Implementation:FlowiseAI Flowise Pnpm Lock
| Knowledge Sources | |
|---|---|
| Domains | Dependencies, Package Management, Build Configuration |
| Last Updated | 2026-02-12 07:00 GMT |
Overview
The pnpm-lock.yaml file is the project's dependency lockfile that pins exact versions of all npm packages used across the Flowise monorepo.
Description
This file is automatically generated and maintained by pnpm (the package manager used by Flowise). It uses lockfile version 9.0 and records the exact resolved versions of every direct and transitive dependency in the project. The lockfile ensures deterministic, reproducible installations across different environments and CI systems. It also contains the project-level overrides section that forces specific versions of critical packages (such as openai, @langchain/core, axios, protobufjs, and security-patched packages like braces, cross-spawn, and ws) to be used across all workspaces regardless of what individual packages request.
Usage
This file should never be manually edited. It is updated automatically when running pnpm install or pnpm add/remove commands. It must be committed to version control to ensure all developers and CI pipelines use identical dependency versions.
Code Reference
Source Location
- Repository: FlowiseAI Flowise
- File: pnpm-lock.yaml
- Lines: 1-42672
File Header
lockfileVersion: '9.0'
settings:
autoInstallPeers: true
excludeLinksFromLockfile: false
overrides:
'@google/generative-ai': ^0.24.0
'@grpc/grpc-js': ^1.10.10
'@langchain/core': 0.3.61
'@qdrant/openapi-typescript-fetch': 1.2.6
openai: 4.96.0
protobufjs: 7.4.0
axios: 1.12.0
body-parser: 2.0.2
braces: 3.0.3
cross-spawn: 7.0.6
form-data: 4.0.4
glob-parent: 6.0.2
http-proxy-middleware: 3.0.3
json5: 2.2.3
nth-check: 2.1.1
path-to-regexp: 0.1.12
prismjs: 1.29.0
rollup: 4.45.0
semver: 7.7.1
set-value: 4.1.0
solid-js: 1.9.7
tar-fs: 3.1.0
unset-value: 2.0.1
webpack-dev-middleware: 7.4.2
ws: 8.18.3
xlsx: https://cdn.sheetjs.com/xlsx-0.20.3/xlsx-0.20.3.tgz
Import
# This file is not imported in code. It is consumed by the pnpm package manager.
# To install dependencies using this lockfile:
pnpm install --frozen-lockfile
I/O Contract
Inputs
| Name | Type | Required | Description |
|---|---|---|---|
| package.json (root) | JSON | Yes | The root package.json defining workspaces, dependencies, and overrides |
| package.json (packages/*) | JSON | Yes | Individual workspace package.json files defining per-package dependencies |
Outputs
| Name | Type | Description |
|---|---|---|
| Deterministic node_modules | Directory tree | Exact dependency tree installed by pnpm based on the lockfile contents |
Key Configuration
Settings
| Setting | Value | Description |
|---|---|---|
| lockfileVersion | 9.0 | The pnpm lockfile format version |
| autoInstallPeers | true | Automatically installs peer dependencies |
| excludeLinksFromLockfile | false | Linked packages are included in the lockfile |
Notable Overrides
The overrides section forces specific versions across all workspaces, typically for:
- Security patches: braces (3.0.3), cross-spawn (7.0.6), ws (8.18.3), semver (7.7.1)
- API compatibility: openai (4.96.0), @langchain/core (0.3.61), @google/generative-ai (^0.24.0)
- Stability: axios (1.12.0), protobufjs (7.4.0), rollup (4.45.0)
Usage Examples
Basic Usage
# Install all dependencies with the exact versions from the lockfile
pnpm install --frozen-lockfile
# Update the lockfile after changing a package.json
pnpm install