The Node ecosystem is a complete mess, which is hardly new news I suppose. Today while updating some dependencies used to build my site I ran into the absurd situation where upgrading multiple dependencies NPM actually downgraded some of them - to versions nine months old.

$ npm audit fix
npm WARN audit Updating astro to 2.10.15, which is a SemVer major change.

I confirmed that NPM really did just do that. It had.

"astro": "^3.3.2",
"astro": "^2.0.2",

I wish I could say I’m surprised. This is my experience with NPM and the “JavaScript cinematic universe”, time and time again. Why did it decided to downgrade?

Your guess is as good as mine, but one thing I remembered is that, unlike NPM, at least PNPM actually fucking works. I actually don’t even want to know why this happened, I simply no longer have any patience for the vast amounts of bullshit and suffering the “JavaScript cinematic universe” throws at people just trying to write code.

So I migrated to PNPM. I barely had to change anything:

• Prefix script entries in package.json with pnpm instead of npm
• Convert package_lock.json via pnpm import and then delete it
• Update the CI/CD pipeline to use pnpm and it’s cache instead of npm

Now I enjoy fast installs, more reliable upgrades, and some peace of mind.