npm -> pnpm

[zurfyx]

We have made the decision to migrate to PNPM. We believe Lexical can benefit from its security and performance.

This PR encapsulates the minimum viables changes to get there, which boil down to:

• Replacing npm for pnpm and adjusting the syntax
• Declaring phantom dependencies
• Small tweaks to the CI (including an upgrade to Node 22 LTS)

Test plan:

• Compare build side-by-side
• Compare (Meta) WWW build side-by-side
• Meta's PNPM internal deployment (D89383966)
• CI passes
• NPM publish (let's merge this PR first)
• Updating CONTRIBUTING.md
• Create new package (will be followed up separately after docs/)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
lexical	Ready	Preview, Comment	Dec 21, 2025 10:11pm
lexical-playground	Ready	Preview, Comment	Dec 21, 2025 10:11pm

[etrepum]

I don't think this is a config option at all in pnpm

[etrepum]

Haven't had a chance to look through all of it or try it locally yet but this is what I noticed with a quick look

[etrepum]

Is there a strong reason to keep 22.x instead of upgrading to the active lts 24.x?

[zurfyx]

For some reason, 24.x and 25.x hang when running Playwright, which I why I intentionally put an engine restriction of < 23.0. I was thinking to look at it separately, maybe upgrading the latest Playwright version will do but there's already a lot going on in this PR

[etrepum]

this looks like an accident

[etrepum]

I wonder if we might want to add other platforms to this or to include @rollup/wasm-node or something

[etrepum]

This is a bit inconsistent, right now everything else with examples and integration tests is run with npm and uses package-lock.json. I think it happens to work because the node_modules is set up properly but it is a bit strange

[zurfyx]

@etrepum This was actually intentional but I'm happy to do either way. My thought process is, documentation and examples are user-oriented, and folks are the most familiar with NPM. For developers in our repo, PNPM is preferable option. Would you agree with this / or do you think that these examples are more test oriented as opposed to user facing?

[etrepum]

I think either is fine but it should be consistent, if we’re installing example with npm we should be testing the examples with npm (and making sure to handle the correct lock files). I don’t think it’s a big deal either way, the examples should still work for users with any package manager, the only difference should be whether a lockfile is used or not.

[zurfyx]

Ah yes, you're completely right, sorry I misread the code pointer

[etrepum]

This might not be working correctly because the examples are still using npm and package-lock.json?

[etrepum]

I think these instructions might be a bit out of date, the latest node versions have moved corepack out of the distribution so it might be something more like

npx corepack@latest enable

[etrepum]

I confirmed that installing and running the unit tests & e2e tests works as expected.

After a closer look I think it's probably worth auditing each pnpm run that uses -- since those might not be correct anymore. Those exist because npm run arg --foo has npm parse the argument --foo but pnpm run arg --foo passes the argument to the script like npm run arg -- --foo which is what's wanted in 99.99% of the cases (and how npx behaves). It also gets really messy in npm when scripts invoke other scripts so you have multiple layers of --.

The solution is probably to just get rid of all the --.

[thedjpetersen]

Neat - curious to learn more about the advantages of PNPM

[etrepum]

The primary motivation for this PR is better security defaults. There are also some developer ergonomic improvements such as better script argument passing with pnpm run vs. npm run (no need for -- escaping).