Skip to content

chore: migrate npm to pnpm across CI, Docker, and scripts#555

Draft
Anshumancanrock wants to merge 10 commits intocameri:mainfrom
Anshumancanrock:chore/pnpm-migration
Draft

chore: migrate npm to pnpm across CI, Docker, and scripts#555
Anshumancanrock wants to merge 10 commits intocameri:mainfrom
Anshumancanrock:chore/pnpm-migration

Conversation

@Anshumancanrock
Copy link
Copy Markdown
Collaborator

@Anshumancanrock Anshumancanrock commented Apr 21, 2026
edited
Loading

Migrates the package manager from npm to pnpm to improve install times, enforce strict dependency resolution, and reduce disk space usage.

Changes

  • Replaced package-lock.json with pnpm-lock.yaml (using pnpm@10.33.0).
  • Updated GitHub Actions to use pnpm/action-setup and pnpm install --frozen-lockfile.
  • Updated Dockerfile and docker-compose configuration to use pnpm.
  • Fixed Husky pre-commit/pre-push hooks to use pnpm exec.
  • Updated command references in README.md, CONTRIBUTING.md, and CONFIGURATION.md.
  • Added patch changeset to satisfy CI dependency constraint.

npm vs pnpm benchmark (cold install, 3 runs each)

run npm install pnpm install --frozen-lockfile
1 78.64s 13.78s
2 47.86s 28.72s
3 66.91s 29.12s

Installation is ~2.5× faster

Testing

  1. Install and script flows run with pnpm locally.
  2. CI workflow steps are updated for pnpm.
  3. Docker-related command paths are updated to pnpm.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 21, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedzod@​3.25.769810010088100
Updatedaxios@​1.15.0 ⏵ 1.15.190 -110010095100

View full report

@coveralls
Copy link
Copy Markdown
Collaborator

coveralls commented Apr 21, 2026

Coverage Status

coverage: 73.34% (+0.02%) from 73.323% — Anshumancanrock:chore/pnpm-migration into cameri:main

@Anshumancanrock Anshumancanrock marked this pull request as draft April 21, 2026 01:22
@cameri cameri requested a review from Copilot April 22, 2026 00:06
@cameri cameri self-assigned this Apr 22, 2026
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Migrates the project’s tooling and documentation from npm to pnpm across local scripts, CI workflows, and Docker-based environments.

Changes:

  • Switch CI workflows to install/cache dependencies with pnpm and frozen lockfile installs.
  • Update Dockerfiles/docker-compose migration steps and Husky hooks to use pnpm/pnpm exec.
  • Refresh docs and script usage text to reference pnpm commands; add a changeset for CI requirements.

Reviewed changes

Copilot reviewed 27 out of 30 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
test/integration/docker-compose.yml Updates DB migration step to use corepack + pnpm dlx during integration tests.
docker-compose.yml Updates DB migration step to use corepack + pnpm dlx in local compose setup.
src/scripts/export-events.ts Updates CLI usage output from npm run to pnpm run.
src/scripts/benchmark-queries.ts Updates docstring/usage output from npm run to pnpm run.
src/import-events.ts Updates CLI usage output from npm run to pnpm run.
src/clean-db.ts Updates help text examples from npm run to pnpm run.
scripts/verify-index-impact.ts Updates usage doc comment to pnpm run.
scripts/smoke-nip03.ts Updates usage doc comment to pnpm exec.
scripts/smoke-nip03.md Updates instructions to pnpm run / pnpm exec.
scripts/security-load-test.ts Updates usage doc comment to pnpm exec / pnpm run.
package.json Adds packageManager pin and updates scripts to use pnpm.
Dockerfile.test Switches dependency install to pnpm with frozen lockfile.
Dockerfile.railwayapp Switches build/runtime installs and migration invocation to pnpm.
Dockerfile Switches build/runtime installs and build step to pnpm.
README.md Updates developer/user commands to pnpm.
CONTRIBUTING.md Updates contributor commands to pnpm / pnpm exec.
CONFIGURATION.md Updates benchmarking commands to pnpm.
.husky/pre-commit Updates hook commands to pnpm run.
.husky/commit-msg Updates hook to use pnpm exec commitlint.
.gitignore Ignores package-lock.json and pnpm cache artifacts.
.github/workflows/checks.yml Updates CI jobs to use pnpm/action-setup, pnpm cache, and frozen installs.
.github/workflows/changesets.yml Updates release workflow to use pnpm install and pnpm-based changeset commands.
.changeset/bright-clocks-jam.md Adds a patch changeset documenting the migration.
src/routes/index.ts Adds explicit Router typing and import adjustments.
src/routes/invoices/index.ts Adds explicit Router typing for router instance.
src/routes/callbacks/index.ts Adds explicit Router typing for router instance.
src/routes/admissions/index.ts Adds explicit Router typing for router instance.
src/factories/web-app-factory.ts Adds explicit Express return type for createWebApp.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread test/integration/docker-compose.yml Outdated
- sh
- -c
- 'cd code && npm install --no-save --quiet knex@2.4.0 pg@8.8.0 && npx knex migrate:latest'
- 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest'
Copy link

Copilot AI Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This migration container runs corepack enable && pnpm dlx ... in /code without a package.json, so Corepack can’t read the repo’s packageManager pin and may pick a different pnpm version over time. To keep CI/integration tests reproducible, explicitly prepare/activate the pnpm version you expect (e.g., corepack prepare pnpm@10.33.0 --activate) before invoking pnpm dlx.

Suggested change
- 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest'
- 'cd code && corepack enable && corepack prepare pnpm@10.33.0 --activate && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest'

Copilot uses AI. Check for mistakes.
Comment thread docker-compose.yml Outdated
- sh
- -c
- 'cd code && npm install --no-save --quiet knex@2.4.0 pg@8.8.0 && npx knex migrate:latest'
- 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest'
Copy link

Copilot AI Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

corepack enable && pnpm dlx ... is executed in /code, which doesn’t include this repo’s package.json (and therefore doesn’t provide the packageManager: pnpm@10.33.0 pin). That makes the pnpm version selected by Corepack non-deterministic and could break migrations if Corepack defaults change. Consider explicitly preparing/activating the intended pnpm version here (e.g., corepack prepare pnpm@10.33.0 --activate) before running pnpm dlx.

Suggested change
- 'cd code && corepack enable && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest'
- 'cd code && corepack enable && corepack prepare pnpm@10.33.0 --activate && pnpm dlx --package=knex@2.4.0 --package=pg@8.8.0 knex migrate:latest'

Copilot uses AI. Check for mistakes.
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Apr 23, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 5ccfb8e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
nostream Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@cameri cameri

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Anshumancanrock @coveralls @cameri