CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-pnpm

Fast, disk space efficient package manager for Node.js with hard links, symlinks, and monorepo support

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

package-inspection.mddocs/

Package Inspection and Analysis

Inspect installed packages, check for outdated dependencies, audit security vulnerabilities, and analyze package relationships with pnpm's comprehensive analysis tools.

Capabilities

List Installed Packages

Display installed packages with various output formats and filtering options.

/**
 * List installed packages with dependency tree
 * Shows package versions, locations, and relationships
 */
pnpm list [pkg] [options]
pnpm ls [pkg] [options]

Options:

--depth <number>         # Limit dependency tree depth
--long                   # Show extended package information
--parseable              # Machine-readable output
--global                 # List global packages
--recursive              # List in all workspace packages
--filter <pattern>       # Filter workspace packages
--json                   # JSON output format
--prod                   # Production dependencies only
--dev                    # Development dependencies only
--no-optional           # Exclude optional dependencies

Usage Examples:

# List all packages
pnpm list

# List specific package
pnpm list react

# List with limited depth
pnpm list --depth=1

# List in long format
pnpm list --long

# List global packages
pnpm list --global

# List in all workspaces
pnpm list --recursive

# List production dependencies only
pnpm list --prod

# JSON output
pnpm list --json

Extended Package Listing

Show detailed package information including descriptions, sizes, and metadata.

/**
 * List packages with extended information
 * Includes descriptions, repository URLs, and package sizes
 */
pnpm ll [options]
pnpm la [options]

Usage Examples:

# Extended listing
pnpm ll

# Extended listing with filtering
pnpm ll --filter "@myorg/*"

# Extended global listing
pnpm ll --global

Package Dependency Analysis

Analyze why a package is installed and show its dependency chain.

/**
 * Show why a package is installed
 * Displays dependency chain from root to target package
 */
pnpm why <pkg> [options]

Options:

--recursive              # Check in all workspace packages
--global                 # Check global packages
--json                   # JSON output format
--long                   # Show detailed information

Usage Examples:

# Show why package is installed
pnpm why lodash

# Show in all workspaces
pnpm why --recursive react

# Show global dependency reasons
pnpm why --global typescript

# JSON output
pnpm why --json express

Update Analysis

Check Outdated Packages

Identify packages that have newer versions available.

/**
 * Check for outdated packages
 * Shows current vs latest versions with update information
 */
pnpm outdated [pkg] [options]

Options:

--recursive              # Check in all workspace packages
--global                 # Check global packages
--long                   # Show extended information
--json                   # JSON output format
--compatible             # Show only compatible updates
--filter <pattern>       # Filter workspace packages

Usage Examples:

# Check all outdated packages
pnpm outdated

# Check specific package
pnpm outdated react

# Check in all workspaces
pnpm outdated --recursive

# Check global packages
pnpm outdated --global

# Show only compatible updates
pnpm outdated --compatible

# JSON output for automation
pnpm outdated --json

License Information

Show license information for installed packages.

/**
 * Show licenses of installed packages
 * Displays license types and compliance information
 */
pnpm licenses <command> [options]

Available Commands:

  • list - List all package licenses
  • ls - Alias for list

Options:

--recursive              # Check in all workspace packages
--json                   # JSON output format
--long                   # Show detailed license information

Usage Examples:

# List all licenses
pnpm licenses list

# List in JSON format
pnpm licenses list --json

# List in all workspaces
pnpm licenses list --recursive

# Detailed license information
pnpm licenses list --long

Security Analysis

Security Audit

Perform security vulnerability audits on installed packages.

/**
 * Run security vulnerability audit
 * Checks packages against known vulnerability databases
 */
pnpm audit [options]

Options:

--recursive              # Audit in all workspace packages
--json                   # JSON output format
--audit-level <level>    # Set severity level (low, moderate, high, critical)
--fix                    # Automatically fix vulnerabilities where possible
--dry-run               # Show what would be fixed without applying changes

Usage Examples:

# Basic security audit
pnpm audit

# Audit all workspaces
pnpm audit --recursive

# JSON output for CI/CD
pnpm audit --json

# Audit with specific severity level
pnpm audit --audit-level high

# Auto-fix vulnerabilities
pnpm audit --fix

# Preview fixes without applying
pnpm audit --fix --dry-run

Audit Output Formats

Understanding audit output and severity levels:

# Severity levels
critical     # Immediate action required
high         # Should be addressed soon
moderate     # Should be addressed when convenient
low          # Informational, consider addressing

# Audit summary shows:
- Total vulnerabilities by severity
- Packages requiring updates
- Suggested fix commands
- Manual review items

Package Information

Package Details

Get detailed information about specific packages from the registry.

# Show package information (npm compatibility commands)
pnpm show <pkg>[@version] [field]
pnpm view <pkg>[@version] [field]
pnpm info <pkg>[@version] [field]

Usage Examples:

# Show package information
pnpm show react

# Show specific version
pnpm show react@18.2.0

# Show specific field
pnpm show react version
pnpm show react dependencies

# Show all versions
pnpm show react versions --json

Package Search

Search for packages in the registry.

# Search packages (npm compatibility)
pnpm search <query>
pnpm s <query>
pnpm se <query>

Usage Examples:

# Search for packages
pnpm search react testing

# Short form
pnpm s "http client"

Workspace Analysis

Workspace Package Overview

Analyze packages across workspace for consistency and issues.

# List all workspace packages
pnpm list --recursive --depth=0

# Show workspace package locations
pnpm list --recursive --long

# Check for inconsistent dependencies
pnpm outdated --recursive

# Audit all workspace packages
pnpm audit --recursive

Dependency Relationship Analysis

Understand dependencies between workspace packages.

# Show workspace dependency graph
pnpm list --recursive --json | # process for visualization

# Find packages depending on specific package
pnpm why --recursive <package-name>

# Check version consistency across workspace
pnpm outdated --recursive --json

Output Formats and Parsing

JSON Output

Most inspection commands support JSON output for programmatic processing:

# JSON output examples
pnpm list --json                 # Dependency tree as JSON
pnpm outdated --json            # Outdated packages as JSON
pnpm audit --json               # Audit results as JSON
pnpm licenses list --json       # License information as JSON

Parseable Output

Some commands support parseable output for scripting:

# Parseable output examples
pnpm list --parseable           # Tab-separated values
pnpm --parseable <command>      # Machine-readable format

Long Format Output

Extended information display:

# Long format examples
pnpm list --long                # Extended package information
pnpm ll                         # Long listing by default
pnpm outdated --long           # Detailed update information

Automation and CI/CD

Exit Codes

Commands return appropriate exit codes for automation:

# Exit codes
0    # Success, no issues found
1    # Issues found (vulnerabilities, outdated packages, etc.)
2    # Command error or invalid usage

CI/CD Integration Examples

# Check for outdated packages in CI
if ! pnpm outdated --json > outdated.json; then
  echo "Outdated packages found"
  cat outdated.json
fi

# Security audit in CI pipeline
pnpm audit --audit-level moderate --json > audit.json
if [ $? -ne 0 ]; then
  echo "Security vulnerabilities found"
  exit 1
fi

# License compliance check
pnpm licenses list --json > licenses.json
# Process licenses.json for compliance

Filtering for Large Workspaces

Efficiently analyze large workspaces:

# Target specific package types
pnpm outdated --filter "@myorg/web-*"
pnpm audit --filter "frontend-*"

# Check only changed packages
pnpm list --filter "...[HEAD~1]"
pnpm outdated --filter "[origin/main]"

# Production dependency analysis
pnpm list --prod --recursive
pnpm audit --audit-level high --recursive

Performance Considerations

Large Workspace Optimization

Optimize inspection commands for large workspaces:

# Limit depth for faster execution
pnpm list --depth=1 --recursive

# Use filtering to reduce scope
pnpm outdated --filter "changed-packages"

# Parallel execution where supported
pnpm audit --recursive            # Runs in parallel across packages

Caching Results

Some commands cache results for improved performance:

# Registry information is cached
pnpm show <package>               # Cached for subsequent calls
pnpm outdated                     # Uses cached registry data

# Clear cache if needed
pnpm cache clean

Install with Tessl CLI

npx tessl i tessl/npm-pnpm

docs

configuration.md

index.md

package-inspection.md

package-management.md

script-running.md

store-management.md

workspace-management.md

tile.json