chore: migrate from npm to pnpm package manager

[krovomi]

Base Branch

• This PR targets the develop branch (required for all feature/fix PRs)
• This PR targets main (hotfix only - maintainers)

Description

This PR migrates the project from npm to pnpm as the package manager. The migration includes updating the GitHub Actions setup workflow to use pnpm, adding a pnpm-workspace.yaml configuration file, and updating dependencies to compatible versions. This change improves dependency management through pnpm's stricter lockfile handling and more efficient disk usage via content-addressable storage.

Related Issue

Closes #

Type of Change

• 🐛 Bug fix
• ✨ New feature
• 📚 Documentation
• ♻️ Refactor
• 🧪 Test

Area

• Frontend
• Backend
• Fullstack

Commit Message Format

chore: migrate from npm to pnpm package manager

AI Disclosure

• This PR includes AI-generated code (Claude, Codex, Copilot, etc.)

Checklist

• I've synced with develop branch
• I've tested my changes locally
• I've followed the code principles (SOLID, DRY, KISS)
• My PR is small and focused (< 400 lines ideally)

Platform Testing Checklist

CRITICAL: This project supports Windows, macOS, and Linux. Platform-specific bugs are a common source of breakage.

• Windows tested (symlink/junction creation logic verified)
• macOS tested (symlink creation logic verified)
• Linux tested (symlink creation logic verified)
• Used centralized platform/ module instead of direct process.platform checks
• No hardcoded paths (used platform-aware path handling)

CI/Testing Requirements

• All CI checks pass on all platforms (Windows, macOS, Linux)
• All existing tests pass
• New features include test coverage (N/A - refactor only)
• Bug fixes include regression tests (N/A - refactor only)

Breaking Changes

Breaking: No

The migration is transparent to developers. The lockfile format changes from package-lock.json to pnpm-lock.yaml, but this is handled automatically by pnpm during installation.

Notes

• Updated setup-node-frontend GitHub Action to install and use pnpm
• Added pnpm-workspace.yaml to define workspace structure
• Updated dev dependencies to compatible versions (@biomejs/biome, @vitejs/plugin-react, jsdom, vite)
• Updated Biome version in lint workflow to match package.json
• Improved node_modules linking logic for electron-builder compatibility across all platforms

https://claude.ai/code/session_01FumnQx758KRUvH4B5btB6w

Summary by CodeRabbit

• Chores
  • Transitioned package manager from npm to pnpm for enhanced monorepo support
  • Updated development dependencies including Biome, Vite, jsdom, and React plugin
  • Updated GitHub Actions infrastructure to support pnpm workflows
  • Configured pnpm workspace structure for improved package management

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR migrates the CI/CD setup from npm to pnpm as the package manager, updates the setup-node action from v4 to v6, and upgrades multiple development dependencies (Biome, Vite, jsdom, and related plugins). A new pnpm workspace configuration file is added to define workspace structure.

Changes

Cohort / File(s)	Summary
Package Manager Migration .github/actions/setup-node-frontend/action.yml	Replaced npm with pnpm: switched to setup-node@v6, replaced npm config get cache with pnpm store path, updated cache action to v5, changed cache keys to reference pnpm-lock.yaml and frontend package.json, replaced npm ci with pnpm install --frozen-lockfile, and updated error messaging.
Workflow Configuration .github/workflows/lint.yml	Updated Biome CLI installation from version 2.3.11 to 2.4.10.
Dependency Updates apps/frontend/package.json, package.json	Updated devDependencies: @biomejs/biome@2.4.10, @vitejs/plugin-react@^6.0.1, jsdom@^29.0.2, vite@^8.0.5 (in frontend), and jsdom@^29.0.2 (in root).
Workspace Configuration pnpm-workspace.yaml	New file: Added pnpm workspace configuration to discover packages under apps/*/ and libs/*/ directories.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Poem

🐰 From npm's nest to pnpm's speed,
We hopped along with utmost heed,
Dependencies bumped, workspaces align,
The future's pnpm, and all is fine! 🌿✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title 'chore: migrate from npm to pnpm package manager' directly and clearly summarizes the primary change in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

⚔️ Resolve merge conflicts

• Resolve merge conflict in branch claude/download-github-actions-4x9Bc

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🎉 Thanks for your first PR!

A maintainer will review it soon. Please make sure:

• Your branch is synced with develop
• CI checks pass
• You've followed our contribution guide

Welcome to the Auto Claude community!

[gemini-code-assist]

Code Review

This pull request migrates the frontend build process from npm to pnpm, introducing a workspace configuration and updating the CI workflow. However, multiple critical issues were found where non-existent versions were specified for GitHub Actions (setup-node and cache) and several dependencies, including Vite, Biome, and jsdom. An unnecessary cache cleaning step in the setup action was also identified for removal to optimize workflow speed.

[gemini-code-assist]

The version v6 for actions/setup-node does not exist. The current stable major version is v4. Using a non-existent version will cause the GitHub Action to fail.

      uses: actions/setup-node@v4

[gemini-code-assist]

The version v5 for actions/cache does not exist. The current stable major version is v4.

      uses: actions/cache@v4

[gemini-code-assist]

The version 2.4.10 for @biomejs/biome does not exist. The current latest stable version is 1.9.4. This will cause the installation to fail.

Suggested change

	"@biomejs/biome": "2.4.10",
	"@biomejs/biome": "1.9.4",

[gemini-code-assist]

The version 6.0.1 for @vitejs/plugin-react does not exist. The current latest stable version is 4.3.4.

Suggested change

	"@vitejs/plugin-react": "^6.0.1",
	"@vitejs/plugin-react": "^4.3.4",

[gemini-code-assist]

The version 29.0.2 for jsdom does not exist. The current latest stable version is 26.0.0.

Suggested change

	"jsdom": "^29.0.2",
	"jsdom": "^26.0.0",

[gemini-code-assist]

The version 8.0.5 for vite does not exist. The current latest stable version is 6.1.0.

Suggested change

	"vite": "^8.0.5",
	"vite": "^6.1.0",

[gemini-code-assist]

The version 29.0.2 for jsdom does not exist. Please use a valid version such as ^26.0.0.

Suggested change

	"jsdom": "^29.0.2"
	"jsdom": "^26.0.0"

[gemini-code-assist]

Running npm cache clean --force is unnecessary in CI environments as runners typically start with a clean state. Removing this will slightly speed up the workflow.

        npm install -g pnpm

[sentry]

Bug: The GitHub action incorrectly symlinks apps/frontend/node_modules to the root node_modules, which breaks dependency resolution because pnpm does not hoist workspace dependencies by default.
_{Severity: CRITICAL}

Suggested Fix

Remove the steps in the setup-node-frontend action that delete apps/frontend/node_modules and create a symlink. Allow pnpm to manage the workspace's node_modules directories as intended, which involves creating symlinks from within each workspace package to the central .pnpm store.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: .github/actions/setup-node-frontend/action.yml#L81

Potential issue: The `setup-node-frontend` GitHub action, after running `pnpm install`,
deletes the `apps/frontend/node_modules` directory and replaces it with a symlink to the
root `node_modules` directory. This is based on the incorrect assumption that pnpm does
not hoist workspace dependencies. In pnpm's default workspace configuration,
dependencies like `electron` are not hoisted to the root `node_modules`. As a result,
the symlink will point to a directory that is missing required dependencies for the
frontend application, causing the verification step `ls
apps/frontend/node_modules/electron` to fail and breaking the CI pipeline.

_{Did we get this right? 👍 / 👎 to inform future reviews.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

package.json (1)

11-30: ⚠️ Potential issue | 🟠 Major

Scripts and engines still reference npm despite pnpm migration.

The PR migrates CI workflows to pnpm, but the root package.json still uses npm commands throughout:

• Scripts (lines 13-26) use npm install, npm run, npm test
• The engines field (line 30) specifies npm: ">=10.0.0"

This inconsistency may confuse contributors and cause issues if someone runs these scripts locally with pnpm.

Proposed fix to align with pnpm migration

   "scripts": {
     "install:backend": "node scripts/install-backend.js",
-    "install:frontend": "cd apps/frontend && npm install",
-    "install:all": "npm run install:backend && npm run install:frontend",
-    "start": "cd apps/frontend && npm run build && npm run start",
-    "dev": "cd apps/frontend && npm run dev",
-    "dev:debug": "cd apps/frontend && npm run dev:debug",
-    "dev:mcp": "cd apps/frontend && npm run dev:mcp",
-    "build": "cd apps/frontend && npm run build",
-    "lint": "cd apps/frontend && npm run lint",
-    "test": "cd apps/frontend && npm test",
+    "install:frontend": "cd apps/frontend && pnpm install",
+    "install:all": "pnpm run install:backend && pnpm run install:frontend",
+    "start": "cd apps/frontend && pnpm run build && pnpm run start",
+    "dev": "cd apps/frontend && pnpm run dev",
+    "dev:debug": "cd apps/frontend && pnpm run dev:debug",
+    "dev:mcp": "cd apps/frontend && pnpm run dev:mcp",
+    "build": "cd apps/frontend && pnpm run build",
+    "lint": "cd apps/frontend && pnpm run lint",
+    "test": "cd apps/frontend && pnpm test",
     "test:backend": "node scripts/test-backend.js",
-    "package": "cd apps/frontend && npm run package",
-    "package:mac": "cd apps/frontend && npm run package:mac",
-    "package:win": "cd apps/frontend && npm run package:win",
-    "package:linux": "cd apps/frontend && npm run package:linux"
+    "package": "cd apps/frontend && pnpm run package",
+    "package:mac": "cd apps/frontend && pnpm run package:mac",
+    "package:win": "cd apps/frontend && pnpm run package:win",
+    "package:linux": "cd apps/frontend && pnpm run package:linux"
   },
   "engines": {
     "node": ">=24.0.0",
-    "npm": ">=10.0.0"
+    "pnpm": ">=9.0.0"
   },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@package.json` around lines 11 - 30, Update the root package.json scripts to
use pnpm instead of npm (e.g., change "install:frontend", "install:all",
"start", "dev", "dev:debug", "dev:mcp", "build", "lint", "test", "package",
"package:mac", "package:win", "package:linux" to call pnpm/pnpm run/pnpm install
as appropriate) so local scripts match the pnpm CI migration, and update the
"engines" block to include a pnpm requirement (e.g., "pnpm": ">=8.0.0") and
remove or replace the existing "npm": ">=10.0.0" entry so the root package.json
consistently enforces pnpm usage.

apps/frontend/package.json (2)

17-19: ⚠️ Potential issue | 🟡 Minor

Engines field still specifies npm despite pnpm migration.

Similar to the root package.json, this file specifies npm: ">=10.0.0" in the engines field while the PR migrates to pnpm.

Proposed fix

   "engines": {
     "node": ">=24.0.0",
-    "npm": ">=10.0.0"
+    "pnpm": ">=9.0.0"
   },

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/frontend/package.json` around lines 17 - 19, The engines field in
package.json still lists "npm": ">=10.0.0" even though the repo migrated to
pnpm; update the engines object by removing or replacing the "npm" key with a
"pnpm" key and set its version constraint to match the root package.json
(mirrored version), ensuring the "node" entry stays unchanged so the engines
object references node and pnpm only.

---

110-137: ⚠️ Potential issue | 🟠 Major

Verify major version bumps work correctly with CI.

These are significant major version upgrades:

• @vitejs/plugin-react: 5.x → 6.x (requires Vite 8+; removed Babel integration)
• vite: 7.x → 8.x (bundler replaced with Rolldown/Oxc; multiple breaking changes)
• jsdom: 27.x → 29.x (resource loading API and CSSOM overhaul; irrelevant since vitest uses environment: 'node')

The Vite config is compatible—it uses only safe rollupOptions (input/external) and avoids removed features like watch.chokidar and unsupported output formats. No esbuild usage detected. Vitest correctly uses environment: 'node'. However, Vite 8's architectural shift to Rolldown warrants confirming the build and CI pass successfully.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/frontend/package.json` around lines 110 - 137, The dependency upgrade to
`@vitejs/plugin-react` (6.x), vite (8.x), and jsdom (29.x) may introduce breaking
changes for the build and CI; run the full CI/build/test matrix and if failures
occur, update the Vite config and test configs: check the vite config referenced
by vite and `@vitejs/plugin-react` to remove any deprecated features (ensure only
safe rollupOptions like input/external are used and avoid removed options such
as watch.chokidar or unsupported output formats), confirm Vitest's environment
remains set to 'node' (vitest config) so jsdom changes are irrelevant, and
adjust or pin plugin-react settings (Babel removal) or roll back to prior
versions if compatibility fixes are required; re-run CI until all pipelines
pass.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/actions/setup-node-frontend/action.yml:
- Around line 43-44: The cache key strings still include the transitional prefix
"pnpm-migrate-" which should be removed now that migration is complete; update
the two cache key values that reference "${{ runner.os }}-pnpm-migrate-${{
hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('apps/frontend/package.json') }}"
and "${{ runner.os }}-pnpm-migrate-${{ hashFiles('pnpm-lock.yaml') }}-" to drop
the "pnpm-migrate-" segment (e.g. "${{ runner.os }}-pnpm-${{
hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('apps/frontend/package.json') }}"
and corresponding restore key), and search for any other occurrences of
"pnpm-migrate-" in the workflow to update them consistently.
- Around line 29-31: Remove the unnecessary "npm cache clean --force" invocation
from the run step so only "npm install -g pnpm" remains (delete the line
containing the exact string "npm cache clean --force"); alternatively replace
the global install with the official pnpm GitHub Action (pnpm/action-setup) to
manage pnpm installation and caching more efficiently instead of running "npm
install -g pnpm" directly.
- Around line 1-3: Workflows reference npm commands but the setup action "Setup
Node.js Frontend" configures pnpm; update all workflow invocations to use pnpm
to match that setup: replace `npm run ...` with `pnpm run ...` for the
typecheck/test/build/release/beta-release occurrences and change `npm install`
in build-prebuilds to `pnpm install`; make the changes across the mentioned
workflow files and ensure commands invoked (e.g., typecheck, test, build,
release scripts) remain the same names when switching to `pnpm run`.

---

Outside diff comments:
In `@apps/frontend/package.json`:
- Around line 17-19: The engines field in package.json still lists "npm":
">=10.0.0" even though the repo migrated to pnpm; update the engines object by
removing or replacing the "npm" key with a "pnpm" key and set its version
constraint to match the root package.json (mirrored version), ensuring the
"node" entry stays unchanged so the engines object references node and pnpm
only.
- Around line 110-137: The dependency upgrade to `@vitejs/plugin-react` (6.x),
vite (8.x), and jsdom (29.x) may introduce breaking changes for the build and
CI; run the full CI/build/test matrix and if failures occur, update the Vite
config and test configs: check the vite config referenced by vite and
`@vitejs/plugin-react` to remove any deprecated features (ensure only safe
rollupOptions like input/external are used and avoid removed options such as
watch.chokidar or unsupported output formats), confirm Vitest's environment
remains set to 'node' (vitest config) so jsdom changes are irrelevant, and
adjust or pin plugin-react settings (Babel removal) or roll back to prior
versions if compatibility fixes are required; re-run CI until all pipelines
pass.

In `@package.json`:
- Around line 11-30: Update the root package.json scripts to use pnpm instead of
npm (e.g., change "install:frontend", "install:all", "start", "dev",
"dev:debug", "dev:mcp", "build", "lint", "test", "package", "package:mac",
"package:win", "package:linux" to call pnpm/pnpm run/pnpm install as
appropriate) so local scripts match the pnpm CI migration, and update the
"engines" block to include a pnpm requirement (e.g., "pnpm": ">=8.0.0") and
remove or replace the existing "npm": ">=10.0.0" entry so the root package.json
consistently enforces pnpm usage.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 15ad07b1-57a7-4953-838b-d6479fa8e601

📥 Commits

Reviewing files that changed from the base of the PR and between cba7a02 and 22aca58.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (5)

• .github/actions/setup-node-frontend/action.yml
• .github/workflows/lint.yml
• apps/frontend/package.json
• package.json
• pnpm-workspace.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check for npm command usage in GitHub workflows
echo "=== Searching for 'npm run' in workflow files ==="
rg -n 'npm run' .github/workflows/ || echo "No matches found"

echo ""
echo "=== Searching for 'npm ci' or 'npm install' in workflow files ==="
rg -n 'npm (ci|install)' .github/workflows/ || echo "No matches found"

Repository: AndyMik90/Aperant

Length of output: 2202

---

Update workflows to use pnpm run instead of npm run for consistency.

The setup-node-frontend action configures pnpm, but multiple workflows still invoke npm run commands. This creates an inconsistency where the workflows bypass the pnpm setup:

• .github/workflows/ci.yml (lines 133, 137, 141): npm run typecheck, npm run test, npm run build
• .github/workflows/release.yml: 8 instances of npm run commands
• .github/workflows/beta-release.yml: 7 instances of npm run commands
• .github/workflows/build-prebuilds.yml: 1 instance of npm install

Update these to use pnpm run and pnpm install respectively to align with the pnpm migration.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/actions/setup-node-frontend/action.yml around lines 1 - 3, Workflows
reference npm commands but the setup action "Setup Node.js Frontend" configures
pnpm; update all workflow invocations to use pnpm to match that setup: replace
`npm run ...` with `pnpm run ...` for the
typecheck/test/build/release/beta-release occurrences and change `npm install`
in build-prebuilds to `pnpm install`; make the changes across the mentioned
workflow files and ensure commands invoked (e.g., typecheck, test, build,
release scripts) remain the same names when switching to `pnpm run`.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Unnecessary npm cache clean --force before pnpm install.

The npm cache clean --force is unnecessary when installing pnpm globally. This adds ~2-5 seconds to every CI run without benefit.

Proposed fix

     - name: Install pnpm
       shell: bash
-      run: |
-        npm cache clean --force
-        npm install -g pnpm
+      run: npm install -g pnpm

Alternatively, consider using pnpm/action-setup which is the official GitHub Action for pnpm and handles caching more efficiently.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	run: |
	npm cache clean --force
	npm install -g pnpm
	run: npm install -g pnpm

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/actions/setup-node-frontend/action.yml around lines 29 - 31, Remove
the unnecessary "npm cache clean --force" invocation from the run step so only
"npm install -g pnpm" remains (delete the line containing the exact string "npm
cache clean --force"); alternatively replace the global install with the
official pnpm GitHub Action (pnpm/action-setup) to manage pnpm installation and
caching more efficiently instead of running "npm install -g pnpm" directly.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Transitional cache key prefix should be removed post-migration.

The cache key includes a migrate prefix (pnpm-migrate-). This is useful during the transition to invalidate old npm caches, but should be removed once the migration is complete to simplify the key.

Post-migration cleanup

-        key: ${{ runner.os }}-pnpm-migrate-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('apps/frontend/package.json') }}
-        restore-keys: ${{ runner.os }}-pnpm-migrate-${{ hashFiles('pnpm-lock.yaml') }}-
+        key: ${{ runner.os }}-pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('apps/frontend/package.json') }}
+        restore-keys: ${{ runner.os }}-pnpm-${{ hashFiles('pnpm-lock.yaml') }}-

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	key: ${{ runner.os }}-pnpm-migrate-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('apps/frontend/package.json') }}
	restore-keys: ${{ runner.os }}-pnpm-migrate-${{ hashFiles('pnpm-lock.yaml') }}-
	key: ${{ runner.os }}-pnpm-${{ hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('apps/frontend/package.json') }}
	restore-keys: ${{ runner.os }}-pnpm-${{ hashFiles('pnpm-lock.yaml') }}-

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/actions/setup-node-frontend/action.yml around lines 43 - 44, The
cache key strings still include the transitional prefix "pnpm-migrate-" which
should be removed now that migration is complete; update the two cache key
values that reference "${{ runner.os }}-pnpm-migrate-${{
hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('apps/frontend/package.json') }}"
and "${{ runner.os }}-pnpm-migrate-${{ hashFiles('pnpm-lock.yaml') }}-" to drop
the "pnpm-migrate-" segment (e.g. "${{ runner.os }}-pnpm-${{
hashFiles('pnpm-lock.yaml') }}-${{ hashFiles('apps/frontend/package.json') }}"
and corresponding restore key), and search for any other occurrences of
"pnpm-migrate-" in the workflow to update them consistently.