Passa al contenuto principale
Versione: Prossimo

pnpm install

Alias: i

pnpm install viene utilizzato per installare tutte le dipendenze di un progetto.

In un ambiente CI, l'installazione fallisce se un lockfile è presente ma necessita di un aggiornamento.

All'interno di uno spazio di lavoro, pnpm install installa tutte le dipendenze in tutti i progetti. Se vuoi disabilitare questo comportamento, imposta l'opzione recursive-install a false.

TL;DR

ComandoSignificato
pnpm i --offlineInstalla offline solo dall'archivio
pnpm i --frozen-lockfilepnpm-lock.yaml non viene aggiornato
pnpm i --lockfile-onlySolo pnpm-lock.yaml viene aggiornato

Options for filtering dependencies

Without a lockfile, pnpm has to create one, and it must be consistent regardless of dependencies filtering, so running pnpm install --prod on a directory without a lockfile would still resolve the dev dependencies, and it would error if the resolution is unsuccessful. The only exception for this rule are link: dependencies.

Without --frozen-lockfile, pnpm will check for outdated information from file: dependencies, so running pnpm install --prod without --frozen-lockfile on an environment where the target of file: has been removed would error.

--prod, -P

  • Predefinito: false
  • Tipo: Booleano

If true, pnpm will not install any package listed in devDependencies and will remove those insofar they were already installed. If false, pnpm will install all packages listed in devDependencies and dependencies.

--dev, -D

Only devDependencies are installed and dependencies are removed insofar they were already installed.

--no-optional

Le dipendenze opzionali (optionalDependencies) non vengono installate.

--no-runtime

Added in: v11.1.0

Skip installing runtime entries (e.g. Node.js downloaded via devEngines.runtime). The lockfile is left untouched, so frozen installs still validate; only the runtime fetch and bin-linking are skipped.

This is useful in CI matrices where the runtime is provisioned externally (e.g. via pnpm runtime -g set node <version>) before pnpm install runs.

This can also be set via the runtime=false config in pnpm-workspace.yaml.

Opzioni

--force

Force reinstall dependencies: refetch packages modified in store, recreate a lockfile and/or modules directory created by a non-compatible version of pnpm. Install all optionalDependencies even they don't satisfy the current environment(cpu, os, arch).

--offline

  • Predefinito: false
  • Tipo: Booleano

If true, pnpm will use only packages already available in the store. If a package won't be found locally, the installation will fail.

--prefer-offline

  • Predefinito: false
  • Tipo: Booleano

Se true, i controlli di obsolescenza per i dati memorizzati nella cache verranno ignorati, ma i dati mancanti verranno richiesti dal server. Per forzare la modalità offline completa, utilizzare --offline.

--no-lockfile

Don't read or generate a pnpm-lock.yaml file.

--lockfile-only

  • Predefinito: false
  • Tipo: Booleano

Se utilizzato, aggiorna solo pnpm-lock.yaml e package.json. Non viene scritto nulla nella cartella node_modules.

--fix-lockfile

Correggi automaticamente le voci del file di blocco non funzionanti.

--update-checksums

Added in: v11.4.0

Refresh the locked tarball integrity values from what the registry currently serves, when a downloaded tarball's hash doesn't match the integrity recorded in pnpm-lock.yaml.

By default, since v11.4.0, an integrity mismatch is a hard failure: pnpm install exits with ERR_PNPM_TARBALL_INTEGRITY rather than silently re-resolving from the registry and overwriting the locked integrity. This protects projects that ship a committed lockfile from a compromised registry, proxy, or republished version substituting attacker-controlled content on a clean machine.

--update-checksums is the narrowly-scoped opt-in for the legitimate case (e.g. a registry rewrote its tarballs and you've verified the new bytes are correct). A warning still prints when the bypass takes effect so the operation is auditable.

--force and pnpm update deliberately do not bypass the integrity check. --frozen-lockfile is unchanged, and --fix-lockfile keeps its documented purpose (filling in missing lockfile entries) and is also not a bypass.

--frozen-lockfile

  • Predefinito:
    • Per non CI: false
    • Per CI: true, se è presente un lockfile
  • Tipo: Booleano

Se true, pnpm non genera un lockfile e l'installazione fallisce se il lockfile è fuori sincronizzazione con il manifesto / un aggiornamento è necessario o nessun lockfile è presente.

This setting is true by default in CI environments. The following code is used to detect CI environments:

https://github.com/watson/ci-info/blob/44e98cebcdf4403f162195fbcf90b1f69fc6e047/index.js#L54-L61
exports.isCI = !!(
  env.CI || // Travis CI, CircleCI, Cirrus CI, GitLab CI, Appveyor, CodeShip, dsari
  env.CONTINUOUS_INTEGRATION || // Travis CI, Cirrus CI
  env.BUILD_NUMBER || // Jenkins, TeamCity
  env.RUN_ID || // TaskCluster, dsari
  exports.name ||
  false
)

--merge-git-branch-lockfiles

Merge all git branch lockfiles. Read more about git branch lockfiles.

--reporter=<name>

  • Predefinito:
    • Per TTY stdout: default
    • Per stdout non TTY: append-only
  • Type: default, append-only, ndjson, silent

Allows you to choose the reporter that will log debug info to the terminal about the installation progress.

  • silent - nessun output viene registrato nella console, neanche degli errori fatali
  • default - il segnalatore predefinito quando lo stdout è TTY
  • append-only - l'output viene sempre aggiunto alla fine. Non vengono eseguite manipolazioni del cursore
  • ndjson - il segnalatore più verboso. Prints all logs in ndjson format

If you want to change what type of information is printed, use the loglevel setting.

--shamefully-hoist

  • Predefinito: false
  • Tipo: Booleano

Creates a flat node_modules structure, similar to that of npm or yarn. WARNING: This is highly discouraged.

--ignore-scripts

  • Predefinito: false
  • Tipo: Booleano

Do not execute any scripts defined in the project package.json and its dependencies.

--filter <package_selector>

Ulteriori informazioni sui filtri.

--resolution-only

Re-runs resolution: useful for printing out peer dependency issues.

--cpu=<name>

Added in: v10.14.0

Override CPU architecture of native modules to install. Acceptable values are same as cpu field of package.json, which comes from process.arch.

--os=<name>

Added in: v10.14.0

Override OS of native modules to install. Acceptable values are same as os field of package.json, which comes from process.platform.

--libc=<name>

Added in: v10.14.0

Override libc of native modules to install. Acceptable values are same as libc field of package.json.