Implementation:FlowiseAI Flowise Pnpm Lock

Knowledge Sources	FlowiseAI Flowise
Domains	Dependencies, Package Management, Build Configuration
Last Updated	2026-02-12 07:00 GMT

Overview

The pnpm-lock.yaml file is the project's dependency lockfile that pins exact versions of all npm packages used across the Flowise monorepo.

Description

This file is automatically generated and maintained by pnpm (the package manager used by Flowise). It uses lockfile version 9.0 and records the exact resolved versions of every direct and transitive dependency in the project. The lockfile ensures deterministic, reproducible installations across different environments and CI systems. It also contains the project-level overrides section that forces specific versions of critical packages (such as openai, @langchain/core, axios, protobufjs, and security-patched packages like braces, cross-spawn, and ws) to be used across all workspaces regardless of what individual packages request.

Usage

This file should never be manually edited. It is updated automatically when running pnpm install or pnpm add/remove commands. It must be committed to version control to ensure all developers and CI pipelines use identical dependency versions.

Code Reference

Source Location

Repository: FlowiseAI Flowise
File: pnpm-lock.yaml
Lines: 1-42672

File Header

lockfileVersion: '9.0'

settings:
    autoInstallPeers: true
    excludeLinksFromLockfile: false

overrides:
    '@google/generative-ai': ^0.24.0
    '@grpc/grpc-js': ^1.10.10
    '@langchain/core': 0.3.61
    '@qdrant/openapi-typescript-fetch': 1.2.6
    openai: 4.96.0
    protobufjs: 7.4.0
    axios: 1.12.0
    body-parser: 2.0.2
    braces: 3.0.3
    cross-spawn: 7.0.6
    form-data: 4.0.4
    glob-parent: 6.0.2
    http-proxy-middleware: 3.0.3
    json5: 2.2.3
    nth-check: 2.1.1
    path-to-regexp: 0.1.12
    prismjs: 1.29.0
    rollup: 4.45.0
    semver: 7.7.1
    set-value: 4.1.0
    solid-js: 1.9.7
    tar-fs: 3.1.0
    unset-value: 2.0.1
    webpack-dev-middleware: 7.4.2
    ws: 8.18.3
    xlsx: https://cdn.sheetjs.com/xlsx-0.20.3/xlsx-0.20.3.tgz

Import

# This file is not imported in code. It is consumed by the pnpm package manager.
# To install dependencies using this lockfile:
pnpm install --frozen-lockfile

I/O Contract

Inputs

Name	Type	Required	Description
package.json (root)	JSON	Yes	The root package.json defining workspaces, dependencies, and overrides
package.json (packages/*)	JSON	Yes	Individual workspace package.json files defining per-package dependencies

Outputs

Name	Type	Description
Deterministic node_modules	Directory tree	Exact dependency tree installed by pnpm based on the lockfile contents

Key Configuration

Settings

Setting	Value	Description
lockfileVersion	9.0	The pnpm lockfile format version
autoInstallPeers	true	Automatically installs peer dependencies
excludeLinksFromLockfile	false	Linked packages are included in the lockfile

Notable Overrides

The overrides section forces specific versions across all workspaces, typically for:

Security patches: braces (3.0.3), cross-spawn (7.0.6), ws (8.18.3), semver (7.7.1)
API compatibility: openai (4.96.0), @langchain/core (0.3.61), @google/generative-ai (^0.24.0)
Stability: axios (1.12.0), protobufjs (7.4.0), rollup (4.45.0)

Usage Examples

Basic Usage

# Install all dependencies with the exact versions from the lockfile
pnpm install --frozen-lockfile

# Update the lockfile after changing a package.json
pnpm install

Related Pages

Principle:FlowiseAI_Flowise_Dependency_Management

Page Connections

Double-click a node to navigate. Hold to expand connections.

Principle

Implementation

Heuristic

Environment