PNPM project testing and import degraded for SCM scans in regional environments

Update timeline

1. investigating Dec 18, 2025, 07:11 AM UTC

   We have detected an issue that is causing SCM scans of PNPM projects to be mis-attributed to NPM or Yarn. This is only occurring in the regional hosted environments (customers that login on sites other than app.snyk.io) Symptoms: * PNPM projects may be detected as NPM projects, or display import errors due to missing yarn.lock files. * Customers using set-and-forget may notice that projects previously detected as PNPM are deactivated and new NPM projects are created. * Customers may notice a change in dependency or vulnerability reports for these projects. This does not affect customers on app.snyk.io This does not affect customers using Snyk CLI to scan pnpm projects, where the PNPM option is enabled in snyk preview. We will update with further information as it becomes available

2. identified Dec 18, 2025, 03:44 PM UTC

   Our Engineers have identified the root cause and are now working on a solution. We'll keep you updated with our progress.

3. monitoring Dec 18, 2025, 10:38 PM UTC

   We have applied a fix for this issue, and projects are now testing and importing correctly. * Customers who have been affected are advised to import the affected repos again to ensure that projects are correctly identified, and any projects that were not able to import due to this incident are imported correctly. There is no need to delete existing projects.

4. resolved Jan 06, 2026, 07:14 AM UTC

   This incident has now been resolved. The Snyk Incident Response has now been stood down.