Explained pnpm vs npm install behavior discrepancyPublic

Agent

Model

Kimi-K2.6

Shared

May 17, 7:40 PM

Messages86

Workspace

Repo

earendil-works/pi

Summary

Closed, Completed

Plan
Identified difference in lifecycle script handling between pnpm and npm.
Plan
Plan
Analyzed dependencies with install scripts causing interactive picker in pnpm.
Plan
Plan
Explained why npm does not show the picker due to running scripts automatically.
Plan

If I try to update Pi by running pnpm install --global @earendil-works/pi-coding-agent, I get an interactive picker in which I'm asked to select which of three packages I want to build. I don't get this picker if I run npm install --global @earendil-works/pi-coding-agent. Why is there a discrepancy?

Searched webpnpm install interactive picker select packages to build lifecycle scripts

Searched webpnpm 10 blocks lifecycle scripts by default approve-builds interactive prompt

pnpm 10 and later blocks dependency lifecycle scripts by default for security reasons, while npm still runs them automatically.

When you install @earendil-works/pi-coding-agent, three transitive dependencies have install/preinstall/postinstall scripts:

koffi (optional dependency of @earendil-works/pi-tui) — has an install script that compiles native bindings
protobufjs (transitive dependency) — has a postinstall script
@google/genai (dependency of @earendil-works/pi-ai) — has a preinstall script

pnpm detects these scripts and shows an interactive picker asking which ones you want to allow. npm does not block them, so it installs silently and runs all three scripts automatically.

To avoid the picker with pnpm, pre-approve the packages:

bash

Or add them to your .npmrc:

ini