Package Management

All package operations run through PNPM inside DDEV. This ensures every developer uses identical Node and PNPM versions regardless of what is installed locally.

ddev pnpm <command>

Add a Dependency

ddev pnpm add package-name        # Latest stable
ddev pnpm add package-name@1.2.3  # Specific version

Always pin versions. Unpinned versions cause unpredictable builds.

Update a Dependency

ddev pnpm add package-name@2.0.0  # Update to new version
ddev pnpm update                  # Update all packages

ddev update-packages

For a automagic experience.

Before running pnpm update:

Review the diff
Check changelogs
Test the application

Remove a Dependency

ddev pnpm remove package-name

This updates both package.json and pnpm-lock.yaml.

Sync After Changes

After pulling new code:

ddev pnpm install

This ensures node_modules matches the lockfile.

When to Add Dependencies

Good reasons:

Solving a real problem (not “it’s nice”)
Actively maintained (check commits, issues, downloads)
No built-in alternative exists

Avoid:

latest, alpha, beta versions
Random packages from blog posts
Dependencies you don’t understand

Quick Reference

Task	Command
Install	`ddev pnpm add pkg@version`
Update	`ddev pnpm add pkg@new-version`
Update all	`ddev pnpm update`
Remove	`ddev pnpm remove pkg`
Sync	`ddev pnpm install`