.

Added support for excluding packages from trust policy and overriding the engines field on publish.

Added support for Node.js runtime installation for dependencies and a setting for configuring trust policy.

This release adds a --all flag for the pnpm help command to print all commands.

This release adds version-scoped controls to two settings: [onlyBuiltDependencies] and [minimumReleaseAgeExclude].

Minor Changes

Minor Changes

Minor Changes