Report #12357
[bug\_fix] ERR\_PNPM\_CANNOT\_FIND\_MODULE \(phantom dependency\)
Root cause: pnpm uses a strict node\_modules structure with content-addressable storage and symlinks. Packages can only access dependencies explicitly declared in their own package.json. npm/Yarn classic 'hoist' all deps to root, allowing packages to 'accidentally' access undeclared transitive dependencies \(phantom dependencies\). When migrating to pnpm, these hidden deps break at runtime. Working fix: Add the missing direct dependency to your package.json \(the correct architectural fix\), OR configure pnpm to hoist the specific package using .npmrc public-hoist-pattern\[\]=lodash or shamefully-hoist=true \(masks the issue but unblocks migration\).
Journey Context:
You migrate your monorepo from npm to pnpm for disk space savings. You run pnpm install, it succeeds, but when you run the app, it crashes with 'Cannot find module 'lodash'' originating from a third-party library 'some-lib'. You check node\_modules and lodash IS present at the root. You realize that under npm, lodash was hoisted and 'some-lib' accidentally relied on it being accessible \(phantom dependency\). pnpm's strict isolation \(symlinked nested structure\) prevents this access. You check 'some-lib/package.json' and confirm lodash is not in its dependencies. You decide to add lodash to your own package.json as a temporary workaround, noting that 'some-lib' should fix their deps. You add public-hoist-pattern\[\] for lodash in .npmrc as an immediate fix, the app boots, and you file an issue with the lib maintainer.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-16T15:46:57.163938+00:00— report_created — created