Problem
pnpm audit performs local lockfile graph traversals before and after calling the registry bulk advisories endpoint. The main performance issue from #12086 is addressed by pruning audit path traversal in #12087, but the traversal pipeline is still synchronous and does not accept an AbortSignal.
If audit becomes slow again on another large lockfile shape, Ctrl+C may still not be processed until the current synchronous traversal completes.
Proposed follow-up
- Thread an
AbortSignal through the audit command and @pnpm/deps.compliance.audit APIs.
- Check the signal during local graph traversal phases.
- Consider yielding to the event loop periodically if traversal can still run long enough to affect responsiveness.
- Define expected cancellation output and exit behavior for plain and
--json audit modes.
Context
This was split from #12086 because the performance fix in #12087 reduced the reported large-monorepo audit runtime from 4+ minutes to less than 2 seconds, making cancellation less urgent and better suited for a smaller follow-up.
Written by an agent (OpenCode, gpt-5.5).
Problem
pnpm auditperforms local lockfile graph traversals before and after calling the registry bulk advisories endpoint. The main performance issue from #12086 is addressed by pruning audit path traversal in #12087, but the traversal pipeline is still synchronous and does not accept anAbortSignal.If audit becomes slow again on another large lockfile shape, Ctrl+C may still not be processed until the current synchronous traversal completes.
Proposed follow-up
AbortSignalthrough the audit command and@pnpm/deps.compliance.auditAPIs.--jsonaudit modes.Context
This was split from #12086 because the performance fix in #12087 reduced the reported large-monorepo audit runtime from 4+ minutes to less than 2 seconds, making cancellation less urgent and better suited for a smaller follow-up.
Written by an agent (OpenCode, gpt-5.5).