feat!: change the default values of blockExoticSubdeps and strictDepBuilds (#10332)

2025-12-23 23:29:17 -05:00 · 2025-12-22 14:36:46 +01:00
parent 97cf97609e
commit 1cc61e87bc
9 changed files with 22 additions and 2 deletions
--- a/.changeset/cyan-moons-drive.md
+++ b/.changeset/cyan-moons-drive.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/config": major
+"pnpm": major
+---
+
+`strictDepBuilds` is `true` by default.
--- a/.changeset/evil-boats-do.md
+++ b/.changeset/evil-boats-do.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/config": major
+"pnpm": major
+---
+
+`blockExoticSubdeps` is `true` by default.
--- a/config/config/src/index.ts
+++ b/config/config/src/index.ts
@@ -203,14 +203,14 @@ export async function getConfig (opts: {
    'public-hoist-pattern': [],
    'recursive-install': true,
    registry: npmDefaults.registry,
-    'block-exotic-subdeps': false,
+    'block-exotic-subdeps': true,
    'resolution-mode': 'highest',
    'resolve-peers-from-workspace-root': true,
    'save-peer': false,
    'save-catalog-name': undefined,
    'save-workspace-protocol': 'rolling',
    'scripts-prepend-node-path': false,
-    'strict-dep-builds': false,
+    'strict-dep-builds': true,
    'side-effects-cache': true,
    symlink: true,
    'shared-workspace-lockfile': true,
--- a/exec/build-commands/test/approveBuilds.test.ts
+++ b/exec/build-commands/test/approveBuilds.test.ts
@@ -39,6 +39,7 @@ async function approveSomeBuilds (opts?: _ApproveBuildsOptions) {
    cacheDir: path.resolve('cache'),
    pnpmfile: [], // this is only needed because the pnpmfile returned by getConfig is string | string[]
    enableGlobalVirtualStore: false,
+    strictDepBuilds: false,
  }
  await install.handler({ ...config, argv: { original: [] } })

@@ -70,6 +71,7 @@ async function approveNoBuilds (opts?: _ApproveBuildsOptions) {
    storeDir: path.resolve('store'),
    cacheDir: path.resolve('cache'),
    pnpmfile: [], // this is only needed because the pnpmfile returned by getConfig is string | string[]
+    strictDepBuilds: false,
  }
  await install.handler({ ...config, argv: { original: [] } })

--- a/pnpm/test/configurationalDependencies.test.ts
+++ b/pnpm/test/configurationalDependencies.test.ts
@@ -46,6 +46,7 @@ test('selectively allow scripts in some dependencies by onlyBuiltDependenciesFil
      '@pnpm.e2e/build-allow-list': `1.0.0+${getIntegrity('@pnpm.e2e/build-allow-list', '1.0.0')}`,
    },
    onlyBuiltDependenciesFile: 'node_modules/.pnpm-config/@pnpm.e2e/build-allow-list/list.json',
+    strictDepBuilds: false,
  })

  await execPnpm(['add', '@pnpm.e2e/pre-and-postinstall-scripts-example@1.0.0', '@pnpm.e2e/install-script-example'])
--- a/pnpm/test/install/misc.ts
+++ b/pnpm/test/install/misc.ts
@@ -193,6 +193,7 @@ test('not top-level packages should find the plugins they use', async () => {
      test: 'standard',
    },
  })
+  fs.writeFileSync('pnpm-workspace.yaml', 'allowBuilds: { "es5-ext": false }', 'utf8')

  await execPnpm(['install', 'standard@8.6.0'])

--- a/pnpm/test/install/nodeRuntime.ts
+++ b/pnpm/test/install/nodeRuntime.ts
@@ -4,6 +4,7 @@ import { execPnpm } from '../utils/index.js'

 test('installing a CLI tool that requires a specific version of Node.js to be installed alongside it', async () => {
  prepare()
+  fs.writeFileSync('pnpm-workspace.yaml', 'allowBuilds: { "@pnpm.e2e/cli-with-node-engine@1.0.0": true }', 'utf8')

  await execPnpm(['add', '@pnpm.e2e/cli-with-node-engine@1.0.0'])
  await execPnpm(['exec', 'cli-with-node-engine'])
--- a/pnpm/test/server.ts
+++ b/pnpm/test/server.ts
@@ -152,6 +152,7 @@ test('stopping server fails when the server disallows stopping via remote call',
 skipOnWindows('uploading cache can be disabled without breaking install', async () => {
  await using setup = prepareServerTest(['--ignore-upload-requests'])
  const { project } = setup
+  fs.writeFileSync('pnpm-workspace.yaml', 'allowBuilds: { "es5-ext": false, "diskusage": true }', 'utf8')

  // TODO: remove the delay and run install by connecting it to the store server
  // Can be done once this gets implemented: https://github.com/pnpm/pnpm/issues/1018
--- a/store/plugin-commands-store/test/storeStatus.ts
+++ b/store/plugin-commands-store/test/storeStatus.ts
@@ -1,3 +1,4 @@
+import fs from 'fs'
 import path from 'path'
 import { type PnpmError } from '@pnpm/error'
 import { store } from '@pnpm/plugin-commands-store'
@@ -53,6 +54,7 @@ test('CLI fails when store status finds modified packages', async () => {

 test('CLI does not fail when store status does not find modified packages', async () => {
  const project = prepare()
+  fs.writeFileSync('pnpm-workspace.yaml', 'allowBuilds: { "es5-ext": false, "fsevents": true }', 'utf8')
  const tmp = temporaryDirectory()
  const cacheDir = path.join(tmp, 'cache')
  const storeDir = path.join(tmp, 'store')