Switching from npm to pnpm found 3 phantom dependencies in our React app

Switching from npm to pnpm uncovered three phantom dependencies in a React application, revealing how npm's hoisting can mask undeclared packages by allowing them to resolve through transitive dependencies. The migration to pnpm was initially motivated by the need for faster installation times and reduced cache sizes in GitHub Actions, but it unexpectedly highlighted the importance of strict package management. pnpm's rigorous installation process requires all dependencies to be explicitly declared in package.json, preventing the hoisting issues seen with npm and enforcing a more accurate dependency graph. This transition also streamlined other processes, such as cache management and command execution, by eliminating redundant steps and inconsistencies. Furthermore, the use of corepack to pin pnpm versions in CI and Docker environments ensured reproducibility and consistency across different stages of deployment. Despite the challenges of managing a large number of updates during the transition, the process was ultimately beneficial in ensuring the integrity and reliability of the application's dependencies.