Skip to content

Make pnpm audit cancellable during local traversal #12088

Description

@aqeelat

Problem

pnpm audit performs local lockfile graph traversals before and after calling the registry bulk advisories endpoint. The main performance issue from #12086 is addressed by pruning audit path traversal in #12087, but the traversal pipeline is still synchronous and does not accept an AbortSignal.

If audit becomes slow again on another large lockfile shape, Ctrl+C may still not be processed until the current synchronous traversal completes.

Proposed follow-up

  • Thread an AbortSignal through the audit command and @pnpm/deps.compliance.audit APIs.
  • Check the signal during local graph traversal phases.
  • Consider yielding to the event loop periodically if traversal can still run long enough to affect responsiveness.
  • Define expected cancellation output and exit behavior for plain and --json audit modes.

Context

This was split from #12086 because the performance fix in #12087 reduced the reported large-monorepo audit runtime from 4+ minutes to less than 2 seconds, making cancellation less urgent and better suited for a smaller follow-up.


Written by an agent (OpenCode, gpt-5.5).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions