@savvy-web/pnpm-plugin-silk

Centralized dependency version management for the Silk ecosystem via pnpm config dependencies. Share curated dependency catalogs, security overrides, and build configurations across multiple repositories from a single source of truth.

Features

• Dual catalog strategy - Current versions for direct dependencies (catalog:silk), permissive ranges for peer dependencies (catalog:silkPeers)
• Security overrides - Centralized CVE fixes via silkOverrides that propagate to all consuming repositories
• Build configuration sync - Shared onlyBuiltDependencies and publicHoistPattern settings across repositories
• Biome schema sync - Automatically updates $schema URLs in biome.json/biome.jsonc files to match the catalog version
• Non-destructive merging - Local definitions always take precedence with clear warnings for divergences

Installation

Add as a config dependency using pnpm:

pnpm add --config @savvy-web/pnpm-plugin-silk

This adds the package to your pnpm-workspace.yaml with the required integrity hash:

configDependencies:
  "@savvy-web/pnpm-plugin-silk": "0.3.0+sha512-..."

Quick Start

Reference Silk catalogs in your package.json:

{
  "devDependencies": {
    "typescript": "catalog:silk",
    "vitest": "catalog:silk"
  },
  "peerDependencies": {
    "typescript": "catalog:silkPeers"
  }
}

The silk catalog provides current/latest versions for direct dependencies, while silkPeers provides permissive ranges for peer dependencies. Security overrides, build script allowlists, and hoist patterns are automatically merged during pnpm install.

Documentation

For configuration details, architecture overview, and advanced usage, see docs/.

More Information

• Changelog - Release history
• Contributing - Development setup and guidelines
• Security Policy - Vulnerability reporting
• Code of Conduct - Community guidelines

License

MIT