Migrate package manager from Yarn to pnpm

[Copilot]

Migrates repository from Yarn 4.9.2 to pnpm 9.15.4 as the primary package manager for development.

Changes

Package Manager

• Updated packageManager field to pnpm@9.15.4
• Removed .yarnrc.yml and yarn.lock
• Generated pnpm-lock.yaml with all dependencies
• Added .pnpm-store/ to .gitignore

CI/CD Workflows

• All workflows now use Corepack to enable pnpm
• Changed install: yarn install --immutable → pnpm install --frozen-lockfile
• Updated test commands: pnpm test -- --watchAll=false (requires -- separator)
• Fixed audit syntax: yarn npm audit --severity high → pnpm audit --audit-level high
• Updated package-build-flow-action to use package-manager: 'pnpm'

Scripts & Documentation

• Changed prepublishOnly to use pnpm build
• Updated README.md and CONTRIBUTING.md with pnpm installation/usage instructions

Installation Options

Users can still install the package with any package manager:

pnpm add @wgtechlabs/log-engine
npm install @wgtechlabs/log-engine
yarn add @wgtechlabs/log-engine

Development requires pnpm:

pnpm install
pnpm test
pnpm build

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• api.example.com
  • Triggering command: /opt/hostedtoolcache/node/24.13.0/x64/bin/node /opt/hostedtoolcache/node/24.13.0/x64/bin/node /home/REDACTED/work/log-engine/log-engine/node_modules/.pnpm/jest-worker@29.7.0/node_modules/jest-worker/build/workers/processChild.js (dns block)
• downloads.snyk.io
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node wrapper_dist/bootstrap.js exec (dns block)
• o30291.ingest.sentry.io
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node wrapper_dist/bootstrap.js exec (dns block)
• static.snyk.io
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node wrapper_dist/bootstrap.js exec (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Migrate to pnpm from yarn, PR to dev branch using the dev branch as base code.

The user has attached the following file paths as relevant context:

• .github\instructions\copilot.instructions.md
• AGENTS.md

Created from VS Code.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Summary by CodeRabbit

• Chores
  • Transitioned package manager from Yarn to pnpm across CI/CD workflows, build processes, configuration files, and developer documentation.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[warengonzaga]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

📝 Walkthrough

Walkthrough

The project transitions from Yarn to pnpm as its primary package manager. GitHub Actions workflows, configuration files, and documentation have been updated to reflect this change, replacing all yarn commands with their pnpm equivalents and adjusting configuration accordingly.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflows .github/workflows/build-flow.yml, scan.yml, support.yml, test.yml	Corepack setup updated from yarn@4.9.2 to pnpm@9.15.4. All package manager commands converted from yarn to pnpm equivalents (install, tsc, lint, test, audit). Verification steps renamed and updated accordingly.
Configuration & Dependency Management .gitignore, .yarnrc.yml, package.json	Added .pnpm-store/ to gitignore. Removed nodeLinker configuration from .yarnrc.yml. Updated packageManager field to pnpm@9.15.4 and changed prepublishOnly script to use pnpm.
Documentation CONTRIBUTING.md, README.md	Installation, development, and testing instructions updated to reference pnpm as the primary package manager, with yarn noted as an alternative. All code examples converted to pnpm syntax.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

---

Very good, sir. I find this transition to be rather straightforward in execution. The modifications exhibit a consistent and homogeneous pattern throughout—a methodical replacement of one package management system with another. The absence of intricate logic alterations or structural complications renders this review an efficient undertaking. One need merely verify that the conversions have been applied with uniformity across all affected systems and that no residual references to the preceding implementation remain. A most expedient matter, I assure you.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately and concisely captures the primary change: migrating the package manager from Yarn to pnpm, which is precisely what all modifications across workflows, configuration files, and documentation accomplish.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch copilot/migrate-to-pnpm-from-yarn

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

.github/workflows/support.yml (1)

158-158: ⚠️ Potential issue | 🟡 Minor

Sir, a remnant from the previous era — a stale Yarn reference in the diagnostic output.

Line 158 still reads "Yarn/Corepack setup problems" in the failure troubleshooting hints. Given the migration, this should reference pnpm instead.

🐛 Proposed fix

-            echo "- Yarn/Corepack setup problems"
+            echo "- pnpm/Corepack setup problems"

.github/workflows/scan.yml (1)

118-130: ⚠️ Potential issue | 🟡 Minor

The JSON audit parsing requires recalibration, sir.

Two matters require attention on this reporting step:

1. jq path mismatch: The .data.vulnerabilities path does not exist in pnpm's audit output. pnpm follows npm's audit report v2 schema, which places vulnerability summaries at .metadata.vulnerabilities (containing severity counts). The current jq expression will silently resolve to "0", rendering the reported count rather decorative. The remedy is to use .metadata.vulnerabilities.total for an accurate count.

2. Severity filter omitted: The original command included --severity moderate, but the pnpm replacement lacks --audit-level. While this step gracefully continues via || true, you may wish to restore filtering for reporting fidelity. pnpm audit fully supports --audit-level moderate.

A minor matter, as the step does not gate the build, but one warrants correcting for accurate audit reporting.

🔧 Proposed adjustment for pnpm audit JSON parsing

-          pnpm audit --json > audit.json || true
+          pnpm audit --json --audit-level moderate > audit.json || true
           if [ -f audit.json ]; then
-            vulnerabilities=$(cat audit.json | jq -r '.data.vulnerabilities // {} | length // 0' 2>/dev/null || echo "0")
+            vulnerabilities=$(cat audit.json | jq '.metadata.vulnerabilities.total // 0' 2>/dev/null || echo "0")
             echo "Found $vulnerabilities vulnerabilities"

🤖 Fix all issues with AI agents

In `@CONTRIBUTING.md`:
- Line 204: The docs reference a non-existent npm script `test:ci:debug`; either
update the troubleshooting line to use the existing `test:debug` script or add a
new script named `test:ci:debug` to package.json (copying behavior from
`test:debug` or combining CI flags as intended). Locate the string `pnpm
test:ci:debug` in CONTRIBUTING.md and replace it with `pnpm test:debug` if you
prefer the doc change, or add a `test:ci:debug` entry in package.json mirroring
`test:debug` if you prefer to keep the original wording.

🧹 Nitpick comments (1)

package.json (1)

125-128: A minor observation regarding the engines field, sir.

The engines block specifies npm >= 7.0.0 but makes no mention of pnpm. While engines is advisory and pnpm will function regardless, adding a pnpm constraint would provide a clear signal to contributors about the expected version, consistent with the Corepack configuration.

🔧 Suggested adjustment

   "engines": {
     "node": ">=16.0.0",
-    "npm": ">=7.0.0"
+    "npm": ">=7.0.0",
+    "pnpm": ">=9.0.0"
   }