diff --git a/.github/workflows/build-js.yml b/.github/workflows/build-js.yml
index c69e5db80..258957ba6 100644
--- a/.github/workflows/build-js.yml
+++ b/.github/workflows/build-js.yml
@@ -13,12 +13,11 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: pnpm/action-setup@v2
-        with:
-          version: 9.0.6
+      # Version is read from the root package.json "packageManager" field.
+      - uses: pnpm/action-setup@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version-file: '.node-version'
           cache: pnpm
           cache-dependency-path: 'pnpm-lock.yaml'
 
diff --git a/.github/workflows/publish-npm-package.yml b/.github/workflows/publish-npm-package.yml
index 2ee8ba613..334ab5e57 100644
--- a/.github/workflows/publish-npm-package.yml
+++ b/.github/workflows/publish-npm-package.yml
@@ -29,12 +29,11 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: pnpm/action-setup@v2
-        with:
-          version: 9.15.4
+      # Version is read from the root package.json "packageManager" field.
+      - uses: pnpm/action-setup@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version-file: ".node-version"
           registry-url: "https://registry.npmjs.org"
           cache: pnpm
           cache-dependency-path: "**/pnpm-lock.yaml"
diff --git a/.node-version b/.node-version
new file mode 100644
index 000000000..ca5c35005
--- /dev/null
+++ b/.node-version
@@ -0,0 +1 @@
+24.18.0
diff --git a/package.json b/package.json
index f9231c4ca..d43606a47 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,10 @@
 {
   "name": "OpenUI",
   "version": "1.0.0",
+  "packageManager": "pnpm@11.9.0",
+  "engines": {
+    "node": "24.18.0"
+  },
   "description": "The open standard for generative UI — a streaming-first language, React runtime, and component libraries for building AI-powered chat and copilot interfaces",
   "main": "index.js",
   "scripts": {
@@ -44,17 +48,5 @@
   },
   "bugs": {
     "url": "https://github.com/thesysdev/openui/issues"
-  },
-  "pnpm": {
-    "overrides": {
-      "langsmith@<0.6.0": "^0.6.0",
-      "ip-address@<10.1.1": ">=10.1.1",
-      "postcss@<8.5.10": ">=8.5.10",
-      "qs@<6.15.2": ">=6.15.2",
-      "uuid@<11.1.1": "^11.1.1",
-      "cookie@<0.7.0": ">=0.7.0",
-      "prismjs@<1.30.0": ">=1.30.0",
-      "@ai-sdk/provider-utils@<=3.0.97": "^4.0.27"
-    }
   }
 }
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 58e5a2736..44bd4f470 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -4,6 +4,46 @@ packages:
   - "docs/"
   - "!**/src/templates/**"
 
+# --- Supply-chain hardening (pnpm 11+) ---
+# Lifecycle (preinstall/install/postinstall) scripts are blocked by default in
+# pnpm 11. Every dependency that has a build script must be explicitly decided
+# here (true = allowed to run, false = blocked). Anything not listed is blocked
+# AND re-prompts on install, so we list all of them. Keep `true` minimal and
+# limited to dependencies that genuinely need a native/binary build.
+allowBuilds:
+  # Native/binary builds we actually need:
+  "@parcel/watcher": true # native file-watcher (nitropack/vite)
+  esbuild: true # fetches the platform binary
+  sharp: true # native libvips image processing
+  unrs-resolver: true # native module-resolution binding
+  # Intentionally blocked (telemetry / cosmetic / unnecessary):
+  "@google/genai": false # preinstall notice only
+  "@scarf/scarf": false # analytics/telemetry beacon
+  core-js: false # postinstall console ad
+  protobufjs: false # not needed at install time
+
+# Cooldown: refuse to install package versions published less than this many
+# minutes ago. Defends against freshly-published compromised releases
+# (e.g. self-propagating npm worms) by giving the ecosystem time to react.
+# 1440 = 24h. Raise for stronger protection at the cost of update latency.
+minimumReleaseAge: 1440
+
+# Make sure node_modules matches the lockfile before running any script, so
+# scripts never execute against a stale or tampered-with dependency tree.
+verifyDepsBeforeRun: install
+
+# Security overrides for known-vulnerable transitive dependencies (CVE pins).
+# pnpm 11 reads overrides from here, NOT from the package.json "pnpm" field.
+overrides:
+  "langsmith@<0.6.0": "^0.6.0"
+  "ip-address@<10.1.1": ">=10.1.1"
+  "postcss@<8.5.10": ">=8.5.10"
+  "qs@<6.15.2": ">=6.15.2"
+  "uuid@<11.1.1": "^11.1.1"
+  "cookie@<0.7.0": ">=0.7.0"
+  "prismjs@<1.30.0": ">=1.30.0"
+  "@ai-sdk/provider-utils@<=3.0.97": "^4.0.27"
+
 # Centralized dependency versions shared across packages.
 # Reference these from a package.json with the "catalog:" protocol.
 catalog: