feat: Upgrade pnpm to 10.18.3

[kingston]

Summary by CodeRabbit

• Chores

  • Bumped required pnpm version to 10.18.3 across the repository, example apps, and generated project templates.
  • Updated project metadata to reflect the new package manager version.
  • Included a patch-level release note for the project generator package.

• Tests

  • Adjusted test expectations to match the new pnpm version in generated outputs.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
baseplate-project-builder-web	Ready	Preview	Comment	Oct 15, 2025 10:05am

[changeset-bot]

🦋 Changeset detected

Latest commit: 8afb04f

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

This PR updates pnpm version references across the repository. It bumps engines.pnpm and packageManager fields to 10.18.x in root and example packages, updates a PNPM_VERSION constant, adjusts project generation defaults, aligns related unit tests, and adds a changeset for a patch to @baseplate-dev/create-project.

Changes

Cohort / File(s)	Summary
Root tooling and metadata package.json, mise.toml	Bump pnpm from 10.16.1 to 10.18.3 in packageManager and engines.pnpm; update mise pnpm from 10.16.1 to 10.18.3.
Examples root packages examples/blog-with-auth/package.json, examples/todo-with-auth0/package.json	Update engines.pnpm and packageManager from ^10.16.1 / [email protected] to ^10.18.3 / [email protected].
Examples subpackages engines examples/blog-with-auth/packages/admin/package.json, examples/blog-with-auth/packages/backend/package.json, examples/todo-with-auth0/packages/admin/package.json, examples/todo-with-auth0/packages/backend/package.json, examples/todo-with-auth0/packages/web/package.json	Bump engines.pnpm from ^10.16.0 to ^10.18.0 in subpackage manifests.
Generator constants and templates packages/core-generators/src/constants/node.ts, packages/create-project/src/project-creator.ts	Update PNPM_VERSION constant to 10.18.3; change generated package.json defaults to packageManager [email protected] and engines.pnpm ^10.18.3.
Unit tests packages/create-project/src/project-creator.unit.test.ts	Adjust expected packageManager and engines.pnpm values to [email protected] and ^10.18.3.
Changeset .changeset/ninety-jeans-listen.md	Add patch changeset for @baseplate-dev/create-project noting pnpm upgrade to 10.18.3.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• feat: Upgrade Node to 20.18.1 and PNPM to 9.15.1 #407 — Updates create-project defaults for packageManager and pnpm engine, touching the same generator code paths.
• feat: Upgrade PNPM to 10.16.1 and set minimum release age to 24 hours #668 — Adjusts PNPM-related constants and generated package metadata in create-project and core-generators.
• chore: Upgrade PNPM to 10.6.5 #468 — Changes pnpm default/version constants and package.json generation in create-project and core-generators.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly and concisely summarizes the primary change of upgrading the pnpm version to 10.18.3 across the repository, matching the content of the changeset and package updates without extraneous details.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch kingston/eng-903-upgrade-to-pnpm-10182

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6daff18 and 8afb04f.

⛔ Files ignored due to path filters (10)

• examples/blog-with-auth/packages/admin/baseplate/generated/package.json is excluded by !**/generated/**, !**/generated/**
• examples/blog-with-auth/packages/backend/baseplate/generated/package.json is excluded by !**/generated/**, !**/generated/**
• examples/todo-with-auth0/packages/admin/baseplate/generated/package.json is excluded by !**/generated/**, !**/generated/**
• examples/todo-with-auth0/packages/backend/baseplate/generated/package.json is excluded by !**/generated/**, !**/generated/**
• examples/todo-with-auth0/packages/web/baseplate/generated/package.json is excluded by !**/generated/**, !**/generated/**
• tests/simple/package.json is excluded by !tests/**
• tests/simple/packages/backend/baseplate/generated/package.json is excluded by !**/generated/**, !tests/**, !**/generated/**
• tests/simple/packages/backend/package.json is excluded by !tests/**
• tests/simple/packages/web/baseplate/generated/package.json is excluded by !**/generated/**, !tests/**, !**/generated/**
• tests/simple/packages/web/package.json is excluded by !tests/**

📒 Files selected for processing (13)

• .changeset/ninety-jeans-listen.md (1 hunks)
• examples/blog-with-auth/package.json (1 hunks)
• examples/blog-with-auth/packages/admin/package.json (1 hunks)
• examples/blog-with-auth/packages/backend/package.json (1 hunks)
• examples/todo-with-auth0/package.json (1 hunks)
• examples/todo-with-auth0/packages/admin/package.json (1 hunks)
• examples/todo-with-auth0/packages/backend/package.json (1 hunks)
• examples/todo-with-auth0/packages/web/package.json (1 hunks)
• mise.toml (1 hunks)
• package.json (1 hunks)
• packages/core-generators/src/constants/node.ts (1 hunks)
• packages/create-project/src/project-creator.ts (1 hunks)
• packages/create-project/src/project-creator.unit.test.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (12)

**/*

📄 CodeRabbit inference engine (.cursor/rules/code-style.mdc)

Use kebab-case for file names

Files:

• examples/blog-with-auth/packages/backend/package.json
• examples/todo-with-auth0/packages/backend/package.json
• mise.toml
• examples/blog-with-auth/package.json
• packages/create-project/src/project-creator.unit.test.ts
• packages/create-project/src/project-creator.ts
• package.json
• examples/todo-with-auth0/packages/admin/package.json
• examples/todo-with-auth0/packages/web/package.json
• examples/blog-with-auth/packages/admin/package.json
• packages/core-generators/src/constants/node.ts
• examples/todo-with-auth0/package.json

examples/blog-with-auth/{package.json,packages/**/package.json}

📄 CodeRabbit inference engine (examples/blog-with-auth/CLAUDE.md)

Use ESM only by setting "type": "module" in package.json

Files:

• examples/blog-with-auth/packages/backend/package.json
• examples/blog-with-auth/package.json
• examples/blog-with-auth/packages/admin/package.json

examples/todo-with-auth0/{package.json,packages/**/package.json}

📄 CodeRabbit inference engine (examples/todo-with-auth0/CLAUDE.md)

examples/todo-with-auth0/{package.json,packages/**/package.json}: Module system must be ESM only ("type": "module" in package.json)
Package manager is pnpm 10+ (enforce via packageManager field)
Node version 22+ with Volta pinned to 22.18.0

Files:

• examples/todo-with-auth0/packages/backend/package.json
• examples/todo-with-auth0/packages/admin/package.json
• examples/todo-with-auth0/packages/web/package.json
• examples/todo-with-auth0/package.json

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/code-style.mdc)

**/*.{ts,tsx}: TypeScript with strict type checking
Always include return types on top-level functions including React components (React.ReactElement)
Include absolute paths in import statements via tsconfig paths (@src/ is the alias for src/)
If a particular interface or type is not exported, change the file so it is exported

If a particular interface or type is not exported, update the TypeScript file so it is exported

Files:

• packages/create-project/src/project-creator.unit.test.ts
• packages/create-project/src/project-creator.ts
• packages/core-generators/src/constants/node.ts

**/*.{unit,int}.test.ts

📄 CodeRabbit inference engine (.cursor/rules/code-style.mdc)

Unit tests use .unit.test.ts suffix, integration tests use .int.test.ts

Files:

• packages/create-project/src/project-creator.unit.test.ts

**/*.{js,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/code-style.mdc)

Node 16 module resolution - include file extensions in imports (.js)

Files:

• packages/create-project/src/project-creator.unit.test.ts
• packages/create-project/src/project-creator.ts
• packages/core-generators/src/constants/node.ts

**/*.test.ts

📄 CodeRabbit inference engine (.cursor/rules/code-style.mdc)

Always import vitest globals explicitly (describe, it, expect)

Files:

• packages/create-project/src/project-creator.unit.test.ts

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/code-style.mdc)

**/*.{ts,tsx,js}: Sort imports by group: external libs first, then local imports
Use camelCase for variables/functions, PascalCase for types/classes
Order functions such that functions are placed below the variables/functions they use
We use the prefer using nullish coalescing operator (??) ESLint rule instead of a logical or (||), as it is a safer operator
Use console.info/warn/error instead of console.log

Files:

• packages/create-project/src/project-creator.unit.test.ts
• packages/create-project/src/project-creator.ts
• packages/core-generators/src/constants/node.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/testing.mdc)

**/*.test.{ts,tsx}: Use descriptive test names that explain what is being tested
Structure tests with clear setup, execution, and verification phases (Arrange-Act-Assert)
Always mock external API calls and file system operations in tests
Each test should be independent and not rely on others
Leverage TypeScript for type-safe mocking in tests
Focus on testing public methods and behaviors, not implementation details
Each test should verify one specific behavior to keep tests simple
For file system operations in tests, use memfs and mock 'node:fs' and 'node:fs/promises'
When using globby in tests, pass the mocked fs adapter

Files:

• packages/create-project/src/project-creator.unit.test.ts

**/*.{test,test-helper}.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/testing.mdc)

Extract repeated logic into reusable helper functions

Files:

• packages/create-project/src/project-creator.unit.test.ts

**/*.unit.test.ts

📄 CodeRabbit inference engine (.cursor/rules/testing.mdc)

Unit tests are colocated with source files using .unit.test.ts suffix

Files:

• packages/create-project/src/project-creator.unit.test.ts

.changeset/**/*.md

📄 CodeRabbit inference engine (AGENTS.md)

.changeset/**/*.md: When adding a new feature or changing an existing feature, add a new Changeset in the .changeset/ directory
Changeset files must follow the specified frontmatter format with a package entry set to patch and a description body

Files:

• .changeset/ninety-jeans-listen.md

🧠 Learnings (6)

📚 Learning: 2025-09-03T17:03:33.250Z

Learnt from: CR
PR: halfdomelabs/baseplate#0
File: examples/todo-with-auth0/CLAUDE.md:0-0
Timestamp: 2025-09-03T17:03:33.250Z
Learning: Applies to examples/todo-with-auth0/{package.json,packages/**/package.json} : Package manager is pnpm 10+ (enforce via `packageManager` field)

Applied to files:

• examples/blog-with-auth/packages/backend/package.json
• examples/todo-with-auth0/packages/backend/package.json
• examples/blog-with-auth/package.json
• packages/create-project/src/project-creator.unit.test.ts
• packages/create-project/src/project-creator.ts
• package.json
• examples/todo-with-auth0/packages/admin/package.json
• examples/todo-with-auth0/packages/web/package.json
• examples/blog-with-auth/packages/admin/package.json
• examples/todo-with-auth0/package.json

📚 Learning: 2025-09-03T17:02:31.412Z

Learnt from: CR
PR: halfdomelabs/baseplate#0
File: examples/blog-with-auth/CLAUDE.md:0-0
Timestamp: 2025-09-03T17:02:31.412Z
Learning: Use pnpm 10+ and Node 20+ (Volta pinned)

Applied to files:

• examples/blog-with-auth/packages/backend/package.json
• examples/todo-with-auth0/packages/backend/package.json
• mise.toml
• examples/blog-with-auth/package.json
• packages/create-project/src/project-creator.unit.test.ts
• packages/create-project/src/project-creator.ts
• package.json
• examples/todo-with-auth0/packages/admin/package.json
• examples/todo-with-auth0/packages/web/package.json
• .changeset/ninety-jeans-listen.md
• examples/blog-with-auth/packages/admin/package.json
• packages/core-generators/src/constants/node.ts
• examples/todo-with-auth0/package.json

📚 Learning: 2025-09-03T17:03:33.250Z

Learnt from: CR
PR: halfdomelabs/baseplate#0
File: examples/todo-with-auth0/CLAUDE.md:0-0
Timestamp: 2025-09-03T17:03:33.250Z
Learning: Applies to examples/todo-with-auth0/{package.json,packages/**/package.json} : Node version 22+ with Volta pinned to 22.18.0

Applied to files:

• examples/blog-with-auth/packages/backend/package.json
• examples/todo-with-auth0/packages/backend/package.json
• examples/blog-with-auth/package.json
• packages/create-project/src/project-creator.unit.test.ts
• packages/create-project/src/project-creator.ts
• package.json
• examples/todo-with-auth0/packages/admin/package.json
• examples/todo-with-auth0/packages/web/package.json
• examples/blog-with-auth/packages/admin/package.json
• examples/todo-with-auth0/package.json

📚 Learning: 2025-09-03T17:03:52.726Z

Learnt from: CR
PR: halfdomelabs/baseplate#0
File: .cursor/rules/dev-commands.mdc:0-0
Timestamp: 2025-09-03T17:03:52.726Z
Learning: From a package, build using `pnpm build`

Applied to files:

• mise.toml
• examples/blog-with-auth/package.json
• packages/create-project/src/project-creator.unit.test.ts
• packages/create-project/src/project-creator.ts
• packages/core-generators/src/constants/node.ts
• examples/todo-with-auth0/package.json

📚 Learning: 2025-09-03T17:03:33.250Z

Learnt from: CR
PR: halfdomelabs/baseplate#0
File: examples/todo-with-auth0/CLAUDE.md:0-0
Timestamp: 2025-09-03T17:03:33.250Z
Learning: Applies to examples/todo-with-auth0/**/pnpm-workspace.yaml : Use pnpm workspaces with packages located under `packages/`

Applied to files:

• examples/todo-with-auth0/packages/web/package.json
• examples/todo-with-auth0/package.json

📚 Learning: 2025-09-03T17:03:33.250Z

Learnt from: CR
PR: halfdomelabs/baseplate#0
File: examples/todo-with-auth0/CLAUDE.md:0-0
Timestamp: 2025-09-03T17:03:33.250Z
Learning: Applies to examples/todo-with-auth0/{package.json,packages/**/package.json} : Module system must be ESM only (`"type": "module"` in package.json)

Applied to files:

• examples/todo-with-auth0/package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Verify Sync (todo-with-auth0)
• GitHub Check: test
• GitHub Check: Lint
• GitHub Check: Test E2E

🔇 Additional comments (8)

examples/blog-with-auth/package.json (1)

32-32: LGTM! Version upgrade correctly applied.

The pnpm version has been correctly updated to 10.18.3 in both the engines.pnpm constraint and the packageManager field, aligning with the PR objective.

Also applies to: 37-37

examples/todo-with-auth0/package.json (1)

34-34: LGTM! Version upgrade correctly applied.

The pnpm version has been correctly updated to 10.18.3 in both the engines.pnpm constraint and the packageManager field, consistent with the PR objective.

Also applies to: 39-39

packages/create-project/src/project-creator.unit.test.ts (1)

108-108: LGTM! Test expectations correctly updated.

The test expectations for packageManager and engines.pnpm have been correctly updated to reflect the pnpm 10.18.3 upgrade, aligning with the changes in the project-creator implementation.

Also applies to: 111-111

packages/core-generators/src/constants/node.ts (1)

2-2: LGTM! Version constant updated consistently.

The PNPM_VERSION constant has been updated to align with the repo-wide upgrade to pnpm 10.18.3.

mise.toml (1)

5-5: LGTM! Tooling configuration updated consistently.

The pnpm version in mise.toml aligns with the upgrade applied across the repository.

.changeset/ninety-jeans-listen.md (1)

1-5: Changeset format is correct. Verify package scope.

The changeset follows the required frontmatter format and uses an appropriate patch-level bump. However, since this upgrade affects multiple files across the monorepo (root package.json, mise.toml, core-generators constants), verify that listing only @baseplate-dev/create-project is intentional and that other affected packages either don't require changesets or are covered elsewhere.

Based on coding guidelines.

package.json (1)

72-72: LGTM! Root package manifest updated consistently.

The root package.json now enforces pnpm 10.18.3 via packageManager and engines.pnpm, ensuring all developers and CI environments use the upgraded version. The caret constraint (^10.18.3) appropriately allows patch-level updates.

Also applies to: 75-75

packages/create-project/src/project-creator.ts (1)

65-65: Approve pnpm version upgrade

[email protected] is published and is the latest stable 10.x release. This change can be merged.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Version inconsistency: Consider updating to ^10.18.3.

The engines.pnpm constraint was updated to ^10.18.0, but the root workspace package.json uses ^10.18.3. For consistency with the repository-wide pnpm 10.18.3 upgrade, consider updating this to ^10.18.3.

Apply this diff:

-    "pnpm": "^10.18.0"
+    "pnpm": "^10.18.3"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"pnpm": "^10.18.0"
	"pnpm": "^10.18.3"

🤖 Prompt for AI Agents

In examples/blog-with-auth/packages/admin/package.json around line 94, the
engines.pnpm entry is ^10.18.0 which is inconsistent with the root workspace
using ^10.18.3; update the engines.pnpm value to ^10.18.3 to match the
repository-wide pnpm version.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Version inconsistency: Consider updating to ^10.18.3.

The engines.pnpm constraint was updated to ^10.18.0, but the root workspace package.json uses ^10.18.3. For consistency across the repository, consider updating this to ^10.18.3 to match the standardized version used throughout the PR.

Apply this diff:

-    "pnpm": "^10.18.0"
+    "pnpm": "^10.18.3"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"pnpm": "^10.18.0"
	"pnpm": "^10.18.3"

🤖 Prompt for AI Agents

In examples/blog-with-auth/packages/backend/package.json around line 93, the
engines.pnpm version is ^10.18.0 which is inconsistent with the root workspace
using ^10.18.3; update the value to ^10.18.3 so the engines field matches the
repository standard and maintain version consistency across package.json files.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Version inconsistency: Consider updating to ^10.18.3.

The engines.pnpm constraint was updated to ^10.18.0, but the root workspace package.json uses ^10.18.3. For consistency across the repository, consider updating this to ^10.18.3 to align with the standardized version.

Apply this diff:

-    "pnpm": "^10.18.0"
+    "pnpm": "^10.18.3"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"pnpm": "^10.18.0"
	"pnpm": "^10.18.3"

🤖 Prompt for AI Agents

In examples/todo-with-auth0/packages/admin/package.json around line 98, the
engines.pnpm field is set to "^10.18.0" which is inconsistent with the root
workspace version; update the engines.pnpm value to "^10.18.3" to match the root
package.json and keep pnpm versioning consistent across the repository.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Version inconsistency: Consider updating to ^10.18.3.

The engines.pnpm constraint was updated to ^10.18.0, but the root workspace package.json uses ^10.18.3. For consistency with the repository-wide pnpm 10.18.3 upgrade, consider updating this to ^10.18.3.

Apply this diff:

-    "pnpm": "^10.18.0"
+    "pnpm": "^10.18.3"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"pnpm": "^10.18.0"
	"pnpm": "^10.18.3"

🤖 Prompt for AI Agents

In examples/todo-with-auth0/packages/backend/package.json around line 111, the
engines.pnpm field is set to "^10.18.0" which is inconsistent with the
repository root using "^10.18.3"; update the value to "^10.18.3" to match the
workspace and avoid version mismatches across the repo.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Version inconsistency: Consider updating to ^10.18.3.

The engines.pnpm constraint was updated to ^10.18.0, but the root workspace package.json uses ^10.18.3, and the broader PR context (including core-generators, project-creator, and mise.toml) standardizes on 10.18.3. For consistency across the repository, consider updating this to ^10.18.3.

Apply this diff to align with the repository-wide pnpm version:

-    "pnpm": "^10.18.0"
+    "pnpm": "^10.18.3"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"pnpm": "^10.18.0"
	"pnpm": "^10.18.3"

🤖 Prompt for AI Agents

In examples/todo-with-auth0/packages/web/package.json around line 94, the
engines.pnpm field is ^10.18.0 but the repo standard is ^10.18.3; update the
engines.pnpm value to ^10.18.3 to match the root workspace package.json and
other project files so versions are consistent across the repository.