mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-06-28 01:45:30 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
230df57aa5ac781effb243cb4beeb2d30cc6a8bf
pnpm/worker
History
Zoltan Kochan 089484aca8 perf(pnpr): resolve server-side and fetch tarballs directly (#12232) 
## Summary

Reworks pnpr from an install/file accelerator into a resolve-only accelerator:

- `POST /v1/resolve` resolves against the client-supplied registries and returns a gzipped JSON lockfile response
- pacquet/pnpm clients then fetch tarballs normally from registries with their own credentials and existing parallel fetch/integrity paths
- pnpr no longer serves package file bytes or store-index rows, so the server-side file diff, file-frame response, grant table, and public-package byte-gating code are removed

The follow-up resolution fast paths are included on the new measured path:

- repeated public no-lockfile resolves use a bounded in-memory TTL cache
- fresh frozen input lockfiles skip the server-side lockfile-only pacquet resolve after verification proves the lockfile is usable
- input lockfile verification and the verdict cache are preserved

## Benchmark

Integrated benchmark on Linux shows small improvements in all pnpr rows, with the clearest movement in hot restore. This should be treated as an incremental win rather than a large install-speed change.

| Scenario | `pnpr@HEAD` | `pnpr@main` | Change |
| --- | ---: | ---: | ---: |
| fresh restore, cold cache + cold store | `1.677 s ± 0.090` | `1.686 s ± 0.070` | ~0.6% faster |
| fresh restore, hot cache + hot store | `492.5 ms ± 18.1` | `521.9 ms ± 33.4` | ~5.6% faster |
| fresh install, cold cache + cold store | `1.997 s ± 0.025` | `2.003 s ± 0.038` | ~0.3% faster |
| fresh install, hot cache + hot store | `1.211 s ± 0.024` | `1.236 s ± 0.038` | ~2.0% faster |

## Trade-off

Going registry-direct means pnpr no longer gates tarball bytes itself. Private package access is enforced by the upstream registry when the client fetches tarballs. Resolution policy still runs server-side: lockfile verification, release-age policy, trust policy, and resolved package selection continue to happen before the client fetches bytes.
2026-06-06 02:16:33 +02:00
..
src
perf(pnpr): resolve server-side and fetch tarballs directly (#12232)
2026-06-06 02:16:33 +02:00
test
chore: upgrade @typescript/native-preview to 7.0.0-dev.20260421.2 (#11332)
2026-04-21 23:21:52 +02:00
CHANGELOG.md
chore(release): 11.5.2 (#12207)
2026-06-05 08:27:41 +02:00
package.json
chore(release): 11.5.2 (#12207)
2026-06-05 08:27:41 +02:00
README.md
docs: fix package names in README files (#11409)
2026-04-30 22:59:17 +02:00
tsconfig.json
refactor: rename packages and consolidate runtime resolvers (#10999)
2026-03-18 00:19:58 +01:00
tsconfig.lint.json
chore: configure TypeScript project references for tests (#8128)
2024-05-31 12:48:13 +02:00

README.md

@pnpm/worker

A worker for extracting package tarballs to the store

npm version

Installation

pnpm add @pnpm/worker

License

MIT

Reference in New Issue View Git Blame Copy Permalink