Migrate to pnpm

[vbfox]

This will allow us to enforce an age-gate and limit lifecycle scripts.

[Copilot]

Pull request overview

This PR migrates the project from npm/yarn to pnpm as the package manager, enabling enhanced security features including a 24-hour age-gate for new package releases and controlled lifecycle script execution. The migration ensures safer dependency management while maintaining all existing functionality.

Key changes:

• Introduces pnpm configuration with security controls (24-hour minimum release age, restricted lifecycle scripts)
• Updates all package manager commands from npm/yarn to pnpm across scripts, documentation, and CI workflows
• Adds a new ci script for running linting and formatting checks locally

Reviewed changes

Copilot reviewed 5 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pnpm-workspace.yaml	New file configuring pnpm security features: 24-hour release age gate, lifecycle script restrictions
package.json	Updates scripts to use pnpm directly instead of yarn, adds packageManager field pinning pnpm@10.23.0, introduces new ci script
.github/workflows/ci.yml	Updates CI workflow commands from npm to pnpm, adds corepack enable step
README.md	Updates installation and usage instructions to use pnpm commands instead of npm
tsconfig.json	Removes trailing commas for cleaner JSON formatting
.prettierignore	Adds pnpm-lock.yaml to prevent formatting of lockfile

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.