feat: dangerouslyAllowAllBuilds allows to enable the build of all dependencies (#9440)

close #9102
2025-12-24 07:38:12 -05:00 · 2025-04-20 13:13:11 +02:00
parent 9c3dd03710
commit 56bb69b004
9 changed files with 69 additions and 0 deletions
--- a/.changeset/long-windows-lay.md
+++ b/.changeset/long-windows-lay.md
@@ -0,0 +1,22 @@
+---
+"@pnpm/config": minor
+"pnpm": minor
+---
+
+Added a new setting, `dangerouslyAllowAllBuilds`, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to `pnpm-workspace.yaml`:
+
+```yaml
+neverBuiltDependencies: []
+```
+
+`dangerouslyAllowAllBuilds` has the same effect but also allows to be set globally via:
+
+```
+pnpm config set dangerouslyAllowAllBuilds true
+```
+
+It can also be set when running a command:
+
+```
+pnpm install --dangerously-allow-all-builds
+```
--- a/config/config/src/Config.ts
+++ b/config/config/src/Config.ts
@@ -218,6 +218,7 @@ export interface Config extends OptionsFromRootManifest {
  strictDepBuilds: boolean
  syncInjectedDepsAfterScripts?: string[]
  initPackageManager: boolean
+  dangerouslyAllowAllBuilds: boolean
 }

 export interface ConfigWithDeprecatedSettings extends Config {
--- a/config/config/src/index.ts
+++ b/config/config/src/index.ts
@@ -121,6 +121,7 @@ export async function getConfig (opts: {
    'auto-install-peers': true,
    bail: true,
    color: 'auto',
+    'dangerously-allow-all-builds': false,
    'deploy-all-files': false,
    'dedupe-peer-dependents': true,
    'dedupe-direct-deps': false,
@@ -519,6 +520,13 @@ export async function getConfig (opts: {
    pnpmConfig.dev = true
  }

+  if (pnpmConfig.dangerouslyAllowAllBuilds) {
+    if (pnpmConfig.neverBuiltDependencies && pnpmConfig.neverBuiltDependencies.length > 0) {
+      warnings.push('You have set dangerouslyAllowAllBuilds to true. The dependencies listed in neverBuiltDependencies will run their scripts.')
+    }
+    pnpmConfig.neverBuiltDependencies = []
+  }
+
  transformPathKeys(pnpmConfig, os.homedir())

  return { config: pnpmConfig, warnings }
--- a/config/config/src/types.ts
+++ b/config/config/src/types.ts
@@ -9,6 +9,7 @@ export const types = Object.assign({
  'merge-git-branch-lockfiles-branch-pattern': Array,
  color: ['always', 'auto', 'never'],
  'config-dir': String,
+  'dangerously-allow-all-builds': Boolean,
  'deploy-all-files': Boolean,
  'dedupe-peer-dependents': Boolean,
  'dedupe-direct-deps': Boolean,
--- a/config/config/test/fixtures/never-built-dependencies/pnpm-workspace.yaml
+++ b/config/config/test/fixtures/never-built-dependencies/pnpm-workspace.yaml
@@ -0,0 +1,2 @@
+neverBuiltDependencies:
+  - foo
--- a/config/config/test/index.ts
+++ b/config/config/test/index.ts
@@ -1076,3 +1076,35 @@ test('settings shamefullyHoist in pnpm-workspace.yaml should take effect', async
  expect(config.publicHoistPattern).toStrictEqual(['*'])
  expect(config.rawConfig['shamefully-hoist']).toBe(true)
 })
+
+test('when dangerouslyAllowAllBuilds is set to true neverBuiltDependencies is set to an empty array', async () => {
+  const { config } = await getConfig({
+    cliOptions: {
+      'dangerously-allow-all-builds': true,
+    },
+    packageManager: {
+      name: 'pnpm',
+      version: '1.0.0',
+    },
+  })
+
+  expect(config.neverBuiltDependencies).toStrictEqual([])
+})
+
+test('when dangerouslyAllowAllBuilds is set to true and neverBuiltDependencies not empty, a warning is returned', async () => {
+  const workspaceDir = f.find('never-built-dependencies')
+  process.chdir(workspaceDir)
+  const { config, warnings } = await getConfig({
+    cliOptions: {
+      'dangerously-allow-all-builds': true,
+    },
+    packageManager: {
+      name: 'pnpm',
+      version: '1.0.0',
+    },
+    workspaceDir,
+  })
+
+  expect(config.neverBuiltDependencies).toStrictEqual([])
+  expect(warnings).toStrictEqual(['You have set dangerouslyAllowAllBuilds to true. The dependencies listed in neverBuiltDependencies will run their scripts.'])
+})
--- a/pkg-manager/plugin-commands-installation/src/add.ts
+++ b/pkg-manager/plugin-commands-installation/src/add.ts
@@ -15,6 +15,7 @@ export function rcOptionsTypes (): Record<string, unknown> {
  return pick([
    'cache-dir',
    'child-concurrency',
+    'dangerously-allow-all-builds',
    'engine-strict',
    'fetch-retries',
    'fetch-retry-factor',
--- a/pkg-manager/plugin-commands-installation/src/install.ts
+++ b/pkg-manager/plugin-commands-installation/src/install.ts
@@ -13,6 +13,7 @@ export function rcOptionsTypes (): Record<string, unknown> {
  return pick([
    'cache-dir',
    'child-concurrency',
+    'dangerously-allow-all-builds',
    'dev',
    'engine-strict',
    'fetch-retries',
--- a/pkg-manager/plugin-commands-installation/src/update/index.ts
+++ b/pkg-manager/plugin-commands-installation/src/update/index.ts
@@ -25,6 +25,7 @@ import { parseUpdateParam } from '../recursive'
 export function rcOptionsTypes (): Record<string, unknown> {
  return pick([
    'cache-dir',
+    'dangerously-allow-all-builds',
    'depth',
    'dev',
    'engine-strict',