Implementation:TobikoData Sqlmesh Pnpm Lockfile

Knowledge Sources	TobikoData_Sqlmesh
Domains	Package_Management, Build_System, Dependency_Management
Last Updated	2026-02-07 20:00 GMT

Overview

PNPM lockfile defining exact dependency versions for reproducible builds.

Description

pnpm-lock.yaml is the dependency lockfile generated by the pnpm package manager (version 9.0). It ensures deterministic dependency resolution by recording the exact versions of all packages, including transitive dependencies, used in the SQLMesh project.

The lockfile serves as the single source of truth for dependency versions across the repository's workspace, which includes multiple sub-packages (web client, VSCode extension, bus system). It is automatically generated and should not be manually edited.

Key characteristics:

Workspace Structure: Defines importers for root, vscode/bus, and vscode/extension
Auto-Install Peers: Peer dependencies are automatically installed
Linked Dependencies: Links between workspace packages are preserved in the lockfile

Usage

This file is used by pnpm during `pnpm install` to ensure all developers and CI systems install identical dependency versions, preventing "works on my machine" issues.

Code Reference

Source Location

Repository: TobikoData_Sqlmesh
File: pnpm-lock.yaml

Signature

lockfileVersion: '9.0'

settings:
  autoInstallPeers: true
  excludeLinksFromLockfile: false

importers:
  .: # Root workspace
    devDependencies:
      prettier: ^3.6.2

  vscode/bus: # VSCode bus package
    devDependencies:
      typescript: ^5.8.3

  vscode/extension: # VSCode extension
    dependencies:
      '@duckdb/node-api': 1.3.2-alpha.25
      # ... more dependencies

Import

# Used automatically by pnpm
pnpm install  # Reads pnpm-lock.yaml to install dependencies

I/O Contract

Inputs

Name	Type	Required	Description
package.json	File	Yes	Package manifest with dependency ranges
pnpm-workspace.yaml	File	Yes	Workspace configuration

Outputs

Name	Type	Description
node_modules	Directory	Installed packages with exact versions
Dependency Graph	Internal	Resolved dependency tree

Implementation Details

Lockfile Version

Format: PNPM lockfile version 9.0
Compatibility: Requires pnpm >= 9.0

Settings

autoInstallPeers: true - Peer dependencies automatically installed
excludeLinksFromLockfile: false - Workspace links included in lockfile

Workspace Structure

Root Workspace (.)

prettier: ^3.6.2 (code formatting)

vscode/bus

typescript: ^5.8.3 (TypeScript compiler)

vscode/extension

@duckdb/node-api: 1.3.2-alpha.25 (DuckDB Node.js bindings)
@types/fs-extra: ^11.0.4 (TypeScript types)
@types/shell-quote: ^1.7.5 (TypeScript types)

Dependency Resolution

PNPM uses a content-addressable storage system where:

All packages stored in a global store (typically `~/.pnpm-store`)
`node_modules` contains symlinks to the global store
Prevents duplication across projects
Ensures strict dependency isolation

File Characteristics

Size: 14,475 lines
Format: YAML
Generation: Auto-generated by `pnpm install` or `pnpm update`
Version Control: Should be committed to git for reproducibility

Usage Examples

# Install dependencies from lockfile
pnpm install

# Update dependencies and regenerate lockfile
pnpm update

# Add new dependency and update lockfile
pnpm add package-name

# Install in CI (frozen lockfile - fails if out of sync)
pnpm install --frozen-lockfile

# Verify lockfile is up to date
pnpm install --lockfile-only

Related Pages

Page Connections

Double-click a node to navigate. Hold to expand connections.

Principle

Implementation

Heuristic

Environment