Improvements for JavaScript developers in Snyk Open Source 🎉
Over the coming weeks we will be releasing a number of exciting improvements for JavaScript developers across the npm, pnpm, and Yarn ecosystems.
✨ pnpm general availability (GA)
pnpm is a fast and efficient JavaScript package manager often used for large monorepos. We’re excited that our support for pnpm will be generally available across CLI and SCM integrations in October 2025.
Starting on September 10th, we will begin gradually rolling out support to all customers. During this time, Snyk Projects previously misidentified as npm due to the presence of a package.json will be migrated to pnpm, maintaining all history and ignores.
Here's a summary of what's supported, but please keep an eye on our User Docs for more details:
pnpm versions 7-10, including workspaces
All Snyk SCM integrations
Snyk CLI
Snyk CI plug-ins
PR Checks
Fix PRs
✨ npm & Yarn improvements (GA)
npm and Yarn are two of the most extensively used package managers in the JavaScript ecosystem.
Over the next month, we will be gradually rolling out some minor improvements to how we scan Projects from these ecosystems in our SCM integrations—improving accuracy and offering consistency with our CLI.
Stay tuned for the following changes:
Snyk now supports using multiple versions of the same dependency with Yarn through our SCM integrations. Previously, this would lead to errors.
Snyk now correctly throws errors for out-of-sync Yarn manifest files using resolutions, when running under the default strict out of sync mode. Previously, this setting would get ignored for Yarn resolutions.
Snyk now supports dependency aliases with Yarn and npm through our SCM integrations. Previously, aliases were not supported and could lead to false negatives.
Snyk now offers more accurate results for npm projects using top level Bundled Dependencies.
These improvements have the potential to change the number of dependencies and issues detected in the project.
Johann Sutherland