chore: migrate package manager from npm to pnpm

.github/workflows/ci.yml

@@ -18,11 +18,14 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v4
 
+    - name: Setup pnpm
+      uses: pnpm/action-setup@v4
+
     - name: Setup Node.js
       uses: actions/setup-node@v4
       with:
         node-version: '20.x'
-        cache: 'npm'
+        cache: 'pnpm'
 
     - name: Install Circom
       run: |
@@ -60,21 +63,21 @@ jobs:
       continue-on-error: true
 
     - name: Install dependencies
-      run: npm ci
+      run: pnpm install --frozen-lockfile
 
     - name: Run linter
       run: |
-        npm run format:check
-        npm run lint:circom
+        pnpm run format:check
+        pnpm run lint:circom
 
     - name: Build all circuits
-      run: npm run build-all
+      run: pnpm run build-all
 
     - name: Generate manifest (strict)
-      run: MANIFEST_REQUIRE_ALL=true npm run manifest
+      run: MANIFEST_REQUIRE_ALL=true pnpm run manifest
 
     - name: Run tests
-      run: npm test
+      run: pnpm test
 
     - name: Upload artifacts
       uses: actions/upload-artifact@v4
@@ -93,16 +96,20 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v4
 
+    - name: Setup pnpm
+      uses: pnpm/action-setup@v4
+
     - name: Setup Node.js
       uses: actions/setup-node@v4
       with:
         node-version: '20.x'
+        cache: 'pnpm'
 
     - name: Install dependencies
-      run: npm ci
+      run: pnpm install --frozen-lockfile
 
     - name: Run security audit
-      run: npm audit --audit-level=moderate
+      run: pnpm audit --audit-level=moderate
       continue-on-error: true
 
     - name: Check for secrets

.github/workflows/release.yml

@@ -26,11 +26,14 @@ jobs:
               with:
                   fetch-depth: 0
 
+            - name: Setup pnpm
+              uses: pnpm/action-setup@v4
+
             - name: Setup Node.js
               uses: actions/setup-node@v4
               with:
                   node-version: "22"
-                  cache: "npm"
+                  cache: "pnpm"
 
             - name: Extract version from package.json
               id: version
@@ -69,15 +72,15 @@ jobs:
 
             - name: Install dependencies
               if: steps.check_tag.outputs.exists == 'false'
-              run: npm ci
+              run: pnpm install --frozen-lockfile
 
             - name: Build all circuits
               if: steps.check_tag.outputs.exists == 'false'
-              run: npm run build-all
+              run: pnpm run build-all
 
             - name: Generate manifest (strict)
               if: steps.check_tag.outputs.exists == 'false'
-              run: MANIFEST_REQUIRE_ALL=true npm run manifest
+              run: MANIFEST_REQUIRE_ALL=true pnpm run manifest
 
             - name: Convert .zkey to .ark format
               if: steps.check_tag.outputs.exists == 'false'
@@ -282,7 +285,7 @@ jobs:
                   if npm view @orbinum/circuits@$VERSION version >/dev/null 2>&1; then
                     echo "⚠️ Version $VERSION already published on npm. Skipping publish."
                   else
-                    npm publish
+                    pnpm publish --no-git-checks
                   fi
               env:
                   NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

CHANGELOG.md

@@ -5,6 +5,38 @@ All notable changes to Orbinum Circuits will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.5.1] - 2026-04-21
+
+### Changed
+
+- **Package manager migrated from npm to pnpm**:
+    - `package.json`: added `packageManager` field (`pnpm@10.32.1`); replaced `npm run` with `pnpm run` in composite scripts (`compile`, `setup`, `build-all:manifest`); `clean` script now removes `pnpm-lock.yaml` instead of `package-lock.json`.
+    - `pnpm-lock.yaml` added; `package-lock.json` removed.
+- **CI pipeline** (`.github/workflows/ci.yml`):
+    - Added `pnpm/action-setup@v4` step (no explicit `version`; resolved from `packageManager` in `package.json`) in both `build` and `security` jobs, before the Node.js setup step.
+    - Changed `cache: 'npm'` → `cache: 'pnpm'` in `actions/setup-node`.
+    - `npm ci` → `pnpm install --frozen-lockfile`.
+    - All `npm run <script>` invocations → `pnpm run <script>`.
+    - `npm audit` → `pnpm audit`.
+- **Release pipeline** (`.github/workflows/release.yml`):
+    - Added `pnpm/action-setup@v4` step (no explicit `version`; resolved from `packageManager` in `package.json`) before the Node.js setup step.
+    - Changed `cache: "npm"` → `cache: "pnpm"` in `actions/setup-node`.
+    - `npm ci` → `pnpm install --frozen-lockfile`.
+    - All `npm run <script>` invocations → `pnpm run <script>`.
+    - `npm publish` → `pnpm publish --no-git-checks`.
+- **Dev dependency updates** (`package.json`):
+    - `@types/chai`: `^4.3.11` → `^4.3.20`
+    - `@types/mocha`: `^10.0.6` → `^10.0.10`
+    - `@types/node`: `^20.10.0` → `^20.19.39`
+    - `chai`: `^4.3.10` → `^4.5.0`
+    - `ffjavascript`: `^0.2.60` → `^0.2.63`
+    - `husky`: `^9.0.11` → `^9.1.7`
+    - `lint-staged`: `^15.2.0` → `^15.5.2`
+    - `mocha`: `^10.2.0` → `^10.8.2`
+    - `prettier`: `^3.2.4` → `^3.8.3`
+    - `snarkjs`: `^0.7.0` → `^0.7.6`
+    - `typescript`: `^5.3.3` → `^5.9.3`
+
 ## [0.5.0] - 2026-04-12
 
 ### Added