chore: switch to pnpm

[wKovacs64]

This pull request migrates the project from npm to pnpm as the primary package manager. It updates all relevant continuous integration and deployment workflows, scripts, and configuration files to use pnpm instead of npm, ensuring a consistent and more efficient dependency management process.

CI/CD Workflow Migration:

• All GitHub Actions workflows (ci.yml, cd.yml, bundlewatch-pr.yml, bundlewatch-push.yml) now install and use pnpm for dependency installation, caching, building, and running scripts instead of npm. This includes using pnpm dlx for CLI tools and updating the node setup cache to pnpm. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

Project Configuration Updates:

• The package.json now specifies pnpm as the package manager and updates all scripts and pre-scripts to use pnpm commands instead of npm. [1] [2]
• The .prettierignore file is updated to ignore the pnpm lockfile (pnpm-lock.yaml).

These changes ensure the project is fully transitioned to pnpm for improved performance and reliability in dependency management.

Summary by CodeRabbit

• Chores
  • Transitioned project tooling from npm to pnpm across CI/CD workflows and local scripts.
  • Updated build, test, and release pipelines to run with pnpm equivalents.
  • Added project package manager configuration for pnpm.
  • Expanded ignored files to include pnpm lockfile in formatting tooling.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 98c8c6b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

The pull request migrates the project's package manager from npm to pnpm. Updates include adding pnpm installation steps to GitHub Actions workflows, switching cache keys to pnpm, replacing npm/npx commands with pnpm equivalents, adding packageManager: "pnpm@10.25.0" to package.json, and adding pnpm-lock.yaml to .prettierignore.

Changes

Cohort / File(s)	Change Summary
GitHub Actions Workflows ​.github/workflows/bundlewatch-pr.yml, ​.github/workflows/bundlewatch-push.yml, ​.github/workflows/cd.yml, ​.github/workflows/ci.yml	Added explicit pnpm installation steps; switched Node cache/config from npm to pnpm; replaced npm install → pnpm install, npm run <script> → pnpm run <script>; replaced npx usages with pnpm exec or pnpm dlx variants; updated Playwright and tooling invocations to use pnpm.
Configuration Files ​.prettierignore	Added pnpm-lock.yaml to ignored files.
Package Configuration package.json	Added top-level packageManager field (pnpm@10.25.0); updated lifecycle and script invocations to use pnpm (prebuild/prepublishOnly, pretest variants, changeset/publish-related scripts), and replaced prior npm/run-s patterns with pnpm command sequences.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Changes are repetitive and focused on replacing npm/npx with pnpm equivalents across CI and scripts.
• Review attention:
  • Verify correct pnpm command forms (pnpm install, pnpm run, pnpm exec, pnpm dlx) and flags in each workflow step.
  • Confirm cache keys and setup actions are correctly configured for pnpm.
  • Ensure packageManager: "pnpm@10.25.0" is the intended version and matches repository lockfile.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: switch to pnpm' directly and concisely describes the main change—migrating from npm to pnpm as the package manager across workflows and configuration files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch pnpm

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d14c060 and 98c8c6b.

⛔ Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• .github/workflows/bundlewatch-pr.yml (1 hunks)
• .github/workflows/bundlewatch-push.yml (1 hunks)
• .github/workflows/cd.yml (1 hunks)
• .github/workflows/ci.yml (7 hunks)
• .prettierignore (1 hunks)
• package.json (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• .prettierignore
• .github/workflows/cd.yml
• package.json

🔇 Additional comments (3)

.github/workflows/bundlewatch-pr.yml (1)

14-27: Migration to pnpm is correct and consistent.

The pnpm setup step is properly placed before Node setup (ensuring pnpm is available for cache configuration), and all npm commands have been correctly replaced with pnpm equivalents. The cache configuration switch from npm to pnpm is appropriate.

.github/workflows/bundlewatch-push.yml (1)

15-28: Migration to pnpm is correct and consistent.

The pnpm setup, cache configuration, and command replacements all follow the same pattern as bundlewatch-pr.yml and are correctly implemented.

.github/workflows/ci.yml (1)

24-26: Comprehensive pnpm migration across all CI jobs is correct and consistent.

All six jobs (prettier, lint, typecheck, test, playwright, release) have been correctly migrated from npm to pnpm:

• Step ordering: pnpm/action-setup@v4 is consistently placed before setup-node in every job, ensuring pnpm is available for cache configuration.
• Cache strategy: All jobs switched from cache: npm to cache: pnpm.
• Script execution: All npm run <script> commands correctly replaced with pnpm run <script>.
• Tool execution: npx commands properly replaced with pnpm dlx (for external tools like @arethetypeswrong/cli) and pnpm exec (for node_modules binaries like playwright).
• Changesets integration: The release job correctly specifies pnpm run commands for version and publish operations.

No syntax errors or logical issues detected.

Also applies to: 30-30, 34-34, 37-37, 47-49, 53-53, 57-57, 60-60, 70-72, 76-76, 80-80, 83-83, 86-86, 89-89, 99-101, 105-105, 109-109, 112-112, 128-130, 134-134, 138-138, 141-141, 151-151, 155-155, 178-180, 184-184, 188-188, 194-195

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 53b7c42 and d14c060.

⛔ Files ignored due to path filters (2)

• package-lock.json is excluded by !**/package-lock.json
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (6)

• .github/workflows/bundlewatch-pr.yml (1 hunks)
• .github/workflows/bundlewatch-push.yml (1 hunks)
• .github/workflows/cd.yml (1 hunks)
• .github/workflows/ci.yml (7 hunks)
• .prettierignore (1 hunks)
• package.json (2 hunks)

🔇 Additional comments (7)

.prettierignore (1)

7-7: LGTM!

Adding pnpm-lock.yaml to .prettierignore is correct and follows the same pattern as package-lock.json for npm.

package.json (2)

81-81: LGTM!

The packageManager field with pnpm@10.25.0 is correctly set. pnpm 10.25.0 was published 3 days ago, and pnpm 10.25 improves certificate handling, adds a bare pnpm init, and ships several quality-of-life fixes.

---

104-104: Do not remove npm-run-all2 — it is actively used.

The npm-run-all2 package is still actively referenced in the build script at package.json line 56: "build": "run-s --silent build:package-info build:lib build:browser build:docs". The run-s utility is a direct dependency of this package and continues to be used for sequential task execution. Removing it would break the build process.

.github/workflows/bundlewatch-pr.yml (1)

14-27: LGTM!

All pnpm migration changes are correct: pnpm setup step, cache strategy switch, and command substitutions (pnpm install and pnpm run build).

.github/workflows/bundlewatch-push.yml (1)

15-28: LGTM!

Consistent with the bundlewatch-pr.yml updates: pnpm setup, cache configuration, and command replacements are all correct.

.github/workflows/cd.yml (1)

29-45: LGTM!

All pnpm migration changes are correct, including the proper conversion of npx pkg-pr-new publish to pnpm dlx pkg-pr-new publish.

.github/workflows/ci.yml (1)

24-37: LGTM!

All workflow jobs are correctly migrated to pnpm: setup steps, cache configuration, and command replacements are consistent throughout. The use of pnpm dlx for attw and pnpm exec for playwright commands is correct.

Note: The version and publish fields in the changesets action (lines 194–195) depend on the scripts being correctly defined in package.json. Given the --silent flag issue identified in package.json, verify that the changeset scripts execute correctly once that issue is resolved.

Also applies to: 47-60, 70-86, 99-112, 128-155, 178-195