Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pnpm support #46

Open
AlexWayfer opened this issue Sep 29, 2020 · 20 comments
Open

pnpm support #46

AlexWayfer opened this issue Sep 29, 2020 · 20 comments

Comments

@AlexWayfer
Copy link

Hello.

It'd be nice to see pnpm support (pnpm-lock.yaml lock file).

@agustinusnathaniel
Copy link

Would love and appreciate it if depfu can cupport pnpm soon.

@bigint
Copy link

bigint commented Aug 4, 2021

Yes waiting for pnpm support too!

@pepicrft
Copy link

Same here. Support for pnpm would be awesome

@prabhuignoto
Copy link

+1 can we have the support for pnpm

@grug
Copy link

grug commented Aug 1, 2022

Would also love pnpm support!

@mgcrea
Copy link

mgcrea commented Mar 2, 2023

Any chance we could have some kind of official comment on this? Like is it planned or in progress? Or is there specific issues blocking this? Thanks!

pnpm is currently rapidly gaining steam: https://npmtrends.com/pnpm-vs-yarn

@AlexWayfer
Copy link
Author

Any chance we could have some kind of official comment on this?

I've got some kind of, from the co-founder of Depfu, in Twitter: https://twitter.com/halfbyte/status/1481634108203798529?s=20

It was rude at the beginning, then we got an understanding.

BTW, what I've got, it's "pay us more to implement such features".

@airhorns
Copy link

airhorns commented Jun 8, 2023

We're a depfu paying customer and were migrating to pnpm, which means we can't use depfu anymore :( would be great to keep using the product but its not key enough to stop us migrating for all the other benefits

@airhorns
Copy link

airhorns commented Jun 8, 2023

pay us more to implement such features

I feel like he said "pay us anything" to implement such features, that seems fair to me. We're paying though!

@halfbyte
Copy link
Member

Hey everyone. It's me, the guy with the twitter thread. :)

When I wrote that twitter thread, the reality was that the only people we had requests for pnpm for were people using free tiers. This has changed. Not only that, we recently got a lot more requests in general to implement pnpm.

We're currently in the summer vacation season and so there currently isn't much progress, but I think I can safely say that by the end of the summer we should have something for you to test. We're not sure yet what exactly we'll be able to provide with that first release but I hope some of you in this thread will be willing to beta test.

We usually don't do prior announcements and all, but obviously it also doesn't make sense to leave this GitHub issue in a state where it looks like we don't care at all. We are a very small team with a very limited time budget on our hands and prioritising is always a massive challenge and not always entirely in our hands.

Thanks to all of your for your patience, for caring enough about our product to open up these issues and for your understanding.

@AlexWayfer
Copy link
Author

@halfbyte thanks! Nice news. All the best to your team. It's difficult to compete with large companies, but I hope you'll grow, because you have a qualitative product.

@halfbyte
Copy link
Member

@AlexWayfer and others, I have a couple of questions:

  • Would you expect us to support older versions of pnpm for repos with lockfiles using older lockfile versions? The lockfiles have drastically changed for V8 of pnpm and pnpm automatically upgrades when you run a neweer version against an old lockfile. (This would require us to detect the correct pnpm version from the lockfile version and also have multiple pnpm versions available which is a bit of a hassle)
  • If so, what do you think would be the set of versions we would need to support? Just 7 and 8? Or even older versions?
  • Latest versions of 8.x added the settings block - Would it be okay to just introduce that to files where it is absent with the default values or would you expect us to keep this as close to the original (pre-update) as possible?

I'm currently testing a very early version of pnpm support for Depfu and I'm running into all of these issues, so I thought you should probably know best.

Also, if you could maybe point me to a couple of bigger open source repos we could use for testing (bigger = larger sets of dependencies, not necessarily code), that would be awesome.

@AlexWayfer
Copy link
Author

  • Would you expect us to support older versions of pnpm for repos with lockfiles using older lockfile versions? The lockfiles have drastically changed for V8 of pnpm and pnpm automatically upgrades when you run a neweer version against an old lockfile. (This would require us to detect the correct pnpm version from the lockfile version and also have multiple pnpm versions available which is a bit of a hassle)

Right now, at the current moment, I don't care about old pnpm versions. But yes: there can be a new ones with new lock file versions. I believe we should support such migration, or at least notify users to do this manually.

I think I've faced similar issues with package-lock.json file (npm's default) and Depfu, when local npm install returned different result from PR's changes.

  • If so, what do you think would be the set of versions we would need to support? Just 7 and 8? Or even older versions?

Again: I'm only for the current and newer versions. I don't care about old versions (maybe someone does), but we must have such mechanism.

  • Latest versions of 8.x added the settings block - Would it be okay to just introduce that to files where it is absent with the default values or would you expect us to keep this as close to the original (pre-update) as possible?

I don't know about this block, didn't use it, and unable to answer the question. Even with choice between "default values" and "keep it close to the original" I'm confused.

Also, if you could maybe point me to a couple of bigger open source repos we could use for testing (bigger = larger sets of dependencies, not necessarily code), that would be awesome.

I don't know a lot of repos, can link somes:

@kevinwolfcr
Copy link

kevinwolfcr commented Sep 13, 2023

@halfbyte: I am currently not a Depfu user, but I have been comparing various solutions to suggest to my company. We just spent a whole sprint upgrading dependencies, so something like Depfu would be helpful. However, what is currently stopping me from using it is the lack of support for PNPM 😢 .

Also, if you could maybe point me to a couple of bigger open source repos we could use for testing (bigger = larger sets of dependencies, not necessarily code), that would be awesome.

A good example of a big project using PNPM is https://github.com/vitejs/vite.

@alfaproject
Copy link

Another big project using pnpm: https://github.com/nrwl/nx

@agustinusnathaniel
Copy link

Also, if you could maybe point me to a couple of bigger open source repos we could use for testing (bigger = larger sets of dependencies, not necessarily code), that would be awesome.

Projects using pnpm:

@halfbyte
Copy link
Member

Hey everyone. We had to solve a couple of hairy problems with pnpm (more on that probably in a blog post) but we have this now available for you to test. It is very much in beta and I totally expect you to run into issues for specific cases.

Thanks for your suggestions of projects, some of these actually helped uncovering some issues or cases we haven't thought about.

@alfaproject
Copy link

We are now going to move from Yarn to pnpm due to popular internal demand in our organization. I guess I will let you know how it goes but if you have any tips, so we avoid any pitfall with depfu, please let me know

@alfaproject
Copy link

Alright, so we finished the migration, and now we get this message:

No dependency files found
This probably means that this repo is not yet supported by Depfu. Currently, we can handle Ruby and JavaScript.

We do support monorepos and non-root files, but only added auto-detection recently. Click the + Add link to see if we can find the subfolder you're trying to set up.

Project #20784 for example

@alfaproject
Copy link

Never mind, it seems you need to add a new project for each repository for Pnpm and then delete the Yarn one

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests