pnpm install: Usage, Options & Common CI Errors
Install dependencies via the pnpm content-addressable store.
pnpm install resolves dependencies, populates the global store, and links a strict node_modules from pnpm-lock.yaml. In CI it should refuse to modify the lockfile.
What it does
Fetches packages into the shared content-addressable store and hard-links them into a non-flat node_modules (so packages can only import what they declare). It updates pnpm-lock.yaml as needed unless --frozen-lockfile is set, which pnpm enables automatically in CI environments.
Common usage
pnpm install # install everything
pnpm install --frozen-lockfile # CI: fail if lockfile would change
pnpm install --prod # skip devDependencies
pnpm install --offline # store-only, no networkCommon CI error: outdated lockfile
CI fails with "ERR_PNPM_OUTDATED_LOCKFILE / Cannot install with \"frozen-lockfile\" because pnpm-lock.yaml is not up to date with package.json". The manifest changed without regenerating the lockfile. Run pnpm install locally and commit pnpm-lock.yaml; keep CI frozen.
# locally:
pnpm install
git add pnpm-lock.yaml && git commit -m "update pnpm lockfile"Key options
| Flag | Effect |
|---|---|
| --frozen-lockfile | Error if the lockfile would change (CI default) |
| --prod | Skip devDependencies |
| --offline | Use only the store, no network |
| --shamefully-hoist | Flatten node_modules for non-strict tools |