Comment by lrvick

pnpm cannot be built from source without an existing pnpm binary making it ineligible for inclusion in any reproducible Linux distro, for good reason, as there is no way to rule out a trusting trust attack.

Pnpm should be considered for hobby use cases only.