Switch root package manager to pnpm 10

[styfle]

Summary

• pin the root package manager to pnpm 10.33.0 with the requested integrity string
• add root pnpm workspace settings with minimumReleaseAge: 2880, scoped to the root package so standalone examples keep their own dependency graphs
• keep pnpm native build approvals in pnpm workspace files instead of package manifests
• update CI to enable pnpm through Corepack and install with a frozen lockfile, without package-manager cache logic
• simplify the CI Corepack step to corepack enable pnpm
• add the Prettier package-json plugin required by the shared style guide under pnpm 10
• preserve standalone pnpm installs for example app folders via exact .npmrc files with ignore-workspace=true
• replace SEO vercel.json install overrides with standalone pnpm workspace/npmrc config
• ignore generated next-env.d.ts files in root Prettier checks

Testing

• pnpm install --frozen-lockfile
• pnpm test
• pnpm install --frozen-lockfile && pnpm build in basics/learn-starter/
• pnpm install --frozen-lockfile && pnpm exec next --version in dashboard/final-example/
• pnpm install --frozen-lockfile && pnpm exec next --version in dashboard/starter-example/
• pnpm install --frozen-lockfile && pnpm build in seo/
• pnpm install --frozen-lockfile && pnpm build in seo/demo/
• PR checks passed: test, Socket Security, and all Vercel preview deployments

  

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
next-learn-dashboard	Ready	Preview, Comment, Open in v0	May 21, 2026 10:36pm
next-learn-starter	Ready	Preview, Comment, Open in v0	May 21, 2026 10:36pm
next-seo-starter	Ready	Preview, Comment, Open in v0	May 21, 2026 10:36pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​next@​14.2.33 ⏵ 14.2.35	+1	+21	+1	+49
	npm/​lodash@​4.18.1
	github/​actions/​setup-node@​3235b876344d2a9aa001b8d1453c930bba69e610 ⏵ 49933ea5288caeca8642d1e84afbd3f7d6820020	+18				+21
	npm/​@​tailwindcss/​forms@​0.5.11

View full report

[vercel]

Commit c3c8c19 removed pnpm.onlyBuiltDependencies from sub-project package.json files, breaking native module builds when these projects are installed standalone (outside the workspace).

[styfle]

They were moved into pnpm-workspace.yaml

[vercel]

The pnpm-workspace.yaml settings won't apply to these sub-projects when they're installed standalone. I verified this locally:

With --ignore-workspace (as used in seo/vercel.json and seo/demo/vercel.json):
The parent pnpm-workspace.yaml's onlyBuiltDependencies is ignored, and pnpm outputs:

Ignored build scripts: sharp@0.33.5.
Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts.

With pnpm.onlyBuiltDependencies in the sub-project's own package.json:
Sharp's install script runs correctly:

.../sharp@0.33.5/node_modules/sharp install$ node install/check
.../sharp@0.33.5/node_modules/sharp install: Done

Since --ignore-workspace causes pnpm to ignore the entire pnpm-workspace.yaml file (not just workspace package linking), the standalone sub-projects need their own pnpm.onlyBuiltDependencies in their package.json.