Skip to content

docs(only-allow-pnpm): added option to enforce pnpm with package.json and .npmrc #691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

docs(only-allow-pnpm): added option to enforce pnpm with package.json and .npmrc #691

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
873885b
added alternative to only allow pnpm
karthikappiah Jul 21, 2025
4db6426
added more options for only-allow
karthikappiah Jul 21, 2025
9a1f35e
replaced certain words with better synonyms
karthikappiah Jul 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 57 additions & 11 deletions docs/only-allow-pnpm.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,67 @@
---
id: only-allow-pnpm
title: Only allow pnpm
title: Only Allow PNPM
---

When you use pnpm on a project, you don't want others to accidentally run
`npm install` or `yarn`. To prevent devs from using other package managers,
you can add the following `preinstall` script to your `package.json`:
When many developers are working on the same project together, you need a failsafe in case someone accidentally runs commands with another package manager (like NPM, Yarn, or Bun).

```json
To prevent dependency management conflicts between package managers:

1. Create a file, if it doesn't already exist, named `.npmrc` at the root of your project.
2. Toggle the following configuration variable in your `.npmrc` on:

```
engine-strict=true
```

3. Specify the following fields in your `package.json`:

```
{
"scripts": {
"preinstall": "npx only-allow pnpm"
}
"devEngines": {
"runtime": {
"name": "node",
"onFail": "error"
},
"packageManager": {
"name": "pnpm",
"version": "10.13.1",
"onFail": "error"
}
},
"engines": {
"node": ">=18.18.0",
"pnpm": ">=10.0.0"
},
}
```

Now, whenever someone runs `npm install` or `yarn`, they'll get an
error instead and installation will not proceed.
- Now, when you run `npm i`, `npm i -D` (or an equivalent), these commands return this error:

```
username@hostname some-project % npm i -D package
npm error code EBADDEVENGINES
npm error EBADDEVENGINES The developer of this package has specified the following through devEngines
npm error EBADDEVENGINES Invalid engine "packageManager"
npm error EBADDEVENGINES Invalid name "pnpm" does not match "npm" for "packageManager"
npm error EBADDEVENGINES {
npm error EBADDEVENGINES current: { name: 'npm', version: '10.0.0' },
npm error EBADDEVENGINES required: { name: 'pnpm', onFail: 'error' }
npm error EBADDEVENGINES }
npm error A complete log of this run can be found in: /Users/username/.npm/_logs/2021-08-21T00_00_00_000Z-debug-0.log
```

---

Alternatively, in your `package.json`, you can specify the following `preinstall` script:

```
{
"scripts": {
"preinstall": "npx only-allow pnpm"
}
}
```

If you use npm v7, use `npx -y` instead.
- You may also install the package `only-allow` as a dev dependency.
- For NPM version 7+, you may need to run `npx -y only-allow pnpm` instead.