Skip to content
Latchkey

pnpm install: Usage, Options & Common CI Errors

Install dependencies via the pnpm content-addressable store.

pnpm install resolves dependencies, populates the global store, and links a strict node_modules from pnpm-lock.yaml. In CI it should refuse to modify the lockfile.

What it does

Fetches packages into the shared content-addressable store and hard-links them into a non-flat node_modules (so packages can only import what they declare). It updates pnpm-lock.yaml as needed unless --frozen-lockfile is set, which pnpm enables automatically in CI environments.

Common usage

.github/workflows/ci.yml
pnpm install                    # install everything
pnpm install --frozen-lockfile  # CI: fail if lockfile would change
pnpm install --prod             # skip devDependencies
pnpm install --offline          # store-only, no network

Common CI error: outdated lockfile

CI fails with "ERR_PNPM_OUTDATED_LOCKFILE / Cannot install with \"frozen-lockfile\" because pnpm-lock.yaml is not up to date with package.json". The manifest changed without regenerating the lockfile. Run pnpm install locally and commit pnpm-lock.yaml; keep CI frozen.

Terminal
# locally:
pnpm install
git add pnpm-lock.yaml && git commit -m "update pnpm lockfile"

Key options

FlagEffect
--frozen-lockfileError if the lockfile would change (CI default)
--prodSkip devDependencies
--offlineUse only the store, no network
--shamefully-hoistFlatten node_modules for non-strict tools

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →