Jump to content

Connect SuperML | Leeroopedia MCP: Equip your AI agents with best practices, code verification, and debugging knowledge. Powered by Leeroo — building Organizational Superintelligence. Contact us at founders@leeroo.com.

Implementation:Langfuse Langfuse PNPM Lockfile

From Leeroopedia
Knowledge Sources
Domains Dependencies, Build
Last Updated 2026-02-14 00:00 GMT

Overview

The pnpm-lock.yaml file is the auto-generated dependency lockfile for the Langfuse monorepo, ensuring deterministic and reproducible dependency resolution across all packages.

Description

This lockfile is managed by pnpm and records the exact resolved versions of every direct and transitive dependency in the Langfuse monorepo. It uses lockfile version 9.0 and is configured with autoInstallPeers: true and excludeLinksFromLockfile: false.

Key characteristics:

  • Size: 28,063 lines, reflecting the substantial dependency tree of a full-stack Next.js + Express.js monorepo with ClickHouse, Redis, S3, and numerous authentication provider integrations.
  • Lockfile Version: 9.0 (pnpm v9.x format).
  • Dependency Overrides: Includes version overrides for security-sensitive packages such as nanoid, katex, tar-fs, rollup, @types/node-fetch, glob, and qs.
  • Patched Dependencies: Contains a patch for next-auth@4.24.13 applied via pnpm's patching mechanism.
  • Workspace Structure: The importers section maps workspace packages (root, web, worker, packages/shared, etc.) to their resolved dependency versions.

This file should never be manually edited. It is regenerated by running pnpm install or pnpm i.

Usage

This lockfile is used automatically by pnpm during dependency installation. Developers interact with it by:

  • Running pnpm install to install dependencies at the exact versions specified.
  • Committing changes to version control after adding, removing, or updating dependencies.
  • Reviewing lockfile changes in pull requests to verify expected dependency updates.

Code Reference

Source Location

Signature

lockfileVersion: '9.0'

settings:
  autoInstallPeers: true
  excludeLinksFromLockfile: false

overrides:
  nanoid: ^3.3.8
  katex: ^0.16.21
  tar-fs: ^2.1.2
  rollup@^4.0.0: ^4.22.4
  '@types/node-fetch': ^2.6.13
  glob: ^10.5.0
  qs: 6.14.1

patchedDependencies:
  next-auth@4.24.13:
    hash: g7rpu2soo4na5splvh6zgnobma
    path: patches/next-auth@4.24.13.patch

Import

# Not importable. This file is consumed by the pnpm package manager.
# Regenerate via: pnpm install

I/O Contract

Inputs

Name Type Required Description
package.json files JSON Yes The package.json files across the monorepo workspace define the desired dependency constraints
pnpm-workspace.yaml YAML Yes Defines the workspace packages that pnpm resolves together

Outputs

Name Type Description
Resolved dependency tree YAML The complete set of exact dependency versions, integrity hashes, and resolution metadata for deterministic installs

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment
Retrieved from "https://leeroopedia.com/index.php?title=Implementation:Langfuse_Langfuse_PNPM_Lockfile&oldid=8305"