Skip to content

pnpm install OOMs in CI during lockfile supply-chain verification on large workspaces #11860

Description

@frankeld

Verify latest release

  • I verified that the issue exists in the latest pnpm release

pnpm version

No response

Which area(s) of pnpm are affected? (leave empty if unsure)

Lockfile

Link to the code that reproduces this issue or a replay of the bug

No response

Reproduction steps

  1. Create workspace with ~4k lockfile entries.
  2. pnpm-workspace.yaml supply-chain settings:
minimumReleaseAge: 2160
trustPolicy: no-downgrade
trustPolicyIgnoreAfter: 10080
  1. On a fresh CI runner, run pnpm install --frozen-lockfile after using the latest pnpm/action-setup
  2. Verification prints Verifying lockfile against supply-chain policies (4118 entries)... and then crashes with FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory after ~90 s.

Describe the Bug

Crash dump:

  pnpm install --frozen-lockfile
  shell: /usr/bin/bash -e {0}
  env:
    PNPM_HOME: /home/runner/setup-pnpm/node_modules/.bin
Scope: all 79 workspace projects
? Verifying lockfile against supply-chain policies (4118 entries)...
[WARN] Request took 10089ms: https://registry.npmjs.org/@prisma%2Fdebug
[WARN] Request took 10902ms: https://registry.npmjs.org/@prisma%2Fgenerator-helper
[WARN] Request took 11356ms: https://registry.npmjs.org/@prisma%2Ffetch-engine

<--- Last few GCs --->

[2477:0x346e0000]    96361 ms: Scavenge (during sweeping) 2028.1 (2032.9) -> 2026.2 (2032.9) MB, pooled: 0.0 MB, 12.31 / 0.00 ms (average mu = 0.357, current mu = 0.355) allocation failure; 
[2477:0x346e0000]    97676 ms: Incremental Mark-Compact (reduce) 2035.7 (2041.7) -> 2022.1 (2026.0) MB, pooled: 0.0 MB, 469.30 / 0.04 ms (+ 481.8 ms in 87 steps since start of marking, biggest step 8.8 ms, walltime since start of marking 1059 ms) (average
FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
----- Native stack trace -----

 1: 0x98abab node::OOMErrorHandler(char const*, v8::OOMDetails const&) [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
 2: 0xc14e8b  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
 3: 0xe87db5  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
 4: 0xe85fcb  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
 5: 0xe7911d  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
 6: 0xe78ecc  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
 7: 0xe7885f  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
 8: 0xe5f32f  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
 9: 0x11a8ec5  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
10: 0x11a9a5a  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
11: 0x11a9b12  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
12: 0x11a5ef9  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
13: 0xfbc2eb  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
14: 0xfaf318  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
15: 0xfac70c  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
16: 0xfaa643  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
17: 0xfaa643  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
18: 0xfaa643  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
19: 0xfa59d3  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
20: 0xfa56b1  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
21: 0xc8b240  [/home/runner/setup-pnpm/node_modules/.bin/bin/../global/v11/969-19e4d3d511d/node_modules/@pnpm/exe/pnpm]
22: 0x7fd024e3e9b6 
/home/runner/work/_temp/bb767fbd-4327-4ff4-a20d-56ead4fe2581.sh: line 1:  2477 Aborted                 (core dumped) pnpm install --frozen-lockfile

Expected Behavior

pnpm install --frozen-lockfile does not use over 2GB of memory for installation trust checks, or these trust checks can be disabled.

Which Node.js version are you using?

22

Which operating systems have you used?

  • macOS
  • Windows
  • Linux

If your OS is a Linux based, which one it is? (Include the version if relevant)

No response

Metadata

Metadata

Assignees

Labels

Type

Fields

No fields configured for Bug.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions