Skip to content

chore: migrate monorepo from npm to pnpm (tooling, Docker, docs) #169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

chore: migrate monorepo from npm to pnpm (tooling, Docker, docs) #169

wants to merge 2 commits into from

Conversation

@sujiiiiit
Copy link

@sujiiiiit sujiiiiit commented Sep 19, 2025
edited
Loading

What kind of change does this PR introduce?

  • Build tooling / infrastructure update
  • Package manager migration (npm ➜ pnpm)
  • Documentation update
  • Dockerfile adjustments
  • Internal dependency resolution improvement

What is the current behavior?

The monorepo currently:

  • Uses npm with a committed package-lock.json
  • Relies on implicit workspace linking (no pnpm-workspace.yaml)
  • Uses npx or globally installed turbo in Docker images
  • Has scripts and docs referencing npm / npx
  • Incurs slower, duplicated installs due to non–content-addressable layout

What is the new behavior?

  • Migrated to pnpm with pinned version via "packageManager": "pnpm@9.12.0"
  • Added pnpm-workspace.yaml (apps/*, packages/*)
  • Added pnpm-lock.yaml, removed package-lock.json
  • Replaced all npm i, npm run, and npx usages with pnpm install, pnpm <script>, pnpm dlx
  • Updated Dockerfiles to:
    • corepack enable
    • Use pnpm install --frozen-lockfile (fallback to plain install)
    • Invoke Turbo via pnpm dlx turbo
  • Internal package @database.build/deploy now declared as "workspace:*"
  • Added migration guide MIGRATION-PNPM.md
  • Updated README.md instructions accordingly

Rationale / Benefits

Area Benefit
Performance Faster cold & warm installs (shared global content-addressable store)
Disk usage Single copy per package version instead of per-project duplication
Determinism pnpm-lock.yaml + --frozen-lockfile enforces exact dependency graph
Clarity Explicit workspace boundaries via pnpm-workspace.yaml
DX Simpler internal linking via workspace:*
CI Better caching opportunities (pnpm store path)

Migration Notes (Developer Actions)

corepack enable          # one-time (if not already)
pnpm install             # replaces npm install
pnpm dev                 # replaces npm run dev
pnpm build               # replaces npm run build
pnpm dlx <tool> ...      # replaces npx <tool> ...

If you have lingering node_modules or package-lock.json locally:

rm -rf node_modules **/node_modules package-lock.json
pnpm install

Command Mapping

Action Before After
Install deps npm install pnpm install
Add dep npm install <pkg> pnpm add <pkg>
Add dev dep npm install -D <pkg> pnpm add -D <pkg>
Remove dep npm uninstall <pkg> pnpm remove <pkg>
Run script npm run build pnpm build (or pnpm run build)
One-off bin npx <bin> pnpm dlx <bin>
Outdated npm outdated pnpm outdated
Update npm update pnpm update
Audit npm audit pnpm audit

Testing / Verification

  • Confirmed pnpm install succeeds from clean clone
  • Verified Docker builds succeed using updated Dockerfiles
  • Ensured Turbo tasks run via pnpm dev (root script -> turbo watch dev)
  • Internal workspace dependency resolution correct using "workspace:*"
  • package-lock.json fully removed; only pnpm-lock.yaml present

Risk Assessment & Mitigations

Risk Mitigation
CI still invokes npm ci Update workflows to corepack enable && pnpm install --frozen-lockfile
Accidental reintroduction of package-lock.json Add .gitignore rule or pre-commit check (follow-up)
Developer muscle memory (npm commands) Added migration doc + README updates
Lock drift in PRs Use --frozen-lockfile in CI

Follow-up Opportunities (Not in this PR)

  • Cache pnpm store in CI (pnpm store path)
  • Add guard script to fail if package-lock.json appears
  • Add a Changeset if package version bumps are needed
  • Document min Node version & Corepack expectation in README badges
  • Explore pnpm fetch + offline installs for CI speed

Screenshots

N/A (infrastructure-only change)

Additional Context

See MIGRATION-PNPM.md added in this PR for deeper guidance, troubleshooting, and future upgrade instructions.

Checklist

  • Removed package-lock.json
  • Added pnpm-workspace.yaml
  • Added pnpm-lock.yaml
  • Updated root package.json packageManager
  • Updated Dockerfiles
  • Updated README
  • Added migration doc
  • Verified local + Docker builds

Dev Environment

  • OS: Ubuntu 22.04 (Codespaces) / WSL (Ubuntu 22.04)
  • Node.js: v22.17.0
  • pnpm: v9.12.0
  • Package manager: pnpm
  • Supabase CLI: 1.200.3

If you need a more concise or Conventional Commits–style summary, let me know.

@vercel
Copy link

vercel bot commented Sep 19, 2025

@sujiiiiit is attempting to deploy a commit to the Supabase Team on Vercel.

A member of the Team first needs to authorize it.

@sujiiiiit sujiiiiit mentioned this pull request Sep 19, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sujiiiiit