diff --git a/.changeset/good-llamas-dream.md b/.changeset/good-llamas-dream.md deleted file mode 100644 index 0236f50f01..0000000000 --- a/.changeset/good-llamas-dream.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -"@pnpm/lockfile-to-pnp": patch -"pnpm": patch ---- - -Fix `.pnp.cjs` crash when importing subpath [#9904](https://github.com/pnpm/pnpm/issues/9904). - diff --git a/.changeset/tiny-terms-stop.md b/.changeset/tiny-terms-stop.md deleted file mode 100644 index b2aa0af2f9..0000000000 --- a/.changeset/tiny-terms-stop.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -"@pnpm/link-bins": patch ---- - -Replace `p-settle` with the builtin `Promise.allSettled` diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index eefc0526b5..d81d248e15 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Checkout Commit - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install pnpm uses: pnpm/action-setup@v4.1.0 with: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 180eaf084b..ab7ad7e443 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,7 +36,7 @@ jobs: git config --global user.name "xyz" git config --global user.email "x@y.z" - name: Checkout Commit - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install pnpm uses: pnpm/action-setup@v4.1.0 with: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6b1b186ba4..af39172d6e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -42,7 +42,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bedf88214b..f09addd2a2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -16,7 +16,7 @@ jobs: environment: release steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Install ldid run: | sudo apt-get update diff --git a/.github/workflows/update-latest.yml b/.github/workflows/update-latest.yml index 36994bce2e..668874b1c9 100644 --- a/.github/workflows/update-latest.yml +++ b/.github/workflows/update-latest.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 - name: Update tag env: "npm_config_//registry.npmjs.org/:_authToken": ${{ secrets.NPM_TOKEN }} diff --git a/.meta-updater/CHANGELOG.md b/.meta-updater/CHANGELOG.md index c33f894dbd..ac67f3fb8f 100644 --- a/.meta-updater/CHANGELOG.md +++ b/.meta-updater/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm-private/updater +## 1000.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/workspace.read-manifest@1000.2.3 + ## 3.0.19 ### Patch Changes diff --git a/.meta-updater/package.json b/.meta-updater/package.json index 77920cca79..01dcb4467a 100644 --- a/.meta-updater/package.json +++ b/.meta-updater/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm-private/updater", - "version": "1000.0.0", + "version": "1000.0.1", "private": true, "type": "module", "scripts": { diff --git a/__utils__/assert-project/CHANGELOG.md b/__utils__/assert-project/CHANGELOG.md index fb4d4bccc7..3eee5ac727 100644 --- a/__utils__/assert-project/CHANGELOG.md +++ b/__utils__/assert-project/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/assert-project +## 1000.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/assert-store@1000.0.1 + ## 4.0.16 ### Patch Changes diff --git a/__utils__/assert-project/package.json b/__utils__/assert-project/package.json index 01ce92cf39..2424cd3624 100644 --- a/__utils__/assert-project/package.json +++ b/__utils__/assert-project/package.json @@ -1,7 +1,7 @@ { "name": "@pnpm/assert-project", "description": "Utils for testing projects that use pnpm", - "version": "1000.0.0", + "version": "1000.0.1", "author": { "name": "Zoltan Kochan", "email": "z@kochan.io", diff --git a/__utils__/assert-store/CHANGELOG.md b/__utils__/assert-store/CHANGELOG.md index ca91c5ae7c..c780fd2554 100644 --- a/__utils__/assert-store/CHANGELOG.md +++ b/__utils__/assert-store/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/assert-store +## 1000.0.1 + +### Patch Changes + +- @pnpm/store.cafs@1000.0.17 + ## 2.0.16 ### Patch Changes diff --git a/__utils__/assert-store/package.json b/__utils__/assert-store/package.json index e6f3c239cb..d799d89696 100644 --- a/__utils__/assert-store/package.json +++ b/__utils__/assert-store/package.json @@ -1,7 +1,7 @@ { "name": "@pnpm/assert-store", "description": "Utils for testing pnpm store", - "version": "1000.0.0", + "version": "1000.0.1", "bugs": { "url": "https://github.com/pnpm/pnpm/issues" }, diff --git a/__utils__/jest-config/CHANGELOG.md b/__utils__/jest-config/CHANGELOG.md index c8a32f2676..9687d612ca 100644 --- a/__utils__/jest-config/CHANGELOG.md +++ b/__utils__/jest-config/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/jest-config +## 1000.0.1 + +### Patch Changes + +- @pnpm/worker@1000.1.12 + ## 1.0.22 ### Patch Changes diff --git a/__utils__/jest-config/package.json b/__utils__/jest-config/package.json index fc85542b64..e914399bba 100644 --- a/__utils__/jest-config/package.json +++ b/__utils__/jest-config/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/jest-config", - "version": "1000.0.0", + "version": "1000.0.1", "private": true, "main": "jest-preset.js", "type": "module", diff --git a/__utils__/prepare/CHANGELOG.md b/__utils__/prepare/CHANGELOG.md index a99900e413..e242fc42b1 100644 --- a/__utils__/prepare/CHANGELOG.md +++ b/__utils__/prepare/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/prepare +## 1000.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/assert-project@1000.0.1 + ## 0.0.123 ### Patch Changes diff --git a/__utils__/prepare/package.json b/__utils__/prepare/package.json index be484de609..2c04a842b9 100644 --- a/__utils__/prepare/package.json +++ b/__utils__/prepare/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/prepare", - "version": "1000.0.0", + "version": "1000.0.1", "main": "lib/index.js", "types": "lib/index.d.ts", "type": "module", diff --git a/cache/api/CHANGELOG.md b/cache/api/CHANGELOG.md index 445ec372d4..b864a6d874 100644 --- a/cache/api/CHANGELOG.md +++ b/cache/api/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/cache.api +## 1000.0.29 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/config@1004.3.0 + - @pnpm/store.cafs@1000.0.17 + ## 1000.0.28 ### Patch Changes diff --git a/cache/api/package.json b/cache/api/package.json index 6cc00d5033..767c37a241 100644 --- a/cache/api/package.json +++ b/cache/api/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cache.api", - "version": "1000.0.28", + "version": "1000.0.29", "description": "API for controlling the cache", "keywords": [ "pnpm", diff --git a/cache/commands/CHANGELOG.md b/cache/commands/CHANGELOG.md index d2688c97c1..450d4d3fb8 100644 --- a/cache/commands/CHANGELOG.md +++ b/cache/commands/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/cache.commands +## 1000.0.35 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/cache.api@1000.0.29 + +## 1000.0.34 + +### Patch Changes + +- @pnpm/cli-utils@1001.1.2 + ## 1000.0.33 ### Patch Changes diff --git a/cache/commands/package.json b/cache/commands/package.json index 31240590ae..49b272422d 100644 --- a/cache/commands/package.json +++ b/cache/commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cache.commands", - "version": "1000.0.33", + "version": "1000.0.35", "description": "Commands for controlling the cache", "keywords": [ "pnpm", diff --git a/cli/cli-meta/CHANGELOG.md b/cli/cli-meta/CHANGELOG.md index f175ff56c1..fb598d2507 100644 --- a/cli/cli-meta/CHANGELOG.md +++ b/cli/cli-meta/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/cli-meta +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/cli/cli-meta/package.json b/cli/cli-meta/package.json index f4942cc0d2..dbe40845b5 100644 --- a/cli/cli-meta/package.json +++ b/cli/cli-meta/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cli-meta", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Reads the metainfo of the currently running pnpm instance", "keywords": [ "pnpm", diff --git a/cli/cli-utils/CHANGELOG.md b/cli/cli-utils/CHANGELOG.md index 1ecc1e0de9..156389545c 100644 --- a/cli/cli-utils/CHANGELOG.md +++ b/cli/cli-utils/CHANGELOG.md @@ -1,5 +1,34 @@ # @pnpm/cli-utils +## 1001.2.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/pnpmfile@1002.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/config.deps-installer@1000.0.12 + - @pnpm/default-reporter@1002.0.6 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/read-project-manifest@1001.1.1 + +## 1001.1.2 + +### Patch Changes + +- @pnpm/store-connection-manager@1002.0.11 +- @pnpm/config.deps-installer@1000.0.11 + ## 1001.1.1 ### Patch Changes diff --git a/cli/cli-utils/package.json b/cli/cli-utils/package.json index df0d699299..0ef922c277 100644 --- a/cli/cli-utils/package.json +++ b/cli/cli-utils/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/cli-utils", - "version": "1001.1.1", + "version": "1001.2.0", "description": "Utils for pnpm commands", "keywords": [ "pnpm", diff --git a/cli/cli-utils/src/getConfig.ts b/cli/cli-utils/src/getConfig.ts index ae9d28199c..66b2a6c277 100644 --- a/cli/cli-utils/src/getConfig.ts +++ b/cli/cli-utils/src/getConfig.ts @@ -43,12 +43,13 @@ export async function getConfig ( const configModulesDir = path.join(config.lockfileDir ?? config.rootProjectManifestDir, 'node_modules/.pnpm-config') pnpmfiles.unshift(...calcPnpmfilePathsOfPluginDeps(configModulesDir, config.configDependencies)) } - const { hooks, resolvedPnpmfilePaths } = requireHooks(config.lockfileDir ?? config.dir, { + const { hooks, finders, resolvedPnpmfilePaths } = requireHooks(config.lockfileDir ?? config.dir, { globalPnpmfile: config.globalPnpmfile, pnpmfiles, tryLoadDefaultPnpmfile: config.tryLoadDefaultPnpmfile, }) config.hooks = hooks + config.finders = finders config.pnpmfile = resolvedPnpmfilePaths if (config.hooks?.updateConfig) { for (const updateConfig of config.hooks.updateConfig) { diff --git a/cli/default-reporter/CHANGELOG.md b/cli/default-reporter/CHANGELOG.md index b1e395d0c3..76854500f1 100644 --- a/cli/default-reporter/CHANGELOG.md +++ b/cli/default-reporter/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/default-reporter +## 1002.0.6 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/render-peer-issues@1002.0.3 + ## 1002.0.5 ### Patch Changes diff --git a/cli/default-reporter/package.json b/cli/default-reporter/package.json index baadca6e60..74ddf28cf1 100644 --- a/cli/default-reporter/package.json +++ b/cli/default-reporter/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/default-reporter", - "version": "1002.0.5", + "version": "1002.0.6", "description": "The default reporter of pnpm", "keywords": [ "pnpm", diff --git a/cli/parse-cli-args/CHANGELOG.md b/cli/parse-cli-args/CHANGELOG.md index e42a45e8a3..6040d38d89 100644 --- a/cli/parse-cli-args/CHANGELOG.md +++ b/cli/parse-cli-args/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/parse-cli-args +## 1000.1.3 + +### Patch Changes + +- 7e89138: Fix deprecation warning printed when executing pnpm with Node.js 24 [#9529](https://github.com/pnpm/pnpm/issues/9529). + ## 1000.1.2 ### Patch Changes diff --git a/cli/parse-cli-args/package.json b/cli/parse-cli-args/package.json index 209a3e7fea..f8f2af54f8 100644 --- a/cli/parse-cli-args/package.json +++ b/cli/parse-cli-args/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/parse-cli-args", - "version": "1000.1.2", + "version": "1000.1.3", "description": "Parses the CLI args passed to pnpm", "keywords": [ "pnpm", diff --git a/completion/plugin-commands-completion/CHANGELOG.md b/completion/plugin-commands-completion/CHANGELOG.md index 42e5da63e7..e6cd6f4b6d 100644 --- a/completion/plugin-commands-completion/CHANGELOG.md +++ b/completion/plugin-commands-completion/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/plugin-commands-completion +## 1000.0.32 + +### Patch Changes + +- 7e89138: Fix deprecation warning printed when executing pnpm with Node.js 24 [#9529](https://github.com/pnpm/pnpm/issues/9529). +- Updated dependencies [7e89138] +- Updated dependencies [e792927] + - @pnpm/parse-cli-args@1000.1.3 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/workspace.find-packages@1000.0.35 + - @pnpm/workspace.read-manifest@1000.2.3 + ## 1000.0.31 ### Patch Changes diff --git a/completion/plugin-commands-completion/package.json b/completion/plugin-commands-completion/package.json index 8714f639d3..4237261b45 100644 --- a/completion/plugin-commands-completion/package.json +++ b/completion/plugin-commands-completion/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-completion", - "version": "1000.0.31", + "version": "1000.0.32", "description": "Commands for shell completions", "keywords": [ "pnpm", diff --git a/config/config-writer/CHANGELOG.md b/config/config-writer/CHANGELOG.md index 1a57074033..ff4421ac0a 100644 --- a/config/config-writer/CHANGELOG.md +++ b/config/config-writer/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/config.config-writer +## 1000.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/workspace.manifest-writer@1001.0.1 + ## 1000.0.10 ### Patch Changes diff --git a/config/config-writer/package.json b/config/config-writer/package.json index f9fb636419..5033f92e34 100644 --- a/config/config-writer/package.json +++ b/config/config-writer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.config-writer", - "version": "1000.0.10", + "version": "1000.0.11", "description": "Functions for updating the configuration settings", "keywords": [ "pnpm", diff --git a/config/config/CHANGELOG.md b/config/config/CHANGELOG.md index 5ee13d6dbf..ae5310b435 100644 --- a/config/config/CHANGELOG.md +++ b/config/config/CHANGELOG.md @@ -1,5 +1,33 @@ # @pnpm/config +## 1004.3.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/pnpmfile@1002.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/workspace.read-manifest@1000.2.3 + - @pnpm/catalogs.config@1000.0.4 + ## 1004.2.1 ### Patch Changes diff --git a/config/config/package.json b/config/config/package.json index 452767be47..d27fc8c4b8 100644 --- a/config/config/package.json +++ b/config/config/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config", - "version": "1004.2.1", + "version": "1004.3.0", "description": "Gets configuration options for pnpm", "keywords": [ "pnpm", diff --git a/config/config/src/Config.ts b/config/config/src/Config.ts index c25eeaa1d4..330fcc0267 100644 --- a/config/config/src/Config.ts +++ b/config/config/src/Config.ts @@ -1,5 +1,6 @@ import type { Catalogs } from '@pnpm/catalogs.types' import { + type Finder, type Project, type ProjectManifest, type ProjectsGraph, @@ -141,6 +142,7 @@ export interface Config extends OptionsFromRootManifest { pnpmfile: string[] | string tryLoadDefaultPnpmfile?: boolean hooks?: Hooks + finders?: Record packageImportMethod?: 'auto' | 'hardlink' | 'copy' | 'clone' | 'clone-or-copy' hoistPattern?: string[] publicHoistPattern?: string[] | string @@ -227,6 +229,8 @@ export interface Config extends OptionsFromRootManifest { dangerouslyAllowAllBuilds: boolean ci: boolean preserveAbsolutePaths?: boolean + minimumReleaseAge?: number + minimumReleaseAgeExclude?: string[] } export interface ConfigWithDeprecatedSettings extends Config { diff --git a/config/config/src/types.ts b/config/config/src/types.ts index ffa6a085b1..fa4f7805e4 100644 --- a/config/config/src/types.ts +++ b/config/config/src/types.ts @@ -63,6 +63,8 @@ export const types = Object.assign({ maxsockets: Number, 'modules-cache-max-age': Number, 'dlx-cache-max-age': Number, + 'minimum-release-age': Number, + 'minimum-release-age-exclude': [String, Array], 'modules-dir': String, 'network-concurrency': Number, 'node-linker': ['pnp', 'isolated', 'hoisted'], diff --git a/config/deps-installer/CHANGELOG.md b/config/deps-installer/CHANGELOG.md index 636aef2b97..ed18b12915 100644 --- a/config/deps-installer/CHANGELOG.md +++ b/config/deps-installer/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/config.deps-installer +## 1000.0.12 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + - @pnpm/config.config-writer@1000.0.11 + - @pnpm/pick-registry-for-package@1000.0.10 + - @pnpm/fetch@1000.2.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/package-store@1002.0.10 + ## 1000.0.11 ### Patch Changes diff --git a/config/deps-installer/package.json b/config/deps-installer/package.json index e1635af94a..7930e10e60 100644 --- a/config/deps-installer/package.json +++ b/config/deps-installer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/config.deps-installer", - "version": "1000.0.11", + "version": "1000.0.12", "description": "Installer for configurational dependencies", "keywords": [ "pnpm", diff --git a/config/normalize-registries/CHANGELOG.md b/config/normalize-registries/CHANGELOG.md index 9d0cdf2238..446a199d88 100644 --- a/config/normalize-registries/CHANGELOG.md +++ b/config/normalize-registries/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/normalize-registries +## 1000.1.3 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.1.2 ### Patch Changes diff --git a/config/normalize-registries/package.json b/config/normalize-registries/package.json index ab2669af35..acfc33f243 100644 --- a/config/normalize-registries/package.json +++ b/config/normalize-registries/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/normalize-registries", - "version": "1000.1.2", + "version": "1000.1.3", "description": "Accepts a mapping of registry URLs and returns a mapping with the same URLs but normalized", "keywords": [ "pnpm", diff --git a/config/package-is-installable/CHANGELOG.md b/config/package-is-installable/CHANGELOG.md index 52668d1b7a..39aa0d7893 100644 --- a/config/package-is-installable/CHANGELOG.md +++ b/config/package-is-installable/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/package-is-installable +## 1000.0.13 + +### Patch Changes + +- df8d57f: Throw an error if `nodeVersion` is not set to an exact semver version [#9934](https://github.com/pnpm/pnpm/issues/9934). +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/env.system-node-version@1000.0.10 + ## 1000.0.12 ### Patch Changes diff --git a/config/package-is-installable/package.json b/config/package-is-installable/package.json index 85ba77228a..3b1e8ec687 100644 --- a/config/package-is-installable/package.json +++ b/config/package-is-installable/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/package-is-installable", - "version": "1000.0.12", + "version": "1000.0.13", "description": "Checks if a package is installable on the current system", "keywords": [ "pnpm", diff --git a/config/package-is-installable/src/checkEngine.ts b/config/package-is-installable/src/checkEngine.ts index 877254cf4f..42dbf884ec 100644 --- a/config/package-is-installable/src/checkEngine.ts +++ b/config/package-is-installable/src/checkEngine.ts @@ -22,6 +22,9 @@ export function checkEngine ( if (!wantedEngine) return null const unsatisfiedWanted: WantedEngine = {} if (wantedEngine.node && !semver.satisfies(currentEngine.node, wantedEngine.node, { includePrerelease: true })) { + if (!semver.valid(currentEngine.node)) { + throw new PnpmError('INVALID_NODE_VERSION', `The nodeVersion setting is "${currentEngine.node}", which is not exact semver version`) + } unsatisfiedWanted.node = wantedEngine.node } if (currentEngine.pnpm && wantedEngine.pnpm && !semver.satisfies(currentEngine.pnpm, wantedEngine.pnpm, { includePrerelease: true })) { diff --git a/config/package-is-installable/test/checkEngine.ts b/config/package-is-installable/test/checkEngine.ts index ec3a36ccad..cf93df7fcb 100644 --- a/config/package-is-installable/test/checkEngine.ts +++ b/config/package-is-installable/test/checkEngine.ts @@ -16,6 +16,10 @@ test('node version too old', () => { expect(err?.wanted.node).toBe('0.10.24') }) +test('node range passed in instead of version', () => { + expect(() => checkEngine(packageId, { node: '21.0.0' }, { node: '>=20.0.0' })).toThrow('The nodeVersion setting is') +}) + test('pnpm version too old', () => { const err = checkEngine(packageId, { pnpm: '^1.4.6' }, { pnpm: '1.3.2', node: '0.2.1' }) expect(err).toBeTruthy() diff --git a/config/pick-registry-for-package/CHANGELOG.md b/config/pick-registry-for-package/CHANGELOG.md index 7b05f28703..7fecbfab68 100644 --- a/config/pick-registry-for-package/CHANGELOG.md +++ b/config/pick-registry-for-package/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/pick-registry-for-package +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/config/pick-registry-for-package/package.json b/config/pick-registry-for-package/package.json index 3411aea66d..c013346d9a 100644 --- a/config/pick-registry-for-package/package.json +++ b/config/pick-registry-for-package/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/pick-registry-for-package", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Picks the right registry for the package from a registries config", "keywords": [ "pnpm", diff --git a/config/plugin-commands-config/CHANGELOG.md b/config/plugin-commands-config/CHANGELOG.md index 84186df097..27461d5548 100644 --- a/config/plugin-commands-config/CHANGELOG.md +++ b/config/plugin-commands-config/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/plugin-commands-config +## 1000.2.2 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/workspace.manifest-writer@1001.0.1 + +## 1000.2.1 + +### Patch Changes + +- @pnpm/cli-utils@1001.1.2 + ## 1000.2.0 ### Minor Changes diff --git a/config/plugin-commands-config/package.json b/config/plugin-commands-config/package.json index ec0d8bdb45..2de56a9b0c 100644 --- a/config/plugin-commands-config/package.json +++ b/config/plugin-commands-config/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-config", - "version": "1000.2.0", + "version": "1000.2.2", "description": "Commands for reading and writing settings to/from config files", "keywords": [ "pnpm", diff --git a/dedupe/check/CHANGELOG.md b/dedupe/check/CHANGELOG.md index 7f9e3d34a1..3c2d4904c5 100644 --- a/dedupe/check/CHANGELOG.md +++ b/dedupe/check/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/dedupe.check +## 1001.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + ## 1001.0.10 ### Patch Changes diff --git a/dedupe/check/package.json b/dedupe/check/package.json index 74d94b33c6..11939aee5a 100644 --- a/dedupe/check/package.json +++ b/dedupe/check/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/dedupe.check", - "version": "1001.0.10", + "version": "1001.0.11", "description": "Visualize pnpm dedupe --check issues.", "keywords": [ "pnpm", diff --git a/deps/graph-builder/CHANGELOG.md b/deps/graph-builder/CHANGELOG.md index 2d69b618e0..4d0f89fc8f 100644 --- a/deps/graph-builder/CHANGELOG.md +++ b/deps/graph-builder/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/deps.graph-builder +## 1002.2.4 + +### Patch Changes + +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/patching.config@1001.0.8 + ## 1002.2.3 ### Patch Changes diff --git a/deps/graph-builder/package.json b/deps/graph-builder/package.json index 306b5b83aa..63a306db6d 100644 --- a/deps/graph-builder/package.json +++ b/deps/graph-builder/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.graph-builder", - "version": "1002.2.3", + "version": "1002.2.4", "description": "A package for building a dependency graph from a lockfile", "keywords": [ "pnpm", diff --git a/deps/status/CHANGELOG.md b/deps/status/CHANGELOG.md index 1879755047..0c801693a0 100644 --- a/deps/status/CHANGELOG.md +++ b/deps/status/CHANGELOG.md @@ -1,5 +1,28 @@ # @pnpm/deps.status +## 1003.0.7 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.verification@1001.2.6 + - @pnpm/workspace.state@1002.0.3 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/get-context@1001.1.5 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/workspace.find-packages@1000.0.35 + - @pnpm/workspace.read-manifest@1000.2.3 + - @pnpm/lockfile.settings-checker@1001.0.13 + +## 1003.0.6 + +### Patch Changes + +- @pnpm/workspace.find-packages@1000.0.34 + ## 1003.0.5 ### Patch Changes diff --git a/deps/status/package.json b/deps/status/package.json index 06392c9abd..4fbfdc4623 100644 --- a/deps/status/package.json +++ b/deps/status/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/deps.status", - "version": "1003.0.5", + "version": "1003.0.7", "description": "Check dependencies status", "keywords": [ "pnpm", diff --git a/env/node.fetcher/CHANGELOG.md b/env/node.fetcher/CHANGELOG.md index 0176dac0b7..a7c81eb9fa 100644 --- a/env/node.fetcher/CHANGELOG.md +++ b/env/node.fetcher/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/node.fetcher +## 1001.0.3 + +### Patch Changes + +- @pnpm/node.resolver@1001.0.1 +- @pnpm/tarball-fetcher@1001.0.14 +- @pnpm/create-cafs-store@1000.0.18 +- @pnpm/fetching.binary-fetcher@1000.0.2 + +## 1001.0.2 + +### Patch Changes + +- @pnpm/tarball-fetcher@1001.0.13 + ## 1001.0.1 ### Patch Changes diff --git a/env/node.fetcher/package.json b/env/node.fetcher/package.json index 9a6225413a..fa6cea29ba 100644 --- a/env/node.fetcher/package.json +++ b/env/node.fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/node.fetcher", - "version": "1001.0.1", + "version": "1001.0.3", "description": "Node.js artifacts fetcher", "keywords": [ "pnpm", diff --git a/env/node.resolver/CHANGELOG.md b/env/node.resolver/CHANGELOG.md index b11825bcea..72aa76f341 100644 --- a/env/node.resolver/CHANGELOG.md +++ b/env/node.resolver/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/node.resolver +## 1001.0.1 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/resolver-base@1005.0.1 + ## 1001.0.0 ### Major Changes diff --git a/env/node.resolver/package.json b/env/node.resolver/package.json index dac0289796..84f62d4fd3 100644 --- a/env/node.resolver/package.json +++ b/env/node.resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/node.resolver", - "version": "1001.0.0", + "version": "1001.0.1", "description": "Resolves a Node.js version specifier to an exact Node.js version", "keywords": [ "pnpm", diff --git a/env/plugin-commands-env/CHANGELOG.md b/env/plugin-commands-env/CHANGELOG.md index afd031ee91..988f01aa6b 100644 --- a/env/plugin-commands-env/CHANGELOG.md +++ b/env/plugin-commands-env/CHANGELOG.md @@ -1,5 +1,27 @@ # @pnpm/plugin-commands-env +## 1000.0.36 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/remove-bins@1000.0.13 + - @pnpm/node.resolver@1001.0.1 + - @pnpm/fetch@1000.2.5 + - @pnpm/node.fetcher@1001.0.3 + - @pnpm/env.system-node-version@1000.0.10 + +## 1000.0.35 + +### Patch Changes + +- @pnpm/node.fetcher@1001.0.2 +- @pnpm/cli-utils@1001.1.2 + ## 1000.0.34 ### Patch Changes diff --git a/env/plugin-commands-env/package.json b/env/plugin-commands-env/package.json index 2f1855621b..03b636c4a3 100644 --- a/env/plugin-commands-env/package.json +++ b/env/plugin-commands-env/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-env", - "version": "1000.0.34", + "version": "1000.0.36", "description": "pnpm commands for managing Node.js", "keywords": [ "pnpm", diff --git a/env/system-node-version/CHANGELOG.md b/env/system-node-version/CHANGELOG.md index 853aa51436..00c961c9e2 100644 --- a/env/system-node-version/CHANGELOG.md +++ b/env/system-node-version/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/env.system-node-version +## 1000.0.10 + +### Patch Changes + +- @pnpm/cli-meta@1000.0.10 + ## 1000.0.9 ### Patch Changes diff --git a/env/system-node-version/package.json b/env/system-node-version/package.json index 8fcd86d8a6..6742cf0f10 100644 --- a/env/system-node-version/package.json +++ b/env/system-node-version/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/env.system-node-version", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Detects the current system node version", "keywords": [ "pnpm", diff --git a/exec/build-commands/CHANGELOG.md b/exec/build-commands/CHANGELOG.md index 258c8cb19f..2151997124 100644 --- a/exec/build-commands/CHANGELOG.md +++ b/exec/build-commands/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/exec.build-commands +## 1001.0.25 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/plugin-commands-rebuild@1002.0.25 + - @pnpm/config.config-writer@1000.0.11 + - @pnpm/modules-yaml@1000.3.5 + +## 1001.0.24 + +### Patch Changes + +- @pnpm/plugin-commands-rebuild@1002.0.24 + ## 1001.0.23 ### Patch Changes diff --git a/exec/build-commands/package.json b/exec/build-commands/package.json index 9004b5da0b..af3b8e18d6 100644 --- a/exec/build-commands/package.json +++ b/exec/build-commands/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exec.build-commands", - "version": "1001.0.23", + "version": "1001.0.25", "description": "Commands for managing dependency builds", "keywords": [ "pnpm", diff --git a/exec/build-modules/CHANGELOG.md b/exec/build-modules/CHANGELOG.md index 5537876860..c6f68a7363 100644 --- a/exec/build-modules/CHANGELOG.md +++ b/exec/build-modules/CHANGELOG.md @@ -1,5 +1,33 @@ # @pnpm/build-modules +## 1000.3.14 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/link-bins@1000.2.2 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/fs.hard-link-dir@1000.0.1 + - @pnpm/patching.apply-patch@1000.0.6 + +## 1000.3.13 + +### Patch Changes + +- Updated dependencies [affdd5b] + - @pnpm/link-bins@1000.2.1 + - @pnpm/lifecycle@1001.0.20 + ## 1000.3.12 ### Patch Changes diff --git a/exec/build-modules/package.json b/exec/build-modules/package.json index c48fbf0ff3..7a7b3d53ec 100644 --- a/exec/build-modules/package.json +++ b/exec/build-modules/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/build-modules", - "version": "1000.3.12", + "version": "1000.3.14", "description": "Build packages in node_modules", "keywords": [ "pnpm", diff --git a/exec/lifecycle/CHANGELOG.md b/exec/lifecycle/CHANGELOG.md index ee2790608c..50d414aa20 100644 --- a/exec/lifecycle/CHANGELOG.md +++ b/exec/lifecycle/CHANGELOG.md @@ -1,5 +1,26 @@ # @pnpm/lifecycle +## 1001.0.21 + +### Patch Changes + +- a6856fd: Canceling a running process with Ctrl-C should make `pnpm run` return a non-zero exit code [#9626](https://github.com/pnpm/pnpm/issues/9626). +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/link-bins@1000.2.2 + - @pnpm/directory-fetcher@1000.1.11 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/store-controller-types@1004.0.2 + +## 1001.0.20 + +### Patch Changes + +- Updated dependencies [affdd5b] + - @pnpm/link-bins@1000.2.1 + ## 1001.0.19 ### Patch Changes diff --git a/exec/lifecycle/package.json b/exec/lifecycle/package.json index d770592397..262808c071 100644 --- a/exec/lifecycle/package.json +++ b/exec/lifecycle/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lifecycle", - "version": "1001.0.19", + "version": "1001.0.21", "description": "Package lifecycle hook runner", "keywords": [ "pnpm", diff --git a/exec/pkg-requires-build/CHANGELOG.md b/exec/pkg-requires-build/CHANGELOG.md index caa8f38066..23148135dd 100644 --- a/exec/pkg-requires-build/CHANGELOG.md +++ b/exec/pkg-requires-build/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/exec.pkg-requires-build +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/exec/pkg-requires-build/package.json b/exec/pkg-requires-build/package.json index 26b4ba0fd4..36331692de 100644 --- a/exec/pkg-requires-build/package.json +++ b/exec/pkg-requires-build/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exec.pkg-requires-build", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Checks if a package requires to be built", "keywords": [ "pnpm", diff --git a/exec/plugin-commands-rebuild/CHANGELOG.md b/exec/plugin-commands-rebuild/CHANGELOG.md index 18bc6494e1..1ac9e59d3b 100644 --- a/exec/plugin-commands-rebuild/CHANGELOG.md +++ b/exec/plugin-commands-rebuild/CHANGELOG.md @@ -1,5 +1,47 @@ # @pnpm/plugin-commands-rebuild +## 1002.0.25 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/link-bins@1000.2.2 + - @pnpm/normalize-registries@1000.1.3 + - @pnpm/exec.pkg-requires-build@1000.0.10 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/lockfile.walker@1001.0.14 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/get-context@1001.1.5 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/store.cafs@1000.0.17 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/workspace.find-packages@1000.0.35 + - @pnpm/sort-packages@1000.0.10 + +## 1002.0.24 + +### Patch Changes + +- Updated dependencies [affdd5b] + - @pnpm/link-bins@1000.2.1 + - @pnpm/lifecycle@1001.0.20 + - @pnpm/store-connection-manager@1002.0.11 + - @pnpm/cli-utils@1001.1.2 + - @pnpm/workspace.find-packages@1000.0.34 + ## 1002.0.23 ### Patch Changes diff --git a/exec/plugin-commands-rebuild/package.json b/exec/plugin-commands-rebuild/package.json index 246482936c..d4f1f96073 100644 --- a/exec/plugin-commands-rebuild/package.json +++ b/exec/plugin-commands-rebuild/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-rebuild", - "version": "1002.0.23", + "version": "1002.0.25", "description": "Commands for rebuilding dependencies", "keywords": [ "pnpm", diff --git a/exec/plugin-commands-script-runners/CHANGELOG.md b/exec/plugin-commands-script-runners/CHANGELOG.md index 31ca576647..d4b13baad9 100644 --- a/exec/plugin-commands-script-runners/CHANGELOG.md +++ b/exec/plugin-commands-script-runners/CHANGELOG.md @@ -1,5 +1,41 @@ # @pnpm/plugin-commands-script-runners +## 1001.0.5 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [c182b2d] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/plugin-commands-installation@1004.6.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/deps.status@1003.0.7 + - @pnpm/plugin-commands-env@1000.0.36 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/client@1001.0.4 + - @pnpm/package-bins@1000.0.10 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/sort-packages@1000.0.10 + - @pnpm/crypto.hash@1000.2.0 + - @pnpm/workspace.injected-deps-syncer@1000.0.12 + +## 1001.0.4 + +### Patch Changes + +- @pnpm/lifecycle@1001.0.20 +- @pnpm/plugin-commands-installation@1004.5.1 +- @pnpm/client@1001.0.3 +- @pnpm/plugin-commands-env@1000.0.35 +- @pnpm/cli-utils@1001.1.2 +- @pnpm/deps.status@1003.0.6 + ## 1001.0.3 ### Patch Changes diff --git a/exec/plugin-commands-script-runners/package.json b/exec/plugin-commands-script-runners/package.json index 525b5b5659..418be3cf23 100644 --- a/exec/plugin-commands-script-runners/package.json +++ b/exec/plugin-commands-script-runners/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-script-runners", - "version": "1001.0.3", + "version": "1001.0.5", "description": "Commands for running scripts", "keywords": [ "pnpm", diff --git a/exec/prepare-package/CHANGELOG.md b/exec/prepare-package/CHANGELOG.md index a1bd6a79e3..865e871343 100644 --- a/exec/prepare-package/CHANGELOG.md +++ b/exec/prepare-package/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/prepare-package +## 1000.0.22 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/lifecycle@1001.0.21 + +## 1000.0.21 + +### Patch Changes + +- @pnpm/lifecycle@1001.0.20 + ## 1000.0.20 ### Patch Changes diff --git a/exec/prepare-package/package.json b/exec/prepare-package/package.json index f8a1575288..90d77cb26c 100644 --- a/exec/prepare-package/package.json +++ b/exec/prepare-package/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/prepare-package", - "version": "1000.0.20", + "version": "1000.0.22", "description": "Prepares a Git-hosted package", "keywords": [ "pnpm", diff --git a/fetching/binary-fetcher/CHANGELOG.md b/fetching/binary-fetcher/CHANGELOG.md index 339edfca12..2067c912e9 100644 --- a/fetching/binary-fetcher/CHANGELOG.md +++ b/fetching/binary-fetcher/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/fetching.binary-fetcher +## 1000.0.2 + +### Patch Changes + +- @pnpm/fetcher-base@1001.0.1 +- @pnpm/worker@1000.1.12 + ## 1000.0.1 ### Patch Changes diff --git a/fetching/binary-fetcher/package.json b/fetching/binary-fetcher/package.json index dfd8bb9692..4648e78e3a 100644 --- a/fetching/binary-fetcher/package.json +++ b/fetching/binary-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetching.binary-fetcher", - "version": "1000.0.1", + "version": "1000.0.2", "description": "A fetcher for binary archives", "keywords": [ "pnpm", diff --git a/fetching/directory-fetcher/CHANGELOG.md b/fetching/directory-fetcher/CHANGELOG.md index c2be359b10..f1a7fe47c7 100644 --- a/fetching/directory-fetcher/CHANGELOG.md +++ b/fetching/directory-fetcher/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/directory-fetcher +## 1000.1.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/exec.pkg-requires-build@1000.0.10 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/resolver-base@1005.0.1 + ## 1000.1.10 ### Patch Changes diff --git a/fetching/directory-fetcher/package.json b/fetching/directory-fetcher/package.json index 0de8433cd3..01345e4e6a 100644 --- a/fetching/directory-fetcher/package.json +++ b/fetching/directory-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/directory-fetcher", - "version": "1000.1.10", + "version": "1000.1.11", "description": "A fetcher for local directory packages", "keywords": [ "pnpm", diff --git a/fetching/fetcher-base/CHANGELOG.md b/fetching/fetcher-base/CHANGELOG.md index d827127229..b092953409 100644 --- a/fetching/fetcher-base/CHANGELOG.md +++ b/fetching/fetcher-base/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/fetcher-base +## 1001.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/resolver-base@1005.0.1 + ## 1001.0.0 ### Major Changes diff --git a/fetching/fetcher-base/package.json b/fetching/fetcher-base/package.json index 4a96cc40a7..c659af183e 100644 --- a/fetching/fetcher-base/package.json +++ b/fetching/fetcher-base/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetcher-base", - "version": "1001.0.0", + "version": "1001.0.1", "description": "Types for pnpm-compatible fetchers", "keywords": [ "pnpm", diff --git a/fetching/git-fetcher/CHANGELOG.md b/fetching/git-fetcher/CHANGELOG.md index 6ccc37024b..043d2e7dc3 100644 --- a/fetching/git-fetcher/CHANGELOG.md +++ b/fetching/git-fetcher/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/git-fetcher +## 1001.0.14 + +### Patch Changes + +- @pnpm/prepare-package@1000.0.22 +- @pnpm/fetcher-base@1001.0.1 +- @pnpm/worker@1000.1.12 + +## 1001.0.13 + +### Patch Changes + +- @pnpm/prepare-package@1000.0.21 + ## 1001.0.12 ### Patch Changes diff --git a/fetching/git-fetcher/package.json b/fetching/git-fetcher/package.json index f068babae7..e5be60b853 100644 --- a/fetching/git-fetcher/package.json +++ b/fetching/git-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/git-fetcher", - "version": "1001.0.12", + "version": "1001.0.14", "description": "A fetcher for git-hosted packages", "keywords": [ "pnpm", diff --git a/fetching/tarball-fetcher/CHANGELOG.md b/fetching/tarball-fetcher/CHANGELOG.md index 3167c38355..3be0c14591 100644 --- a/fetching/tarball-fetcher/CHANGELOG.md +++ b/fetching/tarball-fetcher/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/tarball-fetcher +## 1001.0.14 + +### Patch Changes + +- @pnpm/prepare-package@1000.0.22 +- @pnpm/fetcher-base@1001.0.1 +- @pnpm/core-loggers@1001.0.3 +- @pnpm/worker@1000.1.12 + +## 1001.0.13 + +### Patch Changes + +- @pnpm/prepare-package@1000.0.21 + ## 1001.0.12 ### Patch Changes diff --git a/fetching/tarball-fetcher/package.json b/fetching/tarball-fetcher/package.json index fac5aa969b..abeeaba5c3 100644 --- a/fetching/tarball-fetcher/package.json +++ b/fetching/tarball-fetcher/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/tarball-fetcher", - "version": "1001.0.12", + "version": "1001.0.14", "description": "Fetcher for packages hosted as tarballs", "keywords": [ "pnpm", diff --git a/fs/find-packages/CHANGELOG.md b/fs/find-packages/CHANGELOG.md index d72c864471..34ce781e1d 100644 --- a/fs/find-packages/CHANGELOG.md +++ b/fs/find-packages/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/fs.find-packages +## 1000.0.14 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + ## 1000.0.13 ### Patch Changes diff --git a/fs/find-packages/package.json b/fs/find-packages/package.json index 6d0696d991..c613eca61b 100644 --- a/fs/find-packages/package.json +++ b/fs/find-packages/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fs.find-packages", - "version": "1000.0.13", + "version": "1000.0.14", "description": "Find all packages inside a directory", "keywords": [ "pnpm", diff --git a/fs/indexed-pkg-importer/CHANGELOG.md b/fs/indexed-pkg-importer/CHANGELOG.md index ad342ca722..cdaf621edf 100644 --- a/fs/indexed-pkg-importer/CHANGELOG.md +++ b/fs/indexed-pkg-importer/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/fs.indexed-pkg-importer +## 1000.1.12 + +### Patch Changes + +- @pnpm/core-loggers@1001.0.3 +- @pnpm/store-controller-types@1004.0.2 + ## 1000.1.11 ### Patch Changes diff --git a/fs/indexed-pkg-importer/package.json b/fs/indexed-pkg-importer/package.json index c32afff04c..ea15dfe853 100644 --- a/fs/indexed-pkg-importer/package.json +++ b/fs/indexed-pkg-importer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fs.indexed-pkg-importer", - "version": "1000.1.11", + "version": "1000.1.12", "description": "Replicates indexed directories using hard links, copies, or cloning", "keywords": [ "pnpm", diff --git a/fs/symlink-dependency/CHANGELOG.md b/fs/symlink-dependency/CHANGELOG.md index 402cf97753..e7e9f437e1 100644 --- a/fs/symlink-dependency/CHANGELOG.md +++ b/fs/symlink-dependency/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/symlink-dependency +## 1000.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/core-loggers@1001.0.3 + ## 1000.0.10 ### Patch Changes diff --git a/fs/symlink-dependency/package.json b/fs/symlink-dependency/package.json index 3e2b77ae68..db8eb0968c 100644 --- a/fs/symlink-dependency/package.json +++ b/fs/symlink-dependency/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/symlink-dependency", - "version": "1000.0.10", + "version": "1000.0.11", "description": "Symlink a dependency to node_modules", "keywords": [ "pnpm", diff --git a/hooks/pnpmfile/CHANGELOG.md b/hooks/pnpmfile/CHANGELOG.md index 9ce0fd9042..9df24366b7 100644 --- a/hooks/pnpmfile/CHANGELOG.md +++ b/hooks/pnpmfile/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/pnpmfile +## 1002.1.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/hooks.types@1001.0.11 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/crypto.hash@1000.2.0 + ## 1002.0.2 ### Patch Changes diff --git a/hooks/pnpmfile/package.json b/hooks/pnpmfile/package.json index b22eb1fe06..1291f285ce 100644 --- a/hooks/pnpmfile/package.json +++ b/hooks/pnpmfile/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/pnpmfile", - "version": "1002.0.2", + "version": "1002.1.0", "description": "Reading a .pnpmfile.cjs", "keywords": [ "pnpm", @@ -47,7 +47,8 @@ "devDependencies": { "@pnpm/fetcher-base": "workspace:*", "@pnpm/logger": "workspace:*", - "@pnpm/pnpmfile": "workspace:*" + "@pnpm/pnpmfile": "workspace:*", + "@pnpm/test-fixtures": "workspace:*" }, "engines": { "node": ">=20.19" diff --git a/hooks/pnpmfile/src/requireHooks.ts b/hooks/pnpmfile/src/requireHooks.ts index 305688f99d..66b69a6e88 100644 --- a/hooks/pnpmfile/src/requireHooks.ts +++ b/hooks/pnpmfile/src/requireHooks.ts @@ -5,7 +5,7 @@ import { createHashFromMultipleFiles } from '@pnpm/crypto.hash' import pathAbsolute from 'path-absolute' import type { CustomFetchers } from '@pnpm/fetcher-base' import { type ImportIndexedPackageAsync } from '@pnpm/store-controller-types' -import { requirePnpmfile, type Pnpmfile } from './requirePnpmfile.js' +import { requirePnpmfile, type Pnpmfile, type Finders } from './requirePnpmfile.js' import { type HookContext, type Hooks } from './Hooks.js' // eslint-disable-next-line @@ -24,6 +24,7 @@ interface PnpmfileEntry { interface PnpmfileEntryLoaded { file: string hooks: Pnpmfile['hooks'] | undefined + finders: Pnpmfile['finders'] | undefined includeInChecksum: boolean } @@ -40,6 +41,7 @@ export interface CookedHooks { export interface RequireHooksResult { hooks: CookedHooks + finders: Finders resolvedPnpmfilePaths: string[] } @@ -85,6 +87,7 @@ export function requireHooks ( file, includeInChecksum, hooks: requirePnpmfileResult.pnpmfileModule?.hooks, + finders: requirePnpmfileResult.pnpmfileModule?.finders, }) } else if (!optional) { throw new PnpmError('PNPMFILE_NOT_FOUND', `pnpmfile at "${file}" is not found`) @@ -92,6 +95,7 @@ export function requireHooks ( } } + const mergedFinders: Finders = {} const cookedHooks: CookedHooks & Required> = { readPackage: [], preResolution: [], @@ -116,9 +120,23 @@ export function requireHooks ( let importProvider: string | undefined let fetchersProvider: string | undefined + const finderProviders: Record = {} // process hooks in order - for (const { hooks, file } of entries) { + for (const { hooks, file, finders } of entries) { + if (finders != null) { + for (const [finderName, finder] of Object.entries(finders)) { + if (mergedFinders[finderName] != null) { + const firstDefinedIn = finderProviders[finderName] + throw new PnpmError( + 'DUPLICATE_FINDER', + `Finder "${finderName}" defined in both ${firstDefinedIn} and ${file}` + ) + } + mergedFinders[finderName] = finder + finderProviders[finderName] = file + } + } const fileHooks: Hooks = hooks ?? {} // readPackage & afterAllResolved @@ -180,6 +198,7 @@ export function requireHooks ( return { hooks: cookedHooks, + finders: mergedFinders, resolvedPnpmfilePaths: entries.map(({ file }) => file), } } diff --git a/hooks/pnpmfile/src/requirePnpmfile.ts b/hooks/pnpmfile/src/requirePnpmfile.ts index a33969d781..6d9244125f 100644 --- a/hooks/pnpmfile/src/requirePnpmfile.ts +++ b/hooks/pnpmfile/src/requirePnpmfile.ts @@ -4,7 +4,7 @@ import util from 'util' import { createRequire } from 'module' import { PnpmError } from '@pnpm/error' import { logger } from '@pnpm/logger' -import { type PackageManifest } from '@pnpm/types' +import { type PackageManifest, type Finder } from '@pnpm/types' import chalk from 'chalk' import { type Hooks } from './Hooks.js' @@ -30,8 +30,11 @@ class PnpmFileFailError extends PnpmError { } } +export type Finders = Record + export interface Pnpmfile { hooks?: Hooks + finders?: Finders } export function requirePnpmfile (pnpmFilePath: string, prefix: string): { pnpmfileModule: Pnpmfile | undefined } | undefined { diff --git a/hooks/pnpmfile/test/__fixtures__/finders/finderBar.js b/hooks/pnpmfile/test/__fixtures__/finders/finderBar.js new file mode 100644 index 0000000000..3a5edecd31 --- /dev/null +++ b/hooks/pnpmfile/test/__fixtures__/finders/finderBar.js @@ -0,0 +1,6 @@ +module.exports = { + finders: { + bar: () => false, + }, +} + diff --git a/hooks/pnpmfile/test/__fixtures__/finders/finderFoo1.js b/hooks/pnpmfile/test/__fixtures__/finders/finderFoo1.js new file mode 100644 index 0000000000..deea705e6f --- /dev/null +++ b/hooks/pnpmfile/test/__fixtures__/finders/finderFoo1.js @@ -0,0 +1,5 @@ +module.exports = { + finders: { + foo: () => false, + }, +} diff --git a/hooks/pnpmfile/test/__fixtures__/finders/finderFoo2.js b/hooks/pnpmfile/test/__fixtures__/finders/finderFoo2.js new file mode 100644 index 0000000000..deea705e6f --- /dev/null +++ b/hooks/pnpmfile/test/__fixtures__/finders/finderFoo2.js @@ -0,0 +1,5 @@ +module.exports = { + finders: { + foo: () => false, + }, +} diff --git a/hooks/pnpmfile/test/index.ts b/hooks/pnpmfile/test/index.ts index 3d04515d2c..e746fabae3 100644 --- a/hooks/pnpmfile/test/index.ts +++ b/hooks/pnpmfile/test/index.ts @@ -1,9 +1,11 @@ import path from 'path' import { type Log } from '@pnpm/core-loggers' import { requireHooks, BadReadPackageHookError, type HookContext } from '@pnpm/pnpmfile' +import { fixtures } from '@pnpm/test-fixtures' import { requirePnpmfile } from '../src/requirePnpmfile.js' const defaultHookContext: HookContext = { log () {} } +const f = fixtures(__dirname) test('ignoring a pnpmfile that exports undefined', () => { const { pnpmfileModule: pnpmfile } = requirePnpmfile(path.join(import.meta.dirname, '__fixtures__/undefined.js'), import.meta.dirname)! @@ -83,3 +85,19 @@ test('updateConfig throws an error if it returns undefined', async () => { test('requireHooks throw an error if one of the specified pnpmfiles does not exist', async () => { expect(() => requireHooks(import.meta.dirname, { pnpmfiles: ['does-not-exist.cjs'] })).toThrow('is not found') }) + +test('requireHooks throws an error if there are two finders with the same name', async () => { + const findersDir = f.find('finders') + const pnpmfile1 = path.join(findersDir, 'finderFoo1.js') + const pnpmfile2 = path.join(findersDir, 'finderFoo2.js') + expect(() => requireHooks(__dirname, { pnpmfiles: [pnpmfile1, pnpmfile2] })).toThrow('Finder "foo" defined in both') +}) + +test('requireHooks merges all the finders', async () => { + const findersDir = f.find('finders') + const pnpmfile1 = path.join(findersDir, 'finderFoo1.js') + const pnpmfile2 = path.join(findersDir, 'finderBar.js') + const { finders } = requireHooks(__dirname, { pnpmfiles: [pnpmfile1, pnpmfile2] }) + expect(finders.foo).toBeDefined() + expect(finders.bar).toBeDefined() +}) diff --git a/hooks/pnpmfile/tsconfig.json b/hooks/pnpmfile/tsconfig.json index abeca86053..69f377ab9a 100644 --- a/hooks/pnpmfile/tsconfig.json +++ b/hooks/pnpmfile/tsconfig.json @@ -9,6 +9,9 @@ "../../__typings__/**/*.d.ts" ], "references": [ + { + "path": "../../__utils__/test-fixtures" + }, { "path": "../../crypto/hash" }, diff --git a/hooks/read-package-hook/CHANGELOG.md b/hooks/read-package-hook/CHANGELOG.md index a612b49d51..c9d2677ca6 100644 --- a/hooks/read-package-hook/CHANGELOG.md +++ b/hooks/read-package-hook/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/hooks.read-package-hook +## 1000.0.13 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.12 ### Patch Changes diff --git a/hooks/read-package-hook/package.json b/hooks/read-package-hook/package.json index d9fb2fa082..d03d3c4ec5 100644 --- a/hooks/read-package-hook/package.json +++ b/hooks/read-package-hook/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/hooks.read-package-hook", - "version": "1000.0.12", + "version": "1000.0.13", "description": "Creates the default package reader hook used by pnpm", "keywords": [ "pnpm", diff --git a/hooks/types/CHANGELOG.md b/hooks/types/CHANGELOG.md index a9cc9bb72e..68106e0f05 100644 --- a/hooks/types/CHANGELOG.md +++ b/hooks/types/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/hooks.types +## 1001.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + ## 1001.0.10 ### Patch Changes diff --git a/hooks/types/package.json b/hooks/types/package.json index 0116ee8539..1910c7cf71 100644 --- a/hooks/types/package.json +++ b/hooks/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/hooks.types", - "version": "1001.0.10", + "version": "1001.0.11", "description": "Types for hooks", "keywords": [ "pnpm", diff --git a/lockfile/audit/CHANGELOG.md b/lockfile/audit/CHANGELOG.md index 6981ae2bff..4a81815cc3 100644 --- a/lockfile/audit/CHANGELOG.md +++ b/lockfile/audit/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/audit +## 1002.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.detect-dep-types@1001.0.14 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/lockfile.walker@1001.0.14 + - @pnpm/fetch@1000.2.5 + - @pnpm/read-project-manifest@1001.1.1 + ## 1002.0.10 ### Patch Changes diff --git a/lockfile/audit/package.json b/lockfile/audit/package.json index c1819eb7cb..c80f4b501b 100644 --- a/lockfile/audit/package.json +++ b/lockfile/audit/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/audit", - "version": "1002.0.10", + "version": "1002.0.11", "description": "Audit a lockfile", "keywords": [ "pnpm", diff --git a/lockfile/detect-dep-types/CHANGELOG.md b/lockfile/detect-dep-types/CHANGELOG.md index 3d49cc9c6e..0ec115ea97 100644 --- a/lockfile/detect-dep-types/CHANGELOG.md +++ b/lockfile/detect-dep-types/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/lockfile.detect-dep-types +## 1001.0.14 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1001.0.13 ### Patch Changes diff --git a/lockfile/detect-dep-types/package.json b/lockfile/detect-dep-types/package.json index 566c12bbc2..252a3a1193 100644 --- a/lockfile/detect-dep-types/package.json +++ b/lockfile/detect-dep-types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.detect-dep-types", - "version": "1001.0.13", + "version": "1001.0.14", "description": "Detect the types of dependencies", "keywords": [ "pnpm", diff --git a/lockfile/filtering/CHANGELOG.md b/lockfile/filtering/CHANGELOG.md index 006018168e..10b1416d96 100644 --- a/lockfile/filtering/CHANGELOG.md +++ b/lockfile/filtering/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/filter-lockfile +## 1001.0.18 + +### Patch Changes + +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/lockfile.walker@1001.0.14 + - @pnpm/dependency-path@1001.1.1 + ## 1001.0.17 ### Patch Changes diff --git a/lockfile/filtering/package.json b/lockfile/filtering/package.json index 79b85182a0..b6c8380ce1 100644 --- a/lockfile/filtering/package.json +++ b/lockfile/filtering/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.filtering", - "version": "1001.0.17", + "version": "1001.0.18", "description": "Filters a lockfile", "keywords": [ "pnpm", diff --git a/lockfile/fs/CHANGELOG.md b/lockfile/fs/CHANGELOG.md index a060b2e0f2..478f2ac62d 100644 --- a/lockfile/fs/CHANGELOG.md +++ b/lockfile/fs/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/lockfile-file +## 1001.1.18 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.merger@1001.0.11 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1001.1.17 ### Patch Changes diff --git a/lockfile/fs/package.json b/lockfile/fs/package.json index 5ba905fa1f..ceffd4190a 100644 --- a/lockfile/fs/package.json +++ b/lockfile/fs/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.fs", - "version": "1001.1.17", + "version": "1001.1.18", "description": "Read/write pnpm-lock.yaml files", "keywords": [ "pnpm", diff --git a/lockfile/lockfile-to-pnp/CHANGELOG.md b/lockfile/lockfile-to-pnp/CHANGELOG.md index f7fbb9e244..f4f659d42c 100644 --- a/lockfile/lockfile-to-pnp/CHANGELOG.md +++ b/lockfile/lockfile-to-pnp/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/lockfile-to-pnp +## 1001.0.20 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + +## 1001.0.19 + +### Patch Changes + +- 77d5b17: Fix `.pnp.cjs` crash when importing subpath [#9904](https://github.com/pnpm/pnpm/issues/9904). + ## 1001.0.18 ### Patch Changes diff --git a/lockfile/lockfile-to-pnp/package.json b/lockfile/lockfile-to-pnp/package.json index 9d881c2c2b..e50fff699e 100644 --- a/lockfile/lockfile-to-pnp/package.json +++ b/lockfile/lockfile-to-pnp/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile-to-pnp", - "version": "1001.0.18", + "version": "1001.0.20", "description": "Creates a Plug'n'Play file from a pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/lockfile/merger/CHANGELOG.md b/lockfile/merger/CHANGELOG.md index ef78143fe0..713cb8040f 100644 --- a/lockfile/merger/CHANGELOG.md +++ b/lockfile/merger/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/merge-lockfile-changes +## 1001.0.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + ## 1001.0.10 ### Patch Changes diff --git a/lockfile/merger/package.json b/lockfile/merger/package.json index c98ddd359d..12e36146fe 100644 --- a/lockfile/merger/package.json +++ b/lockfile/merger/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.merger", - "version": "1001.0.10", + "version": "1001.0.11", "description": "Merges lockfiles. Can automatically fix merge conflicts", "keywords": [ "pnpm", diff --git a/lockfile/plugin-commands-audit/CHANGELOG.md b/lockfile/plugin-commands-audit/CHANGELOG.md index 100fd50092..b95a0d4aa9 100644 --- a/lockfile/plugin-commands-audit/CHANGELOG.md +++ b/lockfile/plugin-commands-audit/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/plugin-commands-audit +## 1002.1.11 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/config.config-writer@1000.0.11 + - @pnpm/audit@1002.0.11 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/read-project-manifest@1001.1.1 + +## 1002.1.10 + +### Patch Changes + +- @pnpm/cli-utils@1001.1.2 + ## 1002.1.9 ### Patch Changes diff --git a/lockfile/plugin-commands-audit/package.json b/lockfile/plugin-commands-audit/package.json index 68d12597cb..ac47ab9482 100644 --- a/lockfile/plugin-commands-audit/package.json +++ b/lockfile/plugin-commands-audit/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-audit", - "version": "1002.1.9", + "version": "1002.1.11", "description": "pnpm commands for dependencies audit", "keywords": [ "pnpm", diff --git a/lockfile/preferred-versions/CHANGELOG.md b/lockfile/preferred-versions/CHANGELOG.md index 1fec5ffce0..ba65c92640 100644 --- a/lockfile/preferred-versions/CHANGELOG.md +++ b/lockfile/preferred-versions/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/lockfile.preferred-versions +## 1000.0.19 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/resolver-base@1005.0.1 + ## 1000.0.18 ### Patch Changes diff --git a/lockfile/preferred-versions/package.json b/lockfile/preferred-versions/package.json index d123286816..b4eb8d6d1c 100644 --- a/lockfile/preferred-versions/package.json +++ b/lockfile/preferred-versions/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.preferred-versions", - "version": "1000.0.18", + "version": "1000.0.19", "description": "Get preferred version from lockfile", "keywords": [ "pnpm", diff --git a/lockfile/pruner/CHANGELOG.md b/lockfile/pruner/CHANGELOG.md index 25f47b5df4..3770a4b969 100644 --- a/lockfile/pruner/CHANGELOG.md +++ b/lockfile/pruner/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/prune-lockfile +## 1001.0.14 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1001.0.13 ### Patch Changes diff --git a/lockfile/pruner/package.json b/lockfile/pruner/package.json index e79b3797c0..59d4dcb830 100644 --- a/lockfile/pruner/package.json +++ b/lockfile/pruner/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.pruner", - "version": "1001.0.13", + "version": "1001.0.14", "description": "Prune a pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/lockfile/settings-checker/CHANGELOG.md b/lockfile/settings-checker/CHANGELOG.md index fad87c8619..bc2b8ce682 100644 --- a/lockfile/settings-checker/CHANGELOG.md +++ b/lockfile/settings-checker/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/lockfile.settings-checker +## 1001.0.13 + +### Patch Changes + +- @pnpm/lockfile.types@1002.0.1 +- @pnpm/crypto.hash@1000.2.0 + ## 1001.0.12 ### Patch Changes diff --git a/lockfile/settings-checker/package.json b/lockfile/settings-checker/package.json index a6f0ef6c59..bcefcc5461 100644 --- a/lockfile/settings-checker/package.json +++ b/lockfile/settings-checker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.settings-checker", - "version": "1001.0.12", + "version": "1001.0.13", "description": "Utilities to check if lockfile settings are out-of-date", "keywords": [ "pnpm", diff --git a/lockfile/types/CHANGELOG.md b/lockfile/types/CHANGELOG.md index 2ab3fce086..bef116881b 100644 --- a/lockfile/types/CHANGELOG.md +++ b/lockfile/types/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/lockfile-types +## 1002.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/resolver-base@1005.0.1 + ## 1002.0.0 ### Major Changes diff --git a/lockfile/types/package.json b/lockfile/types/package.json index 8761a19f6d..e46a7a8de9 100644 --- a/lockfile/types/package.json +++ b/lockfile/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.types", - "version": "1002.0.0", + "version": "1002.0.1", "description": "Types for the pnpm-lock.yaml lockfile", "keywords": [ "pnpm", diff --git a/lockfile/utils/CHANGELOG.md b/lockfile/utils/CHANGELOG.md index ead5b2510d..d0befd182e 100644 --- a/lockfile/utils/CHANGELOG.md +++ b/lockfile/utils/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/lockfile-utils +## 1003.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/pick-fetcher@1001.0.0 + ## 1003.0.0 ### Major Changes diff --git a/lockfile/utils/package.json b/lockfile/utils/package.json index 538a3c0ccd..e8425e2771 100644 --- a/lockfile/utils/package.json +++ b/lockfile/utils/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.utils", - "version": "1003.0.0", + "version": "1003.0.1", "description": "Utils for dealing with pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/lockfile/verification/CHANGELOG.md b/lockfile/verification/CHANGELOG.md index a9ca5e6871..9561e88d92 100644 --- a/lockfile/verification/CHANGELOG.md +++ b/lockfile/verification/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/lockfile.verification +## 1001.2.6 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/get-context@1001.1.5 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/crypto.hash@1000.2.0 + ## 1001.2.5 ### Patch Changes diff --git a/lockfile/verification/package.json b/lockfile/verification/package.json index 77358bce13..ed112b8f72 100644 --- a/lockfile/verification/package.json +++ b/lockfile/verification/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.verification", - "version": "1001.2.5", + "version": "1001.2.6", "description": "Checks a lockfile", "keywords": [ "pnpm", diff --git a/lockfile/walker/CHANGELOG.md b/lockfile/walker/CHANGELOG.md index c207a9ef1c..b85099e824 100644 --- a/lockfile/walker/CHANGELOG.md +++ b/lockfile/walker/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/lockfile-walker +## 1001.0.14 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1001.0.13 ### Patch Changes diff --git a/lockfile/walker/package.json b/lockfile/walker/package.json index 522ff21e66..fa675b422a 100644 --- a/lockfile/walker/package.json +++ b/lockfile/walker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/lockfile.walker", - "version": "1001.0.13", + "version": "1001.0.14", "description": "Walk over all the dependencies in a lockfile", "keywords": [ "pnpm", diff --git a/modules-mounter/daemon/CHANGELOG.md b/modules-mounter/daemon/CHANGELOG.md index 7a1b6205c1..afdef13643 100644 --- a/modules-mounter/daemon/CHANGELOG.md +++ b/modules-mounter/daemon/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/mount-modules +## 1001.0.30 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/store.cafs@1000.0.17 + ## 1001.0.29 ### Patch Changes diff --git a/modules-mounter/daemon/package.json b/modules-mounter/daemon/package.json index 024a8c5f6e..82a7e7d448 100644 --- a/modules-mounter/daemon/package.json +++ b/modules-mounter/daemon/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/mount-modules", - "version": "1001.0.29", + "version": "1001.0.30", "description": "Mounts a node_modules directory with FUSE", "keywords": [ "pnpm", diff --git a/network/fetch/CHANGELOG.md b/network/fetch/CHANGELOG.md index b1c1a8e6ee..8af7fb9357 100644 --- a/network/fetch/CHANGELOG.md +++ b/network/fetch/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/fetch +## 1000.2.5 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/core-loggers@1001.0.3 + ## 1000.2.4 ### Patch Changes diff --git a/network/fetch/package.json b/network/fetch/package.json index a398c522e2..d68916376e 100644 --- a/network/fetch/package.json +++ b/network/fetch/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/fetch", - "version": "1000.2.4", + "version": "1000.2.5", "description": "node-fetch with retries", "keywords": [ "pnpm", diff --git a/packages/calc-dep-state/CHANGELOG.md b/packages/calc-dep-state/CHANGELOG.md index 0e53da6f0c..4691413457 100644 --- a/packages/calc-dep-state/CHANGELOG.md +++ b/packages/calc-dep-state/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/calc-dep-state +## 1002.0.5 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + ## 1002.0.4 ### Patch Changes diff --git a/packages/calc-dep-state/package.json b/packages/calc-dep-state/package.json index b82b8fcb3a..83048432ab 100644 --- a/packages/calc-dep-state/package.json +++ b/packages/calc-dep-state/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/calc-dep-state", - "version": "1002.0.4", + "version": "1002.0.5", "description": "Calculates the state of a dependency", "keywords": [ "pnpm", diff --git a/packages/core-loggers/CHANGELOG.md b/packages/core-loggers/CHANGELOG.md index 186130141e..774c4635aa 100644 --- a/packages/core-loggers/CHANGELOG.md +++ b/packages/core-loggers/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/core-loggers +## 1001.0.3 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1001.0.2 ### Patch Changes diff --git a/packages/core-loggers/package.json b/packages/core-loggers/package.json index 4e18ec7800..e2d297388c 100644 --- a/packages/core-loggers/package.json +++ b/packages/core-loggers/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/core-loggers", - "version": "1001.0.2", + "version": "1001.0.3", "description": "Core loggers of pnpm", "keywords": [ "pnpm", diff --git a/packages/dependency-path/CHANGELOG.md b/packages/dependency-path/CHANGELOG.md index 86086230e8..47f3956d8b 100644 --- a/packages/dependency-path/CHANGELOG.md +++ b/packages/dependency-path/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/dependency-path +## 1001.1.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/crypto.hash@1000.2.0 + ## 1001.1.0 ### Minor Changes diff --git a/packages/dependency-path/package.json b/packages/dependency-path/package.json index 86a9cf7830..1268bffe51 100644 --- a/packages/dependency-path/package.json +++ b/packages/dependency-path/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/dependency-path", - "version": "1001.1.0", + "version": "1001.1.1", "description": "Utilities for working with symlinked node_modules", "keywords": [ "pnpm", diff --git a/packages/make-dedicated-lockfile/CHANGELOG.md b/packages/make-dedicated-lockfile/CHANGELOG.md index 804519248e..bb48bc64ad 100644 --- a/packages/make-dedicated-lockfile/CHANGELOG.md +++ b/packages/make-dedicated-lockfile/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/make-dedicated-lockfile +## 1000.0.24 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.pruner@1001.0.14 + - @pnpm/exportable-manifest@1000.1.4 + - @pnpm/read-project-manifest@1001.1.1 + ## 1000.0.23 ### Patch Changes diff --git a/packages/make-dedicated-lockfile/package.json b/packages/make-dedicated-lockfile/package.json index 02232e73e0..98a328f7ad 100644 --- a/packages/make-dedicated-lockfile/package.json +++ b/packages/make-dedicated-lockfile/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/make-dedicated-lockfile", - "version": "1000.0.23", + "version": "1000.0.24", "description": "Creates a dedicated lockfile for a subset of workspace projects", "keywords": [ "pnpm", diff --git a/packages/plugin-commands-doctor/CHANGELOG.md b/packages/plugin-commands-doctor/CHANGELOG.md index 618236736e..30ba304c78 100644 --- a/packages/plugin-commands-doctor/CHANGELOG.md +++ b/packages/plugin-commands-doctor/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/plugin-commands-doctor +## 1000.1.34 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + +## 1000.1.33 + +### Patch Changes + +- @pnpm/cli-utils@1001.1.2 + ## 1000.1.32 ### Patch Changes diff --git a/packages/plugin-commands-doctor/package.json b/packages/plugin-commands-doctor/package.json index 7008d96b97..19f36c40f6 100644 --- a/packages/plugin-commands-doctor/package.json +++ b/packages/plugin-commands-doctor/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-doctor", - "version": "1000.1.32", + "version": "1000.1.34", "description": "Commands for checks of known common issues ", "keywords": [ "pnpm", diff --git a/packages/plugin-commands-init/CHANGELOG.md b/packages/plugin-commands-init/CHANGELOG.md index 7ff8a0a2ee..b15d52ea58 100644 --- a/packages/plugin-commands-init/CHANGELOG.md +++ b/packages/plugin-commands-init/CHANGELOG.md @@ -1,5 +1,23 @@ # @pnpm/plugin-commands-init +## 1000.2.11 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/write-project-manifest@1000.0.10 + +## 1000.2.10 + +### Patch Changes + +- @pnpm/cli-utils@1001.1.2 + ## 1000.2.9 ### Patch Changes diff --git a/packages/plugin-commands-init/package.json b/packages/plugin-commands-init/package.json index 113c4251c6..40040b342a 100644 --- a/packages/plugin-commands-init/package.json +++ b/packages/plugin-commands-init/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-init", - "version": "1000.2.9", + "version": "1000.2.11", "description": "Create a package.json file", "keywords": [ "pnpm", diff --git a/packages/plugin-commands-setup/CHANGELOG.md b/packages/plugin-commands-setup/CHANGELOG.md index 78cff729c8..8413b70065 100644 --- a/packages/plugin-commands-setup/CHANGELOG.md +++ b/packages/plugin-commands-setup/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/plugin-commands-setup +## 1000.1.11 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/cli-utils@1001.2.0 + - @pnpm/cli-meta@1000.0.10 + +## 1000.1.10 + +### Patch Changes + +- @pnpm/cli-utils@1001.1.2 + ## 1000.1.9 ### Patch Changes diff --git a/packages/plugin-commands-setup/package.json b/packages/plugin-commands-setup/package.json index c6e8a69f8b..82958228eb 100644 --- a/packages/plugin-commands-setup/package.json +++ b/packages/plugin-commands-setup/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-setup", - "version": "1000.1.9", + "version": "1000.1.11", "description": "pnpm commands for setting up pnpm", "keywords": [ "pnpm", diff --git a/packages/render-peer-issues/CHANGELOG.md b/packages/render-peer-issues/CHANGELOG.md index 74d5170fde..2721865dd4 100644 --- a/packages/render-peer-issues/CHANGELOG.md +++ b/packages/render-peer-issues/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/render-peer-issues +## 1002.0.3 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1002.0.2 ### Patch Changes diff --git a/packages/render-peer-issues/package.json b/packages/render-peer-issues/package.json index 7697d49333..ab16623903 100644 --- a/packages/render-peer-issues/package.json +++ b/packages/render-peer-issues/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/render-peer-issues", - "version": "1002.0.2", + "version": "1002.0.3", "description": "Visualizes peer dependency issues", "keywords": [ "pnpm", diff --git a/packages/types/CHANGELOG.md b/packages/types/CHANGELOG.md index 9f52dfc808..b471b32751 100644 --- a/packages/types/CHANGELOG.md +++ b/packages/types/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/types +## 1000.8.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + ## 1000.7.0 ### Minor Changes diff --git a/packages/types/package.json b/packages/types/package.json index e49ffd8411..a13fafa688 100644 --- a/packages/types/package.json +++ b/packages/types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/types", - "version": "1000.7.0", + "version": "1000.8.0", "description": "Basic types used by pnpm", "keywords": [ "pnpm", diff --git a/packages/types/src/options.ts b/packages/types/src/options.ts index e15201a2d3..1442efd40c 100644 --- a/packages/types/src/options.ts +++ b/packages/types/src/options.ts @@ -1,5 +1,5 @@ import { type DependenciesField } from './misc.js' -import { type BaseManifest } from './package.js' +import { type BaseManifest, type DependencyManifest } from './package.js' export type LogBase = { level: 'debug' | 'error' @@ -14,3 +14,11 @@ export type IncludedDependencies = { } export type ReadPackageHook = (pkg: Pkg, dir?: string) => Pkg | Promise + +export interface FinderContext { + name: string + version: string + readManifest: () => DependencyManifest +} + +export type Finder = (ctx: FinderContext) => boolean | string diff --git a/patching/config/CHANGELOG.md b/patching/config/CHANGELOG.md index bb521a134c..fde0d1128f 100644 --- a/patching/config/CHANGELOG.md +++ b/patching/config/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/patching.config +## 1001.0.8 + +### Patch Changes + +- @pnpm/dependency-path@1001.1.1 + ## 1001.0.7 ### Patch Changes diff --git a/patching/config/package.json b/patching/config/package.json index 821fa9a33f..e7308b8c6f 100644 --- a/patching/config/package.json +++ b/patching/config/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/patching.config", - "version": "1001.0.7", + "version": "1001.0.8", "description": "Functions related to patching configurations", "keywords": [ "pnpm", diff --git a/patching/plugin-commands-patching/CHANGELOG.md b/patching/plugin-commands-patching/CHANGELOG.md index 65b8f708eb..06be70ad87 100644 --- a/patching/plugin-commands-patching/CHANGELOG.md +++ b/patching/plugin-commands-patching/CHANGELOG.md @@ -1,5 +1,37 @@ # @pnpm/plugin-commands-patching +## 1000.3.11 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [c182b2d] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/plugin-commands-installation@1004.6.0 + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/config.config-writer@1000.0.11 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/workspace.read-manifest@1000.2.3 + - @pnpm/crypto.hash@1000.2.0 + - @pnpm/patching.apply-patch@1000.0.6 + - @pnpm/pick-fetcher@1001.0.0 + +## 1000.3.10 + +### Patch Changes + +- @pnpm/plugin-commands-installation@1004.5.1 +- @pnpm/store-connection-manager@1002.0.11 +- @pnpm/cli-utils@1001.1.2 + ## 1000.3.9 ### Patch Changes diff --git a/patching/plugin-commands-patching/package.json b/patching/plugin-commands-patching/package.json index 3cfd9e206a..8da1e1d390 100644 --- a/patching/plugin-commands-patching/package.json +++ b/patching/plugin-commands-patching/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-patching", - "version": "1000.3.9", + "version": "1000.3.11", "description": "Commands for creating patches", "keywords": [ "pnpm", diff --git a/pkg-manager/client/CHANGELOG.md b/pkg-manager/client/CHANGELOG.md index 4ed88d5235..009d88de3a 100644 --- a/pkg-manager/client/CHANGELOG.md +++ b/pkg-manager/client/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/client +## 1001.0.4 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/default-resolver@1002.2.4 + - @pnpm/directory-fetcher@1000.1.11 + - @pnpm/git-fetcher@1001.0.14 + - @pnpm/tarball-fetcher@1001.0.14 + - @pnpm/fetch@1000.2.5 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/node.fetcher@1001.0.3 + - @pnpm/fetching.binary-fetcher@1000.0.2 + +## 1001.0.3 + +### Patch Changes + +- @pnpm/git-fetcher@1001.0.13 +- @pnpm/tarball-fetcher@1001.0.13 +- @pnpm/node.fetcher@1001.0.2 +- @pnpm/default-resolver@1002.2.3 + ## 1001.0.2 ### Patch Changes diff --git a/pkg-manager/client/package.json b/pkg-manager/client/package.json index 1ff9cef98c..8152ab1707 100644 --- a/pkg-manager/client/package.json +++ b/pkg-manager/client/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/client", - "version": "1001.0.2", + "version": "1001.0.4", "description": "Creates the package resolve and fetch functions", "keywords": [ "pnpm", diff --git a/pkg-manager/core/CHANGELOG.md b/pkg-manager/core/CHANGELOG.md index a20e76c284..1f40d366b1 100644 --- a/pkg-manager/core/CHANGELOG.md +++ b/pkg-manager/core/CHANGELOG.md @@ -1,5 +1,81 @@ # @pnpm/core +## 1010.1.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +### Patch Changes + +- 2ebd45a: Throw a `ABORTED_REMOVE_MODULES_DIR_NO_TTY` error if there's no TTY instead of showing the prompt to ask for confirmation to remove the modules directory and immediately exiting with code 0. +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/resolve-dependencies@1008.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/build-modules@1000.3.14 + - @pnpm/lockfile.verification@1001.2.6 + - @pnpm/headless@1004.2.4 + - @pnpm/link-bins@1000.2.2 + - @pnpm/package-requester@1006.0.1 + - @pnpm/remove-bins@1000.0.13 + - @pnpm/lockfile.filtering@1001.0.18 + - @pnpm/normalize-registries@1000.1.3 + - @pnpm/symlink-dependency@1000.0.11 + - @pnpm/hooks.read-package-hook@1000.0.13 + - @pnpm/hooks.types@1001.0.11 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile-to-pnp@1001.0.20 + - @pnpm/lockfile.preferred-versions@1000.0.19 + - @pnpm/lockfile.pruner@1001.0.14 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/lockfile.walker@1001.0.14 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/get-context@1001.1.5 + - @pnpm/hoist@1002.0.4 + - @pnpm/modules-cleaner@1001.0.20 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/crypto.hash@1000.2.0 + - @pnpm/lockfile.settings-checker@1001.0.13 + - @pnpm/pkg-manager.direct-dep-linker@1000.0.11 + - @pnpm/patching.config@1001.0.8 + +## 1010.0.2 + +### Patch Changes + +- Updated dependencies [77d5b17] +- Updated dependencies [3482fe1] +- Updated dependencies [affdd5b] + - @pnpm/lockfile-to-pnp@1001.0.19 + - @pnpm/resolve-dependencies@1008.0.2 + - @pnpm/link-bins@1000.2.1 + - @pnpm/headless@1004.2.3 + - @pnpm/build-modules@1000.3.13 + - @pnpm/lifecycle@1001.0.20 + - @pnpm/hoist@1002.0.3 + - @pnpm/package-requester@1006.0.0 + ## 1010.0.1 ### Patch Changes diff --git a/pkg-manager/core/package.json b/pkg-manager/core/package.json index 8887ccb1b1..9110b8eff2 100644 --- a/pkg-manager/core/package.json +++ b/pkg-manager/core/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/core", - "version": "1010.0.1", + "version": "1010.1.0", "description": "Fast, disk space efficient installation engine", "keywords": [ "pnpm", diff --git a/pkg-manager/core/src/install/extendInstallOptions.ts b/pkg-manager/core/src/install/extendInstallOptions.ts index bde62bb2ee..a78f4797b2 100644 --- a/pkg-manager/core/src/install/extendInstallOptions.ts +++ b/pkg-manager/core/src/install/extendInstallOptions.ts @@ -165,6 +165,8 @@ export interface StrictInstallOptions { returnListOfDepsRequiringBuild?: boolean injectWorkspacePackages?: boolean ci?: boolean + minimumReleaseAge?: number + minimumReleaseAgeExclude?: string[] } export type InstallOptions = diff --git a/pkg-manager/core/src/install/index.ts b/pkg-manager/core/src/install/index.ts index 52b0e3b429..241fd03260 100644 --- a/pkg-manager/core/src/install/index.ts +++ b/pkg-manager/core/src/install/index.ts @@ -1175,6 +1175,8 @@ const _installInContext: InstallFunction = async (projects, ctx, opts) => { supportedArchitectures: opts.supportedArchitectures, peersSuffixMaxLength: opts.peersSuffixMaxLength, injectWorkspacePackages: opts.injectWorkspacePackages, + minimumReleaseAge: opts.minimumReleaseAge, + minimumReleaseAgeExclude: opts.minimumReleaseAgeExclude, } ) if (!opts.include.optionalDependencies || !opts.include.devDependencies || !opts.include.dependencies) { diff --git a/pkg-manager/core/src/install/validateModules.ts b/pkg-manager/core/src/install/validateModules.ts index 36faa2fa8e..860c9799b6 100644 --- a/pkg-manager/core/src/install/validateModules.ts +++ b/pkg-manager/core/src/install/validateModules.ts @@ -149,6 +149,11 @@ async function purgeModulesDirsOfImporters ( importers: ImporterToPurge[] ): Promise { if (opts.confirmModulesPurge ?? true) { + if (!process.stdin.isTTY) { + throw new PnpmError('ABORTED_REMOVE_MODULES_DIR_NO_TTY', 'Aborted removal of modules directory due to no TTY', { + hint: 'If you are running pnpm in CI, set the CI environment variable to "true".', + }) + } const confirmed = await enquirer.prompt<{ question: boolean }>({ type: 'confirm', name: 'question', diff --git a/pkg-manager/core/test/install/minimumReleaseAge.ts b/pkg-manager/core/test/install/minimumReleaseAge.ts new file mode 100644 index 0000000000..be43134189 --- /dev/null +++ b/pkg-manager/core/test/install/minimumReleaseAge.ts @@ -0,0 +1,24 @@ +import { prepareEmpty } from '@pnpm/prepare' +import { addDependenciesToPackage } from '@pnpm/core' +import { testDefaults } from '../utils/index.js' + +const isOdd011ReleaseDate = new Date(2016, 11, 7 - 2) // 0.1.1 was released at 2016-12-07T07:18:01.205Z +const diff = Date.now() - isOdd011ReleaseDate.getTime() +const minimumReleaseAge = diff / (60 * 1000) // converting to minutes + +test('minimumReleaseAge prevents installation of versions that do not meet the required publish date cutoff', async () => { + prepareEmpty() + + const { updatedManifest: manifest } = await addDependenciesToPackage({}, ['is-odd@0.1'], testDefaults({ minimumReleaseAge })) + + expect(manifest.dependencies!['is-odd']).toEqual('~0.1.0') +}) + +test('minimumReleaseAge is ignored for packages in the minimumReleaseAgeExclude array', async () => { + prepareEmpty() + + const opts = testDefaults({ minimumReleaseAge, minimumReleaseAgeExclude: ['is-odd'] }) + const { updatedManifest: manifest } = await addDependenciesToPackage({}, ['is-odd@0.1'], opts) + + expect(manifest.dependencies!['is-odd']).toEqual('~0.1.2') +}) diff --git a/pkg-manager/core/test/install/peerDependencies.ts b/pkg-manager/core/test/install/peerDependencies.ts index b64e586217..588e86023f 100644 --- a/pkg-manager/core/test/install/peerDependencies.ts +++ b/pkg-manager/core/test/install/peerDependencies.ts @@ -1,5 +1,6 @@ import fs from 'fs' import path from 'path' +import { type Project } from '@pnpm/assert-project' import { WANTED_LOCKFILE } from '@pnpm/constants' import { type LockfileFile } from '@pnpm/lockfile.fs' import { prepareEmpty, preparePackages } from '@pnpm/prepare' @@ -332,83 +333,152 @@ test('peer dependency is resolved from the dependencies of the workspace root pr } }) -test('peer dependency is resolved from the dependencies of the workspace root project even if there are other versions of the peer dependency present in the dependency graph', async () => { - const projects = preparePackages([ - { - location: '.', - package: { name: 'root' }, - }, - { - location: 'pkg', - package: {}, - }, - { - location: 'pkg2', - package: {}, - }, - ]) - const allProjects: ProjectOptions[] = [ - { - buildIndex: 0, - manifest: { - name: 'root', - version: '1.0.0', - - dependencies: { - ajv: '4.10.0', - }, +describe('peer dependency is resolved from the root of the workspace even if there are other versions of the peer dependency present in the dependency graph', () => { + let nonRootProjects: ProjectOptions[] + let projects: Record + let mutatedProjects: MutatedProject[] + beforeEach(() => { + projects = preparePackages([ + { + location: '.', + package: { name: 'root' }, }, - rootDir: process.cwd() as ProjectRootDir, - }, - { - buildIndex: 0, - manifest: { - name: 'pkg', - version: '1.0.0', - - dependencies: { - 'ajv-keywords': '1.5.0', - }, + { + location: 'pkg', + package: {}, }, - rootDir: path.resolve('pkg') as ProjectRootDir, - }, - { - buildIndex: 0, - manifest: { - name: 'pkg2', - version: '1.0.0', - - dependencies: { - ajv: '5.0.0', - }, + { + location: 'pkg2', + package: {}, }, - rootDir: path.resolve('pkg2') as ProjectRootDir, - }, - ] - const reporter = jest.fn() - await mutateModules([ - { - mutation: 'install', - rootDir: process.cwd() as ProjectRootDir, - }, - { - mutation: 'install', - rootDir: path.resolve('pkg') as ProjectRootDir, - }, - { - mutation: 'install', - rootDir: path.resolve('pkg2') as ProjectRootDir, - }, - ], testDefaults({ allProjects, reporter, resolvePeersFromWorkspaceRoot: true })) + ]) + nonRootProjects = [ + { + buildIndex: 0, + manifest: { + name: 'pkg', + version: '1.0.0', - expect(reporter).not.toHaveBeenCalledWith(expect.objectContaining({ - name: 'pnpm:peer-dependency-issues', - })) + dependencies: { + 'ajv-keywords': '1.5.0', + }, + }, + rootDir: path.resolve('pkg') as ProjectRootDir, + }, + { + buildIndex: 0, + manifest: { + name: 'pkg2', + version: '1.0.0', - { - const lockfile = projects.root.readLockfile() - expect(lockfile.importers.pkg?.dependencies?.['ajv-keywords'].version).toBe('1.5.0(ajv@4.10.0)') - } + dependencies: { + ajv: '5.0.0', + }, + }, + rootDir: path.resolve('pkg2') as ProjectRootDir, + }, + ] + mutatedProjects = [ + { + mutation: 'install', + rootDir: process.cwd() as ProjectRootDir, + }, + { + mutation: 'install', + rootDir: path.resolve('pkg') as ProjectRootDir, + }, + { + mutation: 'install', + rootDir: path.resolve('pkg2') as ProjectRootDir, + }, + ] + }) + test('the package in the root is a regular non-aliased npm-hosted dependency', async () => { + const allProjects: ProjectOptions[] = [ + { + buildIndex: 0, + manifest: { + name: 'root', + version: '1.0.0', + + dependencies: { + ajv: '4.10.0', + }, + }, + rootDir: process.cwd() as ProjectRootDir, + }, + ...nonRootProjects, + ] + const reporter = jest.fn() + await mutateModules(mutatedProjects, testDefaults({ allProjects, reporter, resolvePeersFromWorkspaceRoot: true })) + + expect(reporter).not.toHaveBeenCalledWith(expect.objectContaining({ + name: 'pnpm:peer-dependency-issues', + })) + + { + const lockfile = projects.root.readLockfile() + expect(lockfile.importers.pkg?.dependencies?.['ajv-keywords'].version).toBe('1.5.0(ajv@4.10.0)') + } + }) + test('the package in the root is aliasing a package with a different name', async () => { + const allProjects: ProjectOptions[] = [ + { + buildIndex: 0, + manifest: { + name: 'root', + version: '1.0.0', + + dependencies: { + ajv: 'npm:@pnpm.e2e/foo@100.0.0', + }, + }, + rootDir: process.cwd() as ProjectRootDir, + }, + ...nonRootProjects, + ] + const reporter = jest.fn() + await mutateModules(mutatedProjects, testDefaults({ allProjects, reporter, resolvePeersFromWorkspaceRoot: true })) + + expect(reporter).not.toHaveBeenCalledWith(expect.objectContaining({ + name: 'pnpm:peer-dependency-issues', + })) + + { + const lockfile = projects.root.readLockfile() + expect(lockfile.importers.pkg?.dependencies?.['ajv-keywords'].version).toBe('1.5.0(@pnpm.e2e/foo@100.0.0)') + } + }) + test('the package in the root is under an alias', async () => { + const allProjects: ProjectOptions[] = [ + { + buildIndex: 0, + manifest: { + name: 'root', + version: '1.0.0', + + dependencies: { + b: 'npm:ajv@1.0.0', + a: 'npm:ajv@4.10.0', + c: 'npm:ajv@2.0.0', + }, + }, + rootDir: process.cwd() as ProjectRootDir, + }, + ...nonRootProjects, + ] + const reporter = jest.fn() + await mutateModules(mutatedProjects, testDefaults({ allProjects, reporter, resolvePeersFromWorkspaceRoot: true })) + + expect(reporter).not.toHaveBeenCalledWith(expect.objectContaining({ + name: 'pnpm:peer-dependency-issues', + })) + + { + const lockfile = projects.root.readLockfile() + expect(lockfile.importers.pkg?.dependencies?.['ajv-keywords'].version).toBe('1.5.0(ajv@4.10.0)') + } + }) }) test('warning is reported when cannot resolve peer dependency for non-top-level dependency', async () => { diff --git a/pkg-manager/direct-dep-linker/CHANGELOG.md b/pkg-manager/direct-dep-linker/CHANGELOG.md index 851d7db92c..f40fb11a74 100644 --- a/pkg-manager/direct-dep-linker/CHANGELOG.md +++ b/pkg-manager/direct-dep-linker/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/pkg-manager.direct-dep-linker +## 1000.0.11 + +### Patch Changes + +- @pnpm/symlink-dependency@1000.0.11 +- @pnpm/core-loggers@1001.0.3 + ## 1000.0.10 ### Patch Changes diff --git a/pkg-manager/direct-dep-linker/package.json b/pkg-manager/direct-dep-linker/package.json index c392f5b5f6..ed511cb7cc 100644 --- a/pkg-manager/direct-dep-linker/package.json +++ b/pkg-manager/direct-dep-linker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/pkg-manager.direct-dep-linker", - "version": "1000.0.10", + "version": "1000.0.11", "description": "Fast installation using only pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/pkg-manager/get-context/CHANGELOG.md b/pkg-manager/get-context/CHANGELOG.md index 08b0b08240..f343e4af51 100644 --- a/pkg-manager/get-context/CHANGELOG.md +++ b/pkg-manager/get-context/CHANGELOG.md @@ -1,5 +1,17 @@ # @pnpm/get-context +## 1001.1.5 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/read-projects-context@1000.0.21 + - @pnpm/resolver-base@1005.0.1 + ## 1001.1.4 ### Patch Changes diff --git a/pkg-manager/get-context/package.json b/pkg-manager/get-context/package.json index 7415c47786..59a86c8c7a 100644 --- a/pkg-manager/get-context/package.json +++ b/pkg-manager/get-context/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/get-context", - "version": "1001.1.4", + "version": "1001.1.5", "description": "Gets context information about a project", "keywords": [ "pnpm", diff --git a/pkg-manager/headless/CHANGELOG.md b/pkg-manager/headless/CHANGELOG.md index 587814be96..9690e6ef55 100644 --- a/pkg-manager/headless/CHANGELOG.md +++ b/pkg-manager/headless/CHANGELOG.md @@ -1,5 +1,52 @@ # @pnpm/headless +## 1004.2.4 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/types@1000.8.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/build-modules@1000.3.14 + - @pnpm/link-bins@1000.2.2 + - @pnpm/package-requester@1006.0.1 + - @pnpm/deps.graph-builder@1002.2.4 + - @pnpm/lockfile.filtering@1001.0.18 + - @pnpm/symlink-dependency@1000.0.11 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile-to-pnp@1001.0.20 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/hoist@1002.0.4 + - @pnpm/modules-cleaner@1001.0.20 + - @pnpm/modules-yaml@1000.3.5 + - @pnpm/real-hoist@1001.0.17 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/pkg-manager.direct-dep-linker@1000.0.11 + - @pnpm/patching.config@1001.0.8 + +## 1004.2.3 + +### Patch Changes + +- Updated dependencies [77d5b17] +- Updated dependencies [affdd5b] + - @pnpm/lockfile-to-pnp@1001.0.19 + - @pnpm/link-bins@1000.2.1 + - @pnpm/build-modules@1000.3.13 + - @pnpm/lifecycle@1001.0.20 + - @pnpm/hoist@1002.0.3 + - @pnpm/package-requester@1006.0.0 + ## 1004.2.2 ### Patch Changes diff --git a/pkg-manager/headless/package.json b/pkg-manager/headless/package.json index 9c92365b0d..620fc4b407 100644 --- a/pkg-manager/headless/package.json +++ b/pkg-manager/headless/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/headless", - "version": "1004.2.2", + "version": "1004.2.4", "description": "Fast installation using only pnpm-lock.yaml", "keywords": [ "pnpm", diff --git a/pkg-manager/hoist/CHANGELOG.md b/pkg-manager/hoist/CHANGELOG.md index 90ef713338..ddb597f342 100644 --- a/pkg-manager/hoist/CHANGELOG.md +++ b/pkg-manager/hoist/CHANGELOG.md @@ -1,5 +1,21 @@ # @pnpm/hoist +## 1002.0.4 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/link-bins@1000.2.2 + - @pnpm/core-loggers@1001.0.3 + +## 1002.0.3 + +### Patch Changes + +- Updated dependencies [affdd5b] + - @pnpm/link-bins@1000.2.1 + ## 1002.0.2 ### Patch Changes diff --git a/pkg-manager/hoist/package.json b/pkg-manager/hoist/package.json index db1388f86b..29a33d7115 100644 --- a/pkg-manager/hoist/package.json +++ b/pkg-manager/hoist/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/hoist", - "version": "1002.0.2", + "version": "1002.0.4", "description": "Hoists dependencies in a node_modules created by pnpm", "keywords": [ "pnpm", diff --git a/pkg-manager/link-bins/CHANGELOG.md b/pkg-manager/link-bins/CHANGELOG.md index 8d2ec1a18d..b378493ea2 100644 --- a/pkg-manager/link-bins/CHANGELOG.md +++ b/pkg-manager/link-bins/CHANGELOG.md @@ -1,5 +1,23 @@ # @pnpm/link-bins +## 1000.2.2 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/package-bins@1000.0.10 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/read-project-manifest@1001.1.1 + +## 1000.2.1 + +### Patch Changes + +- affdd5b: Replace `p-settle` with the builtin `Promise.allSettled` + ## 1000.2.0 ### Minor Changes diff --git a/pkg-manager/link-bins/package.json b/pkg-manager/link-bins/package.json index 4a93498baa..d894eb167d 100644 --- a/pkg-manager/link-bins/package.json +++ b/pkg-manager/link-bins/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/link-bins", - "version": "1000.2.0", + "version": "1000.2.2", "description": "Link bins to node_modules/.bin", "keywords": [ "pnpm", diff --git a/pkg-manager/modules-cleaner/CHANGELOG.md b/pkg-manager/modules-cleaner/CHANGELOG.md index 719f115af7..4230de0576 100644 --- a/pkg-manager/modules-cleaner/CHANGELOG.md +++ b/pkg-manager/modules-cleaner/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/modules-cleaner +## 1001.0.20 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/remove-bins@1000.0.13 + - @pnpm/lockfile.filtering@1001.0.18 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/store-controller-types@1004.0.2 + ## 1001.0.19 ### Patch Changes diff --git a/pkg-manager/modules-cleaner/package.json b/pkg-manager/modules-cleaner/package.json index fc3a40eea5..82053c25cc 100644 --- a/pkg-manager/modules-cleaner/package.json +++ b/pkg-manager/modules-cleaner/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/modules-cleaner", - "version": "1001.0.19", + "version": "1001.0.20", "description": "Exports util functions to clean up node_modules", "keywords": [ "pnpm", diff --git a/pkg-manager/modules-yaml/CHANGELOG.md b/pkg-manager/modules-yaml/CHANGELOG.md index c33e9da69b..71810d62ab 100644 --- a/pkg-manager/modules-yaml/CHANGELOG.md +++ b/pkg-manager/modules-yaml/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/modules-yaml +## 1000.3.5 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.3.4 ### Patch Changes diff --git a/pkg-manager/modules-yaml/package.json b/pkg-manager/modules-yaml/package.json index c06c6e3342..e70cddbc15 100644 --- a/pkg-manager/modules-yaml/package.json +++ b/pkg-manager/modules-yaml/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/modules-yaml", - "version": "1000.3.4", + "version": "1000.3.5", "description": "Reads/writes `node_modules/.modules.yaml`", "keywords": [ "pnpm", diff --git a/pkg-manager/package-bins/CHANGELOG.md b/pkg-manager/package-bins/CHANGELOG.md index 1c5f5a319a..8585e3bfd1 100644 --- a/pkg-manager/package-bins/CHANGELOG.md +++ b/pkg-manager/package-bins/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/package-bins +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/pkg-manager/package-bins/package.json b/pkg-manager/package-bins/package.json index e392e86bc3..c1672fb705 100644 --- a/pkg-manager/package-bins/package.json +++ b/pkg-manager/package-bins/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/package-bins", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Returns bins of a package", "keywords": [ "pnpm", diff --git a/pkg-manager/package-requester/CHANGELOG.md b/pkg-manager/package-requester/CHANGELOG.md index 4eb3c90a5e..c780ff9bc7 100644 --- a/pkg-manager/package-requester/CHANGELOG.md +++ b/pkg-manager/package-requester/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/package-requester +## 1006.0.1 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/types@1000.8.0 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/store.cafs@1000.0.17 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/pick-fetcher@1001.0.0 + ## 1006.0.0 ### Major Changes diff --git a/pkg-manager/package-requester/package.json b/pkg-manager/package-requester/package.json index 3c7fa5bc59..fc0d4f08fd 100644 --- a/pkg-manager/package-requester/package.json +++ b/pkg-manager/package-requester/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/package-requester", - "version": "1006.0.0", + "version": "1006.0.1", "description": "Concurrent downloader of npm-compatible packages", "keywords": [ "pnpm", diff --git a/pkg-manager/plugin-commands-installation/CHANGELOG.md b/pkg-manager/plugin-commands-installation/CHANGELOG.md index 85bb4222ae..dca0cc6086 100644 --- a/pkg-manager/plugin-commands-installation/CHANGELOG.md +++ b/pkg-manager/plugin-commands-installation/CHANGELOG.md @@ -1,5 +1,74 @@ # @pnpm/plugin-commands-installation +## 1004.6.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +### Patch Changes + +- c182b2d: `cleanupUnusedCatalogs` configuration should be applied when removing a dependency package. +- Updated dependencies [e792927] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [2ebd45a] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/core@1010.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/pnpmfile@1002.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/config.deps-installer@1000.0.12 + - @pnpm/plugin-commands-rebuild@1002.0.25 + - @pnpm/outdated@1001.0.29 + - @pnpm/workspace.pkgs-graph@1000.0.19 + - @pnpm/deps.status@1003.0.7 + - @pnpm/plugin-commands-env@1000.0.36 + - @pnpm/workspace.state@1002.0.3 + - @pnpm/config.config-writer@1000.0.11 + - @pnpm/pick-registry-for-package@1000.0.10 + - @pnpm/dedupe.check@1001.0.11 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/get-context@1001.1.5 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/write-project-manifest@1000.0.10 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/package-store@1002.0.10 + - @pnpm/filter-workspace-packages@1000.0.35 + - @pnpm/workspace.find-packages@1000.0.35 + - @pnpm/workspace.manifest-writer@1001.0.1 + - @pnpm/sort-packages@1000.0.10 + +## 1004.5.1 + +### Patch Changes + +- @pnpm/core@1010.0.2 +- @pnpm/plugin-commands-rebuild@1002.0.24 +- @pnpm/outdated@1001.0.28 +- @pnpm/package-store@1002.0.9 +- @pnpm/store-connection-manager@1002.0.11 +- @pnpm/plugin-commands-env@1000.0.35 +- @pnpm/cli-utils@1001.1.2 +- @pnpm/config.deps-installer@1000.0.11 +- @pnpm/workspace.find-packages@1000.0.34 +- @pnpm/deps.status@1003.0.6 +- @pnpm/filter-workspace-packages@1000.0.34 + ## 1004.5.0 ### Minor Changes diff --git a/pkg-manager/plugin-commands-installation/package.json b/pkg-manager/plugin-commands-installation/package.json index 5bcf09e968..c082a1add2 100644 --- a/pkg-manager/plugin-commands-installation/package.json +++ b/pkg-manager/plugin-commands-installation/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-installation", - "version": "1004.5.0", + "version": "1004.6.0", "description": "Commands for installation", "keywords": [ "pnpm", diff --git a/pkg-manager/plugin-commands-installation/src/remove.ts b/pkg-manager/plugin-commands-installation/src/remove.ts index d8ca43c1ef..63d4565163 100644 --- a/pkg-manager/plugin-commands-installation/src/remove.ts +++ b/pkg-manager/plugin-commands-installation/src/remove.ts @@ -9,6 +9,7 @@ import { type Config, getOptionsFromRootManifest, types as allTypes } from '@pnp import { PnpmError } from '@pnpm/error' import { arrayOfWorkspacePackagesToMap } from '@pnpm/get-context' import { findWorkspacePackages } from '@pnpm/workspace.find-packages' +import { updateWorkspaceManifest } from '@pnpm/workspace.manifest-writer' import { getAllDependenciesFromManifest } from '@pnpm/manifest-utils' import { createOrConnectStoreController, type CreateStoreControllerOptions } from '@pnpm/store-connection-manager' import { type DependenciesField, type ProjectRootDir } from '@pnpm/types' @@ -149,6 +150,7 @@ export async function handler ( | 'workspaceDir' | 'workspacePackagePatterns' | 'sharedWorkspaceLockfile' + | 'cleanupUnusedCatalogs' > & { recursive?: boolean pnpmfile: string[] @@ -214,4 +216,8 @@ export async function handler ( removeOpts ) await writeProjectManifest(mutationResult.updatedProject.manifest) + await updateWorkspaceManifest(opts.workspaceDir ?? opts.dir, { + cleanupUnusedCatalogs: opts.cleanupUnusedCatalogs, + allProjects: opts.allProjects, + }) } diff --git a/pkg-manager/plugin-commands-installation/test/add.ts b/pkg-manager/plugin-commands-installation/test/add.ts index 07cfb85c6b..1affc599f8 100644 --- a/pkg-manager/plugin-commands-installation/test/add.ts +++ b/pkg-manager/plugin-commands-installation/test/add.ts @@ -400,6 +400,21 @@ test('add: fail trying to install @pnpm/exe', async () => { expect(err.code).toBe('ERR_PNPM_GLOBAL_PNPM_INSTALL') }) +test('minimumReleaseAge makes install fail if there is no version that was published before the cutoff', async () => { + prepareEmpty() + + const isOdd011ReleaseDate = new Date(2016, 11, 7 - 2) // 0.1.1 was released at 2016-12-07T07:18:01.205Z + const diff = Date.now() - isOdd011ReleaseDate.getTime() + const minimumReleaseAge = diff / (60 * 1000) // converting to minutes + + await expect(add.handler({ + ...DEFAULT_OPTIONS, + dir: path.resolve('project'), + minimumReleaseAge, + linkWorkspacePackages: false, + }, ['is-odd@0.1.1'])).rejects.toThrow('No matching version found') +}) + describeOnLinuxOnly('filters optional dependencies based on pnpm.supportedArchitectures.libc', () => { test.each([ ['glibc', '@pnpm.e2e+only-linux-x64-glibc@1.0.0', '@pnpm.e2e+only-linux-x64-musl@1.0.0'], diff --git a/pkg-manager/read-projects-context/CHANGELOG.md b/pkg-manager/read-projects-context/CHANGELOG.md index 2de654a38f..6974bbe0a7 100644 --- a/pkg-manager/read-projects-context/CHANGELOG.md +++ b/pkg-manager/read-projects-context/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/read-projects-context +## 1000.0.21 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/normalize-registries@1000.1.3 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/modules-yaml@1000.3.5 + ## 1000.0.20 ### Patch Changes diff --git a/pkg-manager/read-projects-context/package.json b/pkg-manager/read-projects-context/package.json index d433e80ad0..b37e73fe74 100644 --- a/pkg-manager/read-projects-context/package.json +++ b/pkg-manager/read-projects-context/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/read-projects-context", - "version": "1000.0.20", + "version": "1000.0.21", "description": "Reads the current state of projects from modules manifest", "keywords": [ "pnpm", diff --git a/pkg-manager/real-hoist/CHANGELOG.md b/pkg-manager/real-hoist/CHANGELOG.md index 1bb41cf7f5..82a135bcb7 100644 --- a/pkg-manager/real-hoist/CHANGELOG.md +++ b/pkg-manager/real-hoist/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/real-hoist +## 1001.0.17 + +### Patch Changes + +- @pnpm/lockfile.utils@1003.0.1 +- @pnpm/dependency-path@1001.1.1 + ## 1001.0.16 ### Patch Changes diff --git a/pkg-manager/real-hoist/package.json b/pkg-manager/real-hoist/package.json index 9c0d3b452f..9bf82b9d63 100644 --- a/pkg-manager/real-hoist/package.json +++ b/pkg-manager/real-hoist/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/real-hoist", - "version": "1001.0.16", + "version": "1001.0.17", "description": "Hoists dependencies in a node_modules created by pnpm", "keywords": [ "pnpm", diff --git a/pkg-manager/remove-bins/CHANGELOG.md b/pkg-manager/remove-bins/CHANGELOG.md index 85c396d22c..82be2f261f 100644 --- a/pkg-manager/remove-bins/CHANGELOG.md +++ b/pkg-manager/remove-bins/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/remove-bins +## 1000.0.13 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/package-bins@1000.0.10 + ## 1000.0.12 ### Patch Changes diff --git a/pkg-manager/remove-bins/package.json b/pkg-manager/remove-bins/package.json index 79a15844e8..b2c3b4dba5 100644 --- a/pkg-manager/remove-bins/package.json +++ b/pkg-manager/remove-bins/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/remove-bins", - "version": "1000.0.12", + "version": "1000.0.13", "description": "Remove bins from .bin", "keywords": [ "pnpm", diff --git a/pkg-manager/resolve-dependencies/CHANGELOG.md b/pkg-manager/resolve-dependencies/CHANGELOG.md index 410357f04a..36f8d35513 100644 --- a/pkg-manager/resolve-dependencies/CHANGELOG.md +++ b/pkg-manager/resolve-dependencies/CHANGELOG.md @@ -1,5 +1,49 @@ # @pnpm/resolve-dependencies +## 1008.1.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.preferred-versions@1000.0.19 + - @pnpm/lockfile.pruner@1001.0.14 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/calc-dep-state@1002.0.5 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/manifest-utils@1001.0.4 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/pick-fetcher@1001.0.0 + - @pnpm/patching.config@1001.0.8 + +## 1008.0.2 + +### Patch Changes + +- 3482fe1: When resolving peer dependencies, pnpm looks whether the peer dependency is present in the root workspace project's dependencies. This change makes it so that the peer dependency is correctly resolved even from aliased npm-hosted dependencies or other types of dependencies [#9913](https://github.com/pnpm/pnpm/issues/9913). + ## 1008.0.1 ### Patch Changes diff --git a/pkg-manager/resolve-dependencies/package.json b/pkg-manager/resolve-dependencies/package.json index 3454bf3fd4..d3418d9849 100644 --- a/pkg-manager/resolve-dependencies/package.json +++ b/pkg-manager/resolve-dependencies/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolve-dependencies", - "version": "1008.0.1", + "version": "1008.1.0", "description": "Resolves dependency graph of a package", "keywords": [ "pnpm", @@ -53,6 +53,7 @@ "@pnpm/semver.peer-range": "workspace:*", "@pnpm/store-controller-types": "workspace:*", "@pnpm/types": "workspace:*", + "@pnpm/util.lex-comparator": "catalog:", "@pnpm/workspace.spec-parser": "workspace:*", "@yarnpkg/core": "catalog:", "filenamify": "catalog:", diff --git a/pkg-manager/resolve-dependencies/src/dedupeInjectedDeps.ts b/pkg-manager/resolve-dependencies/src/dedupeInjectedDeps.ts index cb035c8089..2dea35ed6c 100644 --- a/pkg-manager/resolve-dependencies/src/dedupeInjectedDeps.ts +++ b/pkg-manager/resolve-dependencies/src/dedupeInjectedDeps.ts @@ -82,6 +82,7 @@ function applyDedupeMap ( const prev = opts.resolvedImporters[id].directDependencies[index] const linkedDep: LinkedDependency & ResolvedDirectDependency = { ...prev, + pkg: prev, isLinkedDependency: true, pkgId: `link:${normalize(path.relative(id, dedupedProjectId))}` as PkgResolutionId, resolution: { diff --git a/pkg-manager/resolve-dependencies/src/hoistPeers.ts b/pkg-manager/resolve-dependencies/src/hoistPeers.ts index cdcf94ac21..7471bdf5a8 100644 --- a/pkg-manager/resolve-dependencies/src/hoistPeers.ts +++ b/pkg-manager/resolve-dependencies/src/hoistPeers.ts @@ -1,4 +1,5 @@ import { type PreferredVersions } from '@pnpm/resolver-base' +import { lexCompare } from '@pnpm/util.lex-comparator' import semver from 'semver' import { type PkgAddressOrLink } from './resolveDependencies.js' @@ -12,9 +13,16 @@ export function hoistPeers ( ): Record { const dependencies: Record = {} for (const [peerName, { range }] of missingRequiredPeers) { - const rootDep = opts.workspaceRootDeps.find((rootDep) => rootDep.alias === peerName) - if (rootDep?.version) { - dependencies[peerName] = rootDep.version + const rootDepByAlias = opts.workspaceRootDeps.find((rootDep) => rootDep.alias === peerName) + if (rootDepByAlias?.normalizedBareSpecifier) { + dependencies[peerName] = rootDepByAlias.normalizedBareSpecifier + continue + } + const rootDep = opts.workspaceRootDeps + .filter((rootDep) => rootDep.pkg.name === peerName) + .sort((rootDep1, rootDep2) => lexCompare(rootDep1.alias, rootDep2.alias))[0] + if (rootDep?.normalizedBareSpecifier) { + dependencies[peerName] = rootDep.normalizedBareSpecifier continue } if (opts.allPreferredVersions![peerName]) { diff --git a/pkg-manager/resolve-dependencies/src/resolveDependencies.ts b/pkg-manager/resolve-dependencies/src/resolveDependencies.ts index deeca5ef0c..9ee0ede472 100644 --- a/pkg-manager/resolve-dependencies/src/resolveDependencies.ts +++ b/pkg-manager/resolve-dependencies/src/resolveDependencies.ts @@ -100,17 +100,21 @@ DependenciesTreeNode export type ResolvedPkgsById = Record -export interface LinkedDependency { - isLinkedDependency: true - optional: boolean - dev: boolean - resolution: DirectoryResolution - pkgId: PkgResolutionId - version: string - name: string +export interface PkgAddressOrLinkBase { alias: string catalogLookup?: CatalogLookupMetadata normalizedBareSpecifier?: string + optional: boolean + pkg: PackageManifest + pkgId: PkgResolutionId +} + +export interface LinkedDependency extends PkgAddressOrLinkBase { + isLinkedDependency: true + dev: boolean + resolution: DirectoryResolution + version: string + name: string } export interface PendingNode { @@ -170,6 +174,8 @@ export interface ResolutionContext { workspacePackages?: WorkspacePackages missingPeersOfChildrenByPkgId: Record hoistPeers?: boolean + maximumPublishedBy?: Date + minimumReleaseAgeExclude?: string[] } export interface MissingPeerInfo { @@ -188,32 +194,21 @@ interface MissingPeersOfChildren { resolved?: boolean } -export type PkgAddress = { - alias: string +export interface PkgAddress extends PkgAddressOrLinkBase { depIsLinked: boolean isNew: boolean isLinkedDependency?: false resolvedVia?: string nodeId: NodeId - pkgId: PkgResolutionId installable: boolean - pkg: PackageManifest version?: string updated: boolean rootDir: string missingPeers: MissingPeers missingPeersOfChildren?: MissingPeersOfChildren publishedAt?: string - catalogLookup?: CatalogLookupMetadata - optional: boolean - normalizedBareSpecifier?: string saveCatalogName?: string -} & ({ - isLinkedDependency: true - version: string -} | { - isLinkedDependency: undefined -}) +} export type PkgAddressOrLink = PkgAddress | LinkedDependency @@ -490,6 +485,9 @@ async function resolveDependenciesOfImporters ( time = result.newTime } } + if (ctx.maximumPublishedBy && (publishedBy == null || publishedBy > ctx.maximumPublishedBy)) { + publishedBy = ctx.maximumPublishedBy + } const pkgAddressesByImportersWithoutPeers = await Promise.all(zipWith(async (importer, { pkgAddresses, postponedResolutionsQueue, postponedPeersResolutionQueue }) => { const newPreferredVersions = Object.create(importer.preferredVersions) as PreferredVersions const currentParentPkgAliases: Record = {} @@ -594,6 +592,7 @@ async function resolveDependenciesOfImporterDependency ( parentPkgAliases: importer.parentPkgAliases, pickLowestVersion: pickLowestVersion && !importer.updatePackageManifest, pinnedVersion: importer.pinnedVersion, + publishedBy: ctx.maximumPublishedBy, }, extendedWantedDep ) @@ -1304,6 +1303,17 @@ async function resolveDependency ( if (!options.updateRequested && options.preferredVersion != null) { wantedDependency.bareSpecifier = replaceVersionInBareSpecifier(wantedDependency.bareSpecifier, options.preferredVersion) } + let publishedBy: Date | undefined + if ( + options.publishedBy && + ( + ctx.minimumReleaseAgeExclude == null || + wantedDependency.alias == null || + !ctx.minimumReleaseAgeExclude.includes(wantedDependency.alias) + ) + ) { + publishedBy = options.publishedBy + } pkgResponse = await ctx.storeController.requestPackage(wantedDependency, { alwaysTryWorkspacePackages: ctx.linkWorkspacePackagesDepth >= options.currentDepth, currentPkg: currentPkg @@ -1317,7 +1327,7 @@ async function resolveDependency ( expectedPkg: currentPkg, defaultTag: ctx.defaultTag, ignoreScripts: ctx.ignoreScripts, - publishedBy: options.publishedBy, + publishedBy, pickLowestVersion: options.pickLowestVersion, downloadPriority: -options.currentDepth, lockfileDir: ctx.lockfileDir, @@ -1404,6 +1414,7 @@ async function resolveDependency ( resolution: pkgResponse.body.resolution, version: pkgResponse.body.manifest.version, normalizedBareSpecifier: pkgResponse.body.normalizedBareSpecifier, + pkg: pkgResponse.body.manifest, } } diff --git a/pkg-manager/resolve-dependencies/src/resolveDependencyTree.ts b/pkg-manager/resolve-dependencies/src/resolveDependencyTree.ts index 250c5f2ff6..17ee855510 100644 --- a/pkg-manager/resolve-dependencies/src/resolveDependencyTree.ts +++ b/pkg-manager/resolve-dependencies/src/resolveDependencyTree.ts @@ -132,6 +132,8 @@ export interface ResolveDependenciesOptions { workspacePackages: WorkspacePackages supportedArchitectures?: SupportedArchitectures peersSuffixMaxLength: number + minimumReleaseAge?: number + minimumReleaseAgeExclude?: string[] } export interface ResolveDependencyTreeResult { @@ -192,6 +194,8 @@ export async function resolveDependencyTree ( missingPeersOfChildrenByPkgId: {}, hoistPeers: autoInstallPeers || opts.dedupePeerDependents, allPeerDepNames: new Set(), + maximumPublishedBy: opts.minimumReleaseAge ? new Date(Date.now() - opts.minimumReleaseAge * 60 * 1000) : undefined, + minimumReleaseAgeExclude: opts.minimumReleaseAgeExclude, } const resolveArgs: ImporterToResolve[] = importers.map((importer) => { diff --git a/pkg-manifest/exportable-manifest/CHANGELOG.md b/pkg-manifest/exportable-manifest/CHANGELOG.md index 551c42f9db..a357c3cf5b 100644 --- a/pkg-manifest/exportable-manifest/CHANGELOG.md +++ b/pkg-manifest/exportable-manifest/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/exportable-manifest +## 1000.1.4 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + ## 1000.1.3 ### Patch Changes diff --git a/pkg-manifest/exportable-manifest/package.json b/pkg-manifest/exportable-manifest/package.json index 8b5e040d17..b8fbbd7a6c 100644 --- a/pkg-manifest/exportable-manifest/package.json +++ b/pkg-manifest/exportable-manifest/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exportable-manifest", - "version": "1000.1.3", + "version": "1000.1.4", "description": "Creates an exportable manifest", "keywords": [ "pnpm", diff --git a/pkg-manifest/manifest-utils/CHANGELOG.md b/pkg-manifest/manifest-utils/CHANGELOG.md index a14c375b1b..b1a56d4b93 100644 --- a/pkg-manifest/manifest-utils/CHANGELOG.md +++ b/pkg-manifest/manifest-utils/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/manifest-utils +## 1001.0.4 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/core-loggers@1001.0.3 + ## 1001.0.3 ### Patch Changes diff --git a/pkg-manifest/manifest-utils/package.json b/pkg-manifest/manifest-utils/package.json index c73596d9c0..7ee4949985 100644 --- a/pkg-manifest/manifest-utils/package.json +++ b/pkg-manifest/manifest-utils/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/manifest-utils", - "version": "1001.0.3", + "version": "1001.0.4", "description": "Utils for dealing with package manifest", "keywords": [ "pnpm", diff --git a/pkg-manifest/read-package-json/CHANGELOG.md b/pkg-manifest/read-package-json/CHANGELOG.md index 1682238044..16e29a7602 100644 --- a/pkg-manifest/read-package-json/CHANGELOG.md +++ b/pkg-manifest/read-package-json/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/read-package-json +## 1000.1.0 + +### Minor Changes + +- e792927: Implemented `readPackageJsonSync`. + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.11 ### Patch Changes diff --git a/pkg-manifest/read-package-json/package.json b/pkg-manifest/read-package-json/package.json index 1968fbbf64..bf0c54f1c3 100644 --- a/pkg-manifest/read-package-json/package.json +++ b/pkg-manifest/read-package-json/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/read-package-json", - "version": "1000.0.11", + "version": "1000.1.0", "description": "Read a package.json", "keywords": [ "pnpm", diff --git a/pkg-manifest/read-package-json/src/index.ts b/pkg-manifest/read-package-json/src/index.ts index ffb743d247..7edc6c65d3 100644 --- a/pkg-manifest/read-package-json/src/index.ts +++ b/pkg-manifest/read-package-json/src/index.ts @@ -1,9 +1,20 @@ import path from 'path' import { PnpmError } from '@pnpm/error' import { type PackageManifest } from '@pnpm/types' -import { loadJsonFile } from 'load-json-file' +import { loadJsonFile, loadJsonFileSync } from 'load-json-file' import normalizePackageData from 'normalize-package-data' +export function readPackageJsonSync (pkgPath: string): PackageManifest { + try { + const manifest = loadJsonFileSync(pkgPath) + normalizePackageData(manifest) + return manifest + } catch (err: any) { // eslint-disable-line + if (err.code) throw err + throw new PnpmError('BAD_PACKAGE_JSON', `${pkgPath}: ${err.message as string}`) + } +} + export async function readPackageJson (pkgPath: string): Promise { try { const manifest = await loadJsonFile(pkgPath) @@ -15,6 +26,10 @@ export async function readPackageJson (pkgPath: string): Promise { return readPackageJson(path.join(pkgPath, 'package.json')) } diff --git a/pkg-manifest/read-project-manifest/CHANGELOG.md b/pkg-manifest/read-project-manifest/CHANGELOG.md index 67df2c798c..132d1e6040 100644 --- a/pkg-manifest/read-project-manifest/CHANGELOG.md +++ b/pkg-manifest/read-project-manifest/CHANGELOG.md @@ -1,5 +1,13 @@ # @pnpm/read-project-manifest +## 1001.1.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/write-project-manifest@1000.0.10 + ## 1001.1.0 ### Minor Changes diff --git a/pkg-manifest/read-project-manifest/package.json b/pkg-manifest/read-project-manifest/package.json index bba196e8a9..c77e6d2285 100644 --- a/pkg-manifest/read-project-manifest/package.json +++ b/pkg-manifest/read-project-manifest/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/read-project-manifest", - "version": "1001.1.0", + "version": "1001.1.1", "description": "Read a project manifest (called package.json in most cases)", "keywords": [ "pnpm", diff --git a/pkg-manifest/write-project-manifest/CHANGELOG.md b/pkg-manifest/write-project-manifest/CHANGELOG.md index 0b03a981c1..10b52b3d6c 100644 --- a/pkg-manifest/write-project-manifest/CHANGELOG.md +++ b/pkg-manifest/write-project-manifest/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/write-project-manifest +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/pkg-manifest/write-project-manifest/package.json b/pkg-manifest/write-project-manifest/package.json index 02233cc702..6340a38de9 100644 --- a/pkg-manifest/write-project-manifest/package.json +++ b/pkg-manifest/write-project-manifest/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/write-project-manifest", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Write a project manifest (called package.json in most cases)", "keywords": [ "pnpm", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 771c2714f9..e4c437933f 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -70,14 +70,14 @@ catalogs: specifier: ^2.0.3 version: 2.0.3 '@pnpm/nopt': - specifier: ^0.2.1 - version: 0.2.1 + specifier: ^0.3.1 + version: 0.3.1 '@pnpm/npm-conf': specifier: 3.0.0 version: 3.0.0 '@pnpm/npm-lifecycle': - specifier: ^1000.0.4 - version: 1000.0.4 + specifier: ^1001.0.0 + version: 1001.0.0 '@pnpm/npm-package-arg': specifier: ^2.0.0 version: 2.0.0 @@ -1551,7 +1551,7 @@ importers: version: link:../../workspace/find-workspace-dir '@pnpm/nopt': specifier: 'catalog:' - version: 0.2.1 + version: 0.3.1 didyoumean2: specifier: 'catalog:' version: 7.0.4 @@ -1579,7 +1579,7 @@ importers: version: link:../../workspace/find-workspace-dir '@pnpm/nopt': specifier: 'catalog:' - version: 0.2.1 + version: 0.3.1 '@pnpm/parse-cli-args': specifier: workspace:^ version: link:../../cli/parse-cli-args @@ -2584,7 +2584,7 @@ importers: version: link:../../pkg-manager/link-bins '@pnpm/npm-lifecycle': specifier: 'catalog:' - version: 1000.0.4(patch_hash=9ca23edf604c5e8ff290e3c0a5443646b5f9865624042a5c41d9b2beb8f98972)(typanion@3.14.0) + version: 1001.0.0(patch_hash=9ca23edf604c5e8ff290e3c0a5443646b5f9865624042a5c41d9b2beb8f98972)(typanion@3.14.0) '@pnpm/read-package-json': specifier: workspace:* version: link:../../pkg-manifest/read-package-json @@ -3456,6 +3456,9 @@ importers: '@pnpm/pnpmfile': specifier: workspace:* version: 'link:' + '@pnpm/test-fixtures': + specifier: workspace:* + version: link:../../__utils__/test-fixtures hooks/read-package-hook: dependencies: @@ -6089,6 +6092,9 @@ importers: '@pnpm/types': specifier: workspace:* version: link:../../packages/types + '@pnpm/util.lex-comparator': + specifier: 'catalog:' + version: 3.0.2 '@pnpm/workspace.spec-parser': specifier: workspace:* version: link:../../workspace/spec-parser @@ -6407,7 +6413,7 @@ importers: version: link:../pkg-manager/modules-yaml '@pnpm/nopt': specifier: 'catalog:' - version: 0.2.1 + version: 0.3.1 '@pnpm/parse-cli-args': specifier: workspace:* version: link:../cli/parse-cli-args @@ -9958,6 +9964,10 @@ packages: resolution: {integrity: sha512-xb9dfSGi1qfUKY3r4Zy9JdC9+ZeaDxwfE7HrrGIEsBVY1hvIn6ntbR7A97z3nk44yX7vwbINNf9sizTp0WEtEw==} engines: {node: '>=18.12'} + '@pnpm/constants@1001.3.0': + resolution: {integrity: sha512-ZFRekNHbDlu//67Byg+mG8zmtmCsfBhNsg1wKBLRtF7VjH+Q5TDGMX0+8aJYSikQDuzM2FOhvQcDwyjILKshJQ==} + engines: {node: '>=18.12'} + '@pnpm/core-loggers@1000.1.4': resolution: {integrity: sha512-cmmEk1YuqCfF1RWqHyEDczp2RSd/Sn4np/9iaSd5TISlY0lFCc8A2CKQvkOf2E7N2kpXf/dS7W0Vb3PzW/5w2Q==} engines: {node: '>=18.12'} @@ -10030,6 +10040,10 @@ packages: resolution: {integrity: sha512-2SfE4FFL73rE1WVIoESbqlj4sLy5nWW4M/RVdHvCRJPjlQHa9MH7m7CVJM204lz6I+eHoB+E7rL3zmpJR5wYnQ==} engines: {node: '>=18.12'} + '@pnpm/error@1000.0.4': + resolution: {integrity: sha512-22mG/Mq4u2r7gr2+XY5j4GlN7J4Mg4WiCfT9flvsUc1uZecShocv6WkyoA20qs14M64f6I+aaWB6b6xsDiITlg==} + engines: {node: '>=18.12'} + '@pnpm/exec.pkg-requires-build@1000.0.8': resolution: {integrity: sha512-8Mx71nPcUEJpLVzl4k/+Yu5Mir8JLg4oWEImkMfLKd9orU/F7A5FIHTeLw4RAnK0MummjmXPwj8UMQgOxkq2eA==} engines: {node: '>=18.12'} @@ -10194,9 +10208,9 @@ packages: resolution: {integrity: sha512-eYwrzhKUBGFdq78rJStGjaHTUHA2VH+Avr//CVx/T+EJkI7hnFmOy6YghvcB2clj8HpO4V8tXRNuFNfRX08ayw==} engines: {node: ^10.17 || >=12.3} - '@pnpm/nopt@0.2.1': - resolution: {integrity: sha512-zkgDE6q3Y6KeZPjqXCk/hRQ2t6iw9JXbdnYZghwpe/HR73e4VmV5JZ5QSFypmSd5Sx4+gjNfAqME5BVAOBCk9g==} - engines: {node: '>=6'} + '@pnpm/nopt@0.3.1': + resolution: {integrity: sha512-5XP6EwsFv8+CtaNJD/pog3CkiwCgux8/edLHV+lgz94g5n65dlwo+jQk+053RPq8vK8ODP9ajZB0oNOp7Fxdvw==} + engines: {node: '>=18.12'} hasBin: true '@pnpm/npm-conf@3.0.0': @@ -10207,6 +10221,10 @@ packages: resolution: {integrity: sha512-sN7dG1UV7jZvMgH2C/qtvriq4PsDkJQekuAHWO3DCw4n9Ef5Edv5nNoyg5I288FFzDsEV963HpyVOqB7x94DNw==} engines: {node: '>=18.12'} + '@pnpm/npm-lifecycle@1001.0.0': + resolution: {integrity: sha512-5jW/GNLdZMiw+PJ8FYSvOghoApSjsORNIro2fj8j6NHAqJxJjcHekC5/NsKaawoI5LAkU/XDDVjNC71Yz+uS1w==} + engines: {node: '>=18.12'} + '@pnpm/npm-package-arg@2.0.0': resolution: {integrity: sha512-429x8dFMgxZoeYUTUPAMC09IeM5yQ86X1LyYEQF1P4uyvhLSCh44QKkiprX9qdwBsV9QxjeNad2QoDZy1RSeRw==} engines: {node: '>=18.12'} @@ -14344,8 +14362,8 @@ packages: engines: {node: ^18.17.0 || >=20.5.0} hasBin: true - node-gyp@11.2.0: - resolution: {integrity: sha512-T0S1zqskVUSxcsSTkAsLc7xCycrRYmtDHadDinzocrThjyQCn5kMlEBSj6H4qDbgsIOSLmmlRIeb0lZXj+UArA==} + node-gyp@11.4.2: + resolution: {integrity: sha512-3gD+6zsrLQH7DyYOUIutaauuXrcyxeTPyQuZQCQoNPZMHMMS5m4y0xclNpvYzoK3VNzuyxT6eF4mkIL4WSZ1eQ==} engines: {node: ^18.17.0 || >=20.5.0} hasBin: true @@ -17654,7 +17672,7 @@ snapshots: '@pnpm/catalogs.resolver@1000.0.2': dependencies: '@pnpm/catalogs.protocol-parser': 1000.0.0 - '@pnpm/error': 1000.0.2 + '@pnpm/error': 1000.0.4 '@pnpm/catalogs.types@1000.0.0': {} @@ -17828,6 +17846,8 @@ snapshots: '@pnpm/constants@1001.1.0': {} + '@pnpm/constants@1001.3.0': {} + '@pnpm/core-loggers@1000.1.4(@pnpm/logger@1001.0.0)': dependencies: '@pnpm/logger': 1001.0.0 @@ -17962,6 +17982,10 @@ snapshots: dependencies: '@pnpm/constants': 1001.1.0 + '@pnpm/error@1000.0.4': + dependencies: + '@pnpm/constants': 1001.3.0 + '@pnpm/exec.pkg-requires-build@1000.0.8': dependencies: '@pnpm/types': 1000.6.0 @@ -18230,7 +18254,7 @@ snapshots: '@pnpm/network.proxy-agent@2.0.3': dependencies: - '@pnpm/error': 1000.0.2 + '@pnpm/error': 1000.0.4 http-proxy-agent: 7.0.2 https-proxy-agent: 7.0.6 lru-cache: 7.18.3 @@ -18245,7 +18269,7 @@ snapshots: transitivePeerDependencies: - domexception - '@pnpm/nopt@0.2.1': + '@pnpm/nopt@0.3.1': dependencies: abbrev: 1.1.1 @@ -18258,10 +18282,26 @@ snapshots: '@pnpm/npm-lifecycle@1000.0.4(patch_hash=9ca23edf604c5e8ff290e3c0a5443646b5f9865624042a5c41d9b2beb8f98972)(typanion@3.14.0)': dependencies: '@pnpm/byline': 1.0.0 - '@pnpm/error': 1000.0.2 + '@pnpm/error': 1000.0.4 '@yarnpkg/fslib': 3.1.2 '@yarnpkg/shell': 4.0.0(typanion@3.14.0) - node-gyp: 11.2.0 + node-gyp: 11.4.2 + resolve-from: 5.0.0 + slide: 1.1.6 + uid-number: 0.0.6 + umask: 1.1.0 + which: 4.0.0 + transitivePeerDependencies: + - supports-color + - typanion + + '@pnpm/npm-lifecycle@1001.0.0(patch_hash=9ca23edf604c5e8ff290e3c0a5443646b5f9865624042a5c41d9b2beb8f98972)(typanion@3.14.0)': + dependencies: + '@pnpm/byline': 1.0.0 + '@pnpm/error': 1000.0.4 + '@yarnpkg/fslib': 3.1.2 + '@yarnpkg/shell': 4.0.0(typanion@3.14.0) + node-gyp: 11.4.2 resolve-from: 5.0.0 slide: 1.1.6 uid-number: 0.0.6 @@ -18317,11 +18357,11 @@ snapshots: '@pnpm/os.env.path-extender-posix@2.1.0': dependencies: - '@pnpm/error': 1000.0.2 + '@pnpm/error': 1000.0.4 '@pnpm/os.env.path-extender-windows@2.0.3': dependencies: - '@pnpm/error': 1000.0.2 + '@pnpm/error': 1000.0.4 safe-execa: 0.1.4 string.prototype.matchall: 4.0.12 @@ -23285,7 +23325,7 @@ snapshots: - supports-color optional: true - node-gyp@11.2.0: + node-gyp@11.4.2: dependencies: env-paths: 2.2.1 exponential-backoff: 3.1.2 diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml index 6c8e6f1ab3..bcd7fdbb63 100644 --- a/pnpm-workspace.yaml +++ b/pnpm-workspace.yaml @@ -68,9 +68,9 @@ catalog: '@pnpm/logger': '>=1001.0.0 <1002.0.0' '@pnpm/meta-updater': 2.0.6 '@pnpm/network.agent': ^2.0.3 - '@pnpm/nopt': ^0.2.1 + '@pnpm/nopt': ^0.3.1 '@pnpm/npm-conf': 3.0.0 - '@pnpm/npm-lifecycle': ^1000.0.4 + '@pnpm/npm-lifecycle': ^1001.0.0 '@pnpm/npm-package-arg': ^2.0.0 '@pnpm/os.env.path-extender': ^2.0.3 '@pnpm/patch-package': 0.0.1 diff --git a/pnpm/CHANGELOG.md b/pnpm/CHANGELOG.md index d617af8013..c899fe4863 100644 --- a/pnpm/CHANGELOG.md +++ b/pnpm/CHANGELOG.md @@ -1,5 +1,111 @@ # pnpm +## 10.16.0 + +### Minor Changes + +- There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +- Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + + In the past, `pnpm list` and `pnpm why` could only search for dependencies by **name** (and optionally version). For example: + + ``` + pnpm why minimist + ``` + + prints the chain of dependencies to any installed instance of `minimist`: + + ``` + verdaccio 5.20.1 + ├─┬ handlebars 4.7.7 + │ └── minimist 1.2.8 + └─┬ mv 2.1.1 + └─┬ mkdirp 0.5.6 + └── minimist 1.2.8 + ``` + + What if we want to search by **other properties** of a dependency, not just its name? For instance, find all packages that have `react@17` in their peer dependencies? + + This is now possible with "finder functions". Finder functions can be declared in `.pnpmfile.cjs` and invoked with the `--find-by=` flag when running `pnpm list` or `pnpm why`. + + Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our `.pnpmfile.cjs`: + + ```js + module.exports = { + finders: { + react17: (ctx) => { + return ctx.readManifest().peerDependencies?.react === "^17.0.0"; + }, + }, + }; + ``` + + Now we can use this finder function by running: + + ``` + pnpm why --find-by=react17 + ``` + + pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph. + + ``` + @apollo/client 4.0.4 + ├── @graphql-typed-document-node/core 3.2.0 + └── graphql-tag 2.12.6 + ``` + + It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder: + + ```js + module.exports = { + finders: { + react17: (ctx) => { + const manifest = ctx.readManifest(); + if (manifest.peerDependencies?.react === "^17.0.0") { + return `license: ${manifest.license}`; + } + return false; + }, + }, + }; + ``` + + Every matched package will also print out the license from its `package.json`: + + ``` + @apollo/client 4.0.4 + ├── @graphql-typed-document-node/core 3.2.0 + │ license: MIT + └── graphql-tag 2.12.6 + license: MIT + ``` + +### Patch Changes + +- Fix deprecation warning printed when executing pnpm with Node.js 24 [#9529](https://github.com/pnpm/pnpm/issues/9529). +- Throw an error if `nodeVersion` is not set to an exact semver version [#9934](https://github.com/pnpm/pnpm/issues/9934). +- `pnpm publish` should be able to publish a `.tar.gz` file [#9927](https://github.com/pnpm/pnpm/pull/9927). +- Canceling a running process with Ctrl-C should make `pnpm run` return a non-zero exit code [#9626](https://github.com/pnpm/pnpm/issues/9626). + +## 10.15.1 + +### Patch Changes + +- Fix `.pnp.cjs` crash when importing subpath [#9904](https://github.com/pnpm/pnpm/issues/9904). +- When resolving peer dependencies, pnpm looks whether the peer dependency is present in the root workspace project's dependencies. This change makes it so that the peer dependency is correctly resolved even from aliased npm-hosted dependencies or other types of dependencies [#9913](https://github.com/pnpm/pnpm/issues/9913). + ## 10.15.0 ### Minor Changes diff --git a/pnpm/artifacts/exe/package.json b/pnpm/artifacts/exe/package.json index 1652680aed..d6fcceef15 100644 --- a/pnpm/artifacts/exe/package.json +++ b/pnpm/artifacts/exe/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/exe", - "version": "10.15.0", + "version": "10.16.0", "description": "Fast, disk space efficient package manager", "keywords": [ "pnpm", diff --git a/pnpm/artifacts/linux-arm64/package.json b/pnpm/artifacts/linux-arm64/package.json index 1e62410876..d773021a71 100644 --- a/pnpm/artifacts/linux-arm64/package.json +++ b/pnpm/artifacts/linux-arm64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/linux-arm64", - "version": "10.15.0", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/artifacts/linux-x64/package.json b/pnpm/artifacts/linux-x64/package.json index 7e24ae65cc..f509e59885 100644 --- a/pnpm/artifacts/linux-x64/package.json +++ b/pnpm/artifacts/linux-x64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/linux-x64", - "version": "10.15.0", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/artifacts/macos-arm64/package.json b/pnpm/artifacts/macos-arm64/package.json index db28967646..74c3ef9035 100644 --- a/pnpm/artifacts/macos-arm64/package.json +++ b/pnpm/artifacts/macos-arm64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/macos-arm64", - "version": "10.15.0", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/artifacts/macos-x64/package.json b/pnpm/artifacts/macos-x64/package.json index 1b132d9082..c45aaa708f 100644 --- a/pnpm/artifacts/macos-x64/package.json +++ b/pnpm/artifacts/macos-x64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/macos-x64", - "version": "10.15.0", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/artifacts/win-arm64/package.json b/pnpm/artifacts/win-arm64/package.json index 5bc651df2b..35293398d6 100644 --- a/pnpm/artifacts/win-arm64/package.json +++ b/pnpm/artifacts/win-arm64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/win-arm64", - "version": "10.15.0", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/artifacts/win-x64/package.json b/pnpm/artifacts/win-x64/package.json index 4b12873597..2d615211f8 100644 --- a/pnpm/artifacts/win-x64/package.json +++ b/pnpm/artifacts/win-x64/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/win-x64", - "version": "10.15.0", + "version": "10.16.0", "keywords": [ "pnpm", "pnpm10" diff --git a/pnpm/dev/CHANGELOG.md b/pnpm/dev/CHANGELOG.md index 3059a27e34..ca143f4c81 100644 --- a/pnpm/dev/CHANGELOG.md +++ b/pnpm/dev/CHANGELOG.md @@ -1,5 +1,18 @@ # pd +## 1000.0.3 + +### Patch Changes + +- @pnpm/workspace.find-packages@1000.0.35 +- @pnpm/workspace.read-manifest@1000.2.3 + +## 1000.0.2 + +### Patch Changes + +- @pnpm/workspace.find-packages@1000.0.34 + ## 1000.0.1 ### Patch Changes diff --git a/pnpm/dev/package.json b/pnpm/dev/package.json index db17c11a45..e93d74d72b 100644 --- a/pnpm/dev/package.json +++ b/pnpm/dev/package.json @@ -1,6 +1,6 @@ { "name": "pd", - "version": "1000.0.1", + "version": "1000.0.3", "bin": "pd.js", "private": true, "type": "module", diff --git a/pnpm/package.json b/pnpm/package.json index 3faabd14c7..f09aba82f4 100644 --- a/pnpm/package.json +++ b/pnpm/package.json @@ -1,6 +1,6 @@ { "name": "pnpm", - "version": "10.15.0", + "version": "10.16.0", "description": "Fast, disk space efficient package manager", "keywords": [ "pnpm", diff --git a/pnpm/test/list.ts b/pnpm/test/list.ts index 0f297f6939..dacaff292c 100644 --- a/pnpm/test/list.ts +++ b/pnpm/test/list.ts @@ -1,6 +1,7 @@ -import { preparePackages } from '@pnpm/prepare' +import fs from 'fs' +import { prepare, preparePackages } from '@pnpm/prepare' import { sync as writeYamlFile } from 'write-yaml-file' -import { execPnpmSync } from './utils/index.js' +import { execPnpm, execPnpmSync } from './utils/index.js' test('ls --filter=not-exist --json should prints an empty array (#9672)', async () => { preparePackages([ @@ -21,3 +22,23 @@ test('ls --filter=not-exist --json should prints an empty array (#9672)', async const { stdout } = execPnpmSync(['ls', '--filter=project-that-does-not-exist', '--json'], { expectSuccess: true }) expect(JSON.parse(stdout.toString())).toStrictEqual([]) }) + +test('ls should load a finder from .pnpmfile.cjs', async () => { + prepare() + const pnpmfile = ` +module.exports = { finders: { hasPeerA } } +function hasPeerA (context) { + const manifest = context.readManifest() + if (manifest?.peerDependencies?.['@pnpm.e2e/peer-a'] == null) { + return false + } + return \`@pnpm.e2e/peer-a@$\{manifest.peerDependencies['@pnpm.e2e/peer-a']}\` +} +` + fs.writeFileSync('.pnpmfile.cjs', pnpmfile, 'utf8') + await execPnpm(['add', 'is-positive@1.0.0', '@pnpm.e2e/abc@1.0.0']) + const result = execPnpmSync(['list', '--find-by=hasPeerA']) + expect(result.stdout.toString()).toMatch(`dependencies: +@pnpm.e2e/abc 1.0.0 + @pnpm.e2e/peer-a@^1.0.0`) +}) diff --git a/releasing/plugin-commands-deploy/CHANGELOG.md b/releasing/plugin-commands-deploy/CHANGELOG.md index 06d783e30c..ee0bb4212a 100644 --- a/releasing/plugin-commands-deploy/CHANGELOG.md +++ b/releasing/plugin-commands-deploy/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/plugin-commands-deploy +## 1002.0.4 + +### Patch Changes + +- Updated dependencies [c182b2d] +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/plugin-commands-installation@1004.6.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/directory-fetcher@1000.1.11 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/fs.indexed-pkg-importer@1000.1.12 + +## 1002.0.3 + +### Patch Changes + +- @pnpm/plugin-commands-installation@1004.5.1 +- @pnpm/cli-utils@1001.1.2 + ## 1002.0.2 ### Patch Changes diff --git a/releasing/plugin-commands-deploy/package.json b/releasing/plugin-commands-deploy/package.json index 60f8eb76c4..29745dd7ae 100644 --- a/releasing/plugin-commands-deploy/package.json +++ b/releasing/plugin-commands-deploy/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-deploy", - "version": "1002.0.2", + "version": "1002.0.4", "description": "Commands for deploy", "keywords": [ "pnpm", diff --git a/releasing/plugin-commands-deploy/src/deploy.ts b/releasing/plugin-commands-deploy/src/deploy.ts index b361c06eb9..3e1b31da30 100644 --- a/releasing/plugin-commands-deploy/src/deploy.ts +++ b/releasing/plugin-commands-deploy/src/deploy.ts @@ -82,7 +82,11 @@ export type DeployOptions = export async function handler (opts: DeployOptions, params: string[]): Promise { if (!opts.workspaceDir) { - throw new PnpmError('CANNOT_DEPLOY', 'A deploy is only possible from inside a workspace') + let hint: string | undefined + if (opts.rootProjectManifest?.scripts?.['deploy'] != null) { + hint = 'Maybe you wanted to invoke "pnpm run deploy"' + } + throw new PnpmError('CANNOT_DEPLOY', 'A deploy is only possible from inside a workspace', { hint }) } const selectedProjects = Object.values(opts.selectedProjectsGraph ?? {}) if (selectedProjects.length === 0) { diff --git a/releasing/plugin-commands-publishing/CHANGELOG.md b/releasing/plugin-commands-publishing/CHANGELOG.md index 53e243d19b..3e51864305 100644 --- a/releasing/plugin-commands-publishing/CHANGELOG.md +++ b/releasing/plugin-commands-publishing/CHANGELOG.md @@ -1,5 +1,34 @@ # @pnpm/plugin-commands-publishing +## 1000.2.11 + +### Patch Changes + +- d021669: `pnpm publish` should be able to publish a `.tar.gz` file [#9927](https://github.com/pnpm/pnpm/pull/9927). +- Updated dependencies [38e2599] +- Updated dependencies [e792927] +- Updated dependencies [a6856fd] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/lifecycle@1001.0.21 + - @pnpm/plugin-commands-env@1000.0.36 + - @pnpm/pick-registry-for-package@1000.0.10 + - @pnpm/client@1001.0.4 + - @pnpm/package-bins@1000.0.10 + - @pnpm/exportable-manifest@1000.1.4 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/sort-packages@1000.0.10 + +## 1000.2.10 + +### Patch Changes + +- @pnpm/lifecycle@1001.0.20 +- @pnpm/client@1001.0.3 +- @pnpm/plugin-commands-env@1000.0.35 +- @pnpm/cli-utils@1001.1.2 + ## 1000.2.9 ### Patch Changes diff --git a/releasing/plugin-commands-publishing/package.json b/releasing/plugin-commands-publishing/package.json index f9f6b84fb7..9b0a655f83 100644 --- a/releasing/plugin-commands-publishing/package.json +++ b/releasing/plugin-commands-publishing/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-publishing", - "version": "1000.2.9", + "version": "1000.2.11", "description": "The pack and publish commands of pnpm", "keywords": [ "pnpm", diff --git a/releasing/plugin-commands-publishing/src/publish.ts b/releasing/plugin-commands-publishing/src/publish.ts index 5a38fbaf8c..f0f83bdd85 100644 --- a/releasing/plugin-commands-publishing/src/publish.ts +++ b/releasing/plugin-commands-publishing/src/publish.ts @@ -206,7 +206,7 @@ Do you want to continue?`, } } - if (dirInParams?.endsWith('.tgz')) { + if (dirInParams != null && (dirInParams.endsWith('.tgz') || dirInParams?.endsWith('.tar.gz'))) { const { status } = runNpm(opts.npmPath, ['publish', dirInParams, ...args]) return { exitCode: status ?? 0 } } diff --git a/resolving/bun-resolver/CHANGELOG.md b/resolving/bun-resolver/CHANGELOG.md index 3dfef26e0a..97ebd9f2e8 100644 --- a/resolving/bun-resolver/CHANGELOG.md +++ b/resolving/bun-resolver/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/resolving.bun-resolver +## 1000.0.3 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/worker@1000.1.12 + - @pnpm/node.fetcher@1001.0.3 + - @pnpm/fetching.binary-fetcher@1000.0.2 + +## 1000.0.2 + +### Patch Changes + +- @pnpm/node.fetcher@1001.0.2 + ## 1000.0.1 ### Patch Changes diff --git a/resolving/bun-resolver/package.json b/resolving/bun-resolver/package.json index 0702dba8fd..4115194d0b 100644 --- a/resolving/bun-resolver/package.json +++ b/resolving/bun-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.bun-resolver", - "version": "1000.0.1", + "version": "1000.0.3", "description": "Resolves the Bun runtime", "keywords": [ "pnpm", diff --git a/resolving/default-resolver/CHANGELOG.md b/resolving/default-resolver/CHANGELOG.md index adfa5504e6..f4a2cc2a41 100644 --- a/resolving/default-resolver/CHANGELOG.md +++ b/resolving/default-resolver/CHANGELOG.md @@ -1,5 +1,26 @@ # @pnpm/default-resolver +## 1002.2.4 + +### Patch Changes + +- Updated dependencies [38e2599] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/resolving.bun-resolver@1000.0.3 + - @pnpm/resolving.deno-resolver@1000.0.3 + - @pnpm/node.resolver@1001.0.1 + - @pnpm/local-resolver@1002.1.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/git-resolver@1001.1.4 + - @pnpm/tarball-resolver@1002.1.3 + +## 1002.2.3 + +### Patch Changes + +- @pnpm/resolving.bun-resolver@1000.0.2 +- @pnpm/resolving.deno-resolver@1000.0.2 + ## 1002.2.2 ### Patch Changes diff --git a/resolving/default-resolver/package.json b/resolving/default-resolver/package.json index d2716f8c0f..86e072952e 100644 --- a/resolving/default-resolver/package.json +++ b/resolving/default-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/default-resolver", - "version": "1002.2.2", + "version": "1002.2.4", "description": "pnpm's default package resolver", "keywords": [ "pnpm", diff --git a/resolving/deno-resolver/CHANGELOG.md b/resolving/deno-resolver/CHANGELOG.md index 9958c8951e..12efcd436f 100644 --- a/resolving/deno-resolver/CHANGELOG.md +++ b/resolving/deno-resolver/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/resolving.deno-resolver +## 1000.0.3 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/worker@1000.1.12 + - @pnpm/node.fetcher@1001.0.3 + - @pnpm/fetching.binary-fetcher@1000.0.2 + +## 1000.0.2 + +### Patch Changes + +- @pnpm/node.fetcher@1001.0.2 + ## 1000.0.1 ### Patch Changes diff --git a/resolving/deno-resolver/package.json b/resolving/deno-resolver/package.json index ac8c0d1859..c7ef0e28d4 100644 --- a/resolving/deno-resolver/package.json +++ b/resolving/deno-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolving.deno-resolver", - "version": "1000.0.1", + "version": "1000.0.3", "description": "Resolves the Deno runtime", "keywords": [ "pnpm", diff --git a/resolving/git-resolver/CHANGELOG.md b/resolving/git-resolver/CHANGELOG.md index 7782f701f9..e1a262512f 100644 --- a/resolving/git-resolver/CHANGELOG.md +++ b/resolving/git-resolver/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/git-resolver +## 1001.1.4 + +### Patch Changes + +- @pnpm/fetch@1000.2.5 +- @pnpm/resolver-base@1005.0.1 + ## 1001.1.3 ### Patch Changes diff --git a/resolving/git-resolver/package.json b/resolving/git-resolver/package.json index 240c4306f2..f393ba3c0b 100644 --- a/resolving/git-resolver/package.json +++ b/resolving/git-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/git-resolver", - "version": "1001.1.3", + "version": "1001.1.4", "description": "Resolver for git-hosted packages", "keywords": [ "pnpm", diff --git a/resolving/local-resolver/CHANGELOG.md b/resolving/local-resolver/CHANGELOG.md index 6a5398c50d..69b72ba258 100644 --- a/resolving/local-resolver/CHANGELOG.md +++ b/resolving/local-resolver/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/local-resolver +## 1002.1.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/crypto.hash@1000.2.0 + ## 1002.1.0 ### Minor Changes diff --git a/resolving/local-resolver/package.json b/resolving/local-resolver/package.json index 66272a4913..c662b31d34 100644 --- a/resolving/local-resolver/package.json +++ b/resolving/local-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/local-resolver", - "version": "1002.1.0", + "version": "1002.1.1", "description": "Resolver for local packages", "keywords": [ "pnpm", diff --git a/resolving/npm-resolver/CHANGELOG.md b/resolving/npm-resolver/CHANGELOG.md index 4a1cb03bc3..39063df42f 100644 --- a/resolving/npm-resolver/CHANGELOG.md +++ b/resolving/npm-resolver/CHANGELOG.md @@ -1,5 +1,31 @@ # @pnpm/npm-resolver +## 1004.2.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/pick-registry-for-package@1000.0.10 + - @pnpm/core-loggers@1001.0.3 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/crypto.hash@1000.2.0 + ## 1004.1.3 ### Patch Changes diff --git a/resolving/npm-resolver/package.json b/resolving/npm-resolver/package.json index 7938eb9d5b..bd844bf292 100644 --- a/resolving/npm-resolver/package.json +++ b/resolving/npm-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/npm-resolver", - "version": "1004.1.3", + "version": "1004.2.0", "description": "Resolver for npm-hosted packages", "keywords": [ "pnpm", diff --git a/resolving/npm-resolver/src/index.ts b/resolving/npm-resolver/src/index.ts index 772275d970..80e99144dd 100644 --- a/resolving/npm-resolver/src/index.ts +++ b/resolving/npm-resolver/src/index.ts @@ -75,6 +75,7 @@ export interface ResolverFactoryOptions { registries: Registries saveWorkspaceProtocol?: boolean | 'rolling' preserveAbsolutePaths?: boolean + strictPublishedByCheck?: boolean } export interface NpmResolveResult extends ResolveResult { @@ -132,6 +133,7 @@ export function createNpmResolver ( offline: opts.offline, preferOffline: opts.preferOffline, cacheDir: opts.cacheDir, + strictPublishedByCheck: opts.strictPublishedByCheck, }), registries: opts.registries, saveWorkspaceProtocol: opts.saveWorkspaceProtocol, diff --git a/resolving/npm-resolver/src/pickPackage.ts b/resolving/npm-resolver/src/pickPackage.ts index ddaf99896c..92824034fd 100644 --- a/resolving/npm-resolver/src/pickPackage.ts +++ b/resolving/npm-resolver/src/pickPackage.ts @@ -25,6 +25,10 @@ export interface PackageMeta { cachedAt?: number } +export interface PackageMetaWithTime extends PackageMeta { + time: PackageMetaTime +} + export type PackageMetaTime = Record & { unpublished?: { time: string @@ -90,6 +94,15 @@ export interface PickPackageOptions { updateToLatest?: boolean } +function pickPackageFromMetaUsingTimeStrict ( + spec: RegistryPackageSpec, + preferredVersionSelectors: VersionSelectors | undefined, + meta: PackageMeta, + publishedBy?: Date +): PackageInRegistry | null { + return pickPackageFromMeta(pickVersionByVersionRange, spec, preferredVersionSelectors, meta, publishedBy) +} + function pickPackageFromMetaUsingTime ( spec: RegistryPackageSpec, preferredVersionSelectors: VersionSelectors | undefined, @@ -98,7 +111,7 @@ function pickPackageFromMetaUsingTime ( ): PackageInRegistry | null { const pickedPackage = pickPackageFromMeta(pickVersionByVersionRange, spec, preferredVersionSelectors, meta, publishedBy) if (pickedPackage) return pickedPackage - return pickPackageFromMeta(pickLowestVersionByVersionRange, spec, preferredVersionSelectors, meta, publishedBy) + return pickPackageFromMeta(pickLowestVersionByVersionRange, spec, preferredVersionSelectors, meta) } export async function pickPackage ( @@ -110,6 +123,7 @@ export async function pickPackage ( offline?: boolean preferOffline?: boolean filterMetadata?: boolean + strictPublishedByCheck?: boolean }, spec: RegistryPackageSpec, opts: PickPackageOptions @@ -117,7 +131,7 @@ export async function pickPackage ( opts = opts || {} let _pickPackageFromMeta = opts.publishedBy - ? pickPackageFromMetaUsingTime + ? (ctx.strictPublishedByCheck ? pickPackageFromMetaUsingTimeStrict : pickPackageFromMetaUsingTime) : (pickPackageFromMeta.bind(null, opts.pickLowestVersion ? pickLowestVersionByVersionRange : pickVersionByVersionRange)) if (opts.updateToLatest) { @@ -186,11 +200,17 @@ export async function pickPackage ( if (opts.publishedBy) { metaCachedInStore = metaCachedInStore ?? await limit(async () => loadMeta(pkgMirror)) if (metaCachedInStore?.cachedAt && new Date(metaCachedInStore.cachedAt) >= opts.publishedBy) { - const pickedPackage = _pickPackageFromMeta(spec, opts.preferredVersionSelectors, metaCachedInStore, opts.publishedBy) - if (pickedPackage) { - return { - meta: metaCachedInStore, - pickedPackage, + try { + const pickedPackage = _pickPackageFromMeta(spec, opts.preferredVersionSelectors, metaCachedInStore, opts.publishedBy) + if (pickedPackage) { + return { + meta: metaCachedInStore, + pickedPackage, + } + } + } catch (err) { + if (ctx.strictPublishedByCheck) { + throw err } } } diff --git a/resolving/npm-resolver/src/pickPackageFromMeta.ts b/resolving/npm-resolver/src/pickPackageFromMeta.ts index 744f1a5c6e..bd30a8cee6 100644 --- a/resolving/npm-resolver/src/pickPackageFromMeta.ts +++ b/resolving/npm-resolver/src/pickPackageFromMeta.ts @@ -1,16 +1,19 @@ import { PnpmError } from '@pnpm/error' +import { globalWarn } from '@pnpm/logger' import { type VersionSelectors } from '@pnpm/resolver-base' import semver from 'semver' import util from 'util' import { type RegistryPackageSpec } from './parseBareSpecifier.js' -import { type PackageInRegistry, type PackageMeta } from './pickPackage.js' +import { type PackageInRegistry, type PackageMeta, type PackageMetaWithTime } from './pickPackage.js' -export type PickVersionByVersionRange = ( - meta: PackageMeta, - versionRange: string, - preferredVerSels?: VersionSelectors, +export interface PickVersionByVersionRangeOptions { + meta: PackageMeta + versionRange: string + preferredVersionSelectors?: VersionSelectors publishedBy?: Date -) => string | null +} + +export type PickVersionByVersionRange = (options: PickVersionByVersionRangeOptions) => string | null export function pickPackageFromMeta ( pickVersionByVersionRangeFn: PickVersionByVersionRange, @@ -19,6 +22,10 @@ export function pickPackageFromMeta ( meta: PackageMeta, publishedBy?: Date ): PackageInRegistry | null { + if (publishedBy) { + assertMetaHasTime(meta) + meta = filterMetaByPublishedDate(meta, publishedBy) + } if ((!meta.versions || Object.keys(meta.versions).length === 0) && !publishedBy) { // Unfortunately, the npm registry doesn't return the time field in the abbreviated metadata. // So we won't always know if the package was unpublished. @@ -37,7 +44,12 @@ export function pickPackageFromMeta ( version = meta['dist-tags'][spec.fetchSpec] break case 'range': - version = pickVersionByVersionRangeFn(meta, spec.fetchSpec, preferredVersionSelectors, publishedBy) + version = pickVersionByVersionRangeFn({ + meta, + versionRange: spec.fetchSpec, + preferredVersionSelectors, + publishedBy, + }) break } if (!version) return null @@ -67,6 +79,12 @@ export function pickPackageFromMeta ( } } +function assertMetaHasTime (meta: PackageMeta): asserts meta is PackageMetaWithTime { + if (meta.time == null) { + throw new PnpmError('MISSING_TIME', `The metadata of ${meta.name} is missing the "time" field`) + } +} + const semverRangeCache = new Map() // This is a performance optimization; working with string-ish semver @@ -95,12 +113,10 @@ function semverSatisfiesLoose (version: string, range: string): boolean { } export function pickLowestVersionByVersionRange ( - meta: PackageMeta, - versionRange: string, - preferredVerSels?: VersionSelectors + { meta, versionRange, preferredVersionSelectors }: PickVersionByVersionRangeOptions ): string | null { - if (preferredVerSels != null && Object.keys(preferredVerSels).length > 0) { - const prioritizedPreferredVersions = prioritizePreferredVersions(meta, versionRange, preferredVerSels) + if (preferredVersionSelectors != null && Object.keys(preferredVersionSelectors).length > 0) { + const prioritizedPreferredVersions = prioritizePreferredVersions(meta, versionRange, preferredVersionSelectors) for (const preferredVersions of prioritizedPreferredVersions) { const preferredVersion = semver.minSatisfying(preferredVersions, versionRange, true) if (preferredVersion) { @@ -114,16 +130,11 @@ export function pickLowestVersionByVersionRange ( return semver.minSatisfying(Object.keys(meta.versions), versionRange, true) } -export function pickVersionByVersionRange ( - meta: PackageMeta, - versionRange: string, - preferredVerSels?: VersionSelectors, - publishedBy?: Date -): string | null { - let latest: string | undefined = meta['dist-tags'].latest +export function pickVersionByVersionRange ({ meta, versionRange, preferredVersionSelectors }: PickVersionByVersionRangeOptions): string | null { + const latest: string | undefined = meta['dist-tags'].latest - if (preferredVerSels != null && Object.keys(preferredVerSels).length > 0) { - const prioritizedPreferredVersions = prioritizePreferredVersions(meta, versionRange, preferredVerSels) + if (preferredVersionSelectors != null && Object.keys(preferredVersionSelectors).length > 0) { + const prioritizedPreferredVersions = prioritizePreferredVersions(meta, versionRange, preferredVersionSelectors) for (const preferredVersions of prioritizedPreferredVersions) { if (preferredVersions.includes(latest) && semverSatisfiesLoose(latest, versionRange)) { return latest @@ -135,16 +146,7 @@ export function pickVersionByVersionRange ( } } - let versions = Object.keys(meta.versions) - if (publishedBy) { - if (meta.time == null) { - throw new PnpmError('MISSING_TIME', `The metadata of ${meta.name} is missing the "time" field`) - } - versions = versions.filter(version => new Date(meta.time![version]) <= publishedBy) - if (!versions.includes(latest)) { - latest = undefined - } - } + const versions = Object.keys(meta.versions) if (latest && (versionRange === '*' || semverSatisfiesLoose(latest, versionRange))) { // Not using semver.satisfies in case of * because it does not select beta versions. // E.g.: 1.0.0-beta.1. See issue: https://github.com/pnpm/pnpm/issues/865 @@ -225,3 +227,58 @@ class PreferredVersionsPrioritizer { .map((weight) => versionsByWeight[parseInt(weight, 10)]) } } + +function filterMetaByPublishedDate (meta: PackageMetaWithTime, publishedBy: Date): PackageMeta { + const versionsWithinDate: PackageMeta['versions'] = {} + for (const version in meta.versions) { + if (!Object.hasOwn(meta.versions, version)) continue + const timeStr = meta.time[version] + if (timeStr && new Date(timeStr) <= publishedBy) { + versionsWithinDate[version] = meta.versions[version] + } + } + + const distTagsWithinDate: PackageMeta['dist-tags'] = {} + const allDistTags = meta['dist-tags'] ?? {} + for (const tag in allDistTags) { + if (!Object.hasOwn(allDistTags, tag)) continue + const distTagVersion = allDistTags[tag] + if (versionsWithinDate[distTagVersion]) { + distTagsWithinDate[tag] = distTagVersion + continue + } + // Repopulate the tag to the highest version available within date that has the same major as the original tag's version + let originalSemVer: semver.SemVer | null = null + try { + originalSemVer = new semver.SemVer(distTagVersion, true) + } catch { + continue + } + const originalMajor = originalSemVer.major + let bestVersion: string | undefined + const originalMajorPrefix = `${originalMajor}.` + for (const candidate in versionsWithinDate) { + if (!Object.hasOwn(versionsWithinDate, candidate) || !candidate.startsWith(originalMajorPrefix)) continue + if (!bestVersion) { + bestVersion = candidate + } else { + try { + if (semver.gt(candidate, bestVersion, true)) { + bestVersion = candidate + } + } catch (err) { + globalWarn(`Failed to compare semver versions ${candidate} and ${bestVersion} from packument of ${meta.name}, skipping candidate version.`) + } + } + } + if (bestVersion) { + distTagsWithinDate[tag] = bestVersion + } + } + + return { + ...meta, + versions: versionsWithinDate, + 'dist-tags': distTagsWithinDate, + } +} diff --git a/resolving/npm-resolver/test/distTagsByDate.test.ts b/resolving/npm-resolver/test/distTagsByDate.test.ts new file mode 100644 index 0000000000..700579cd5a --- /dev/null +++ b/resolving/npm-resolver/test/distTagsByDate.test.ts @@ -0,0 +1,115 @@ +import { createFetchFromRegistry } from '@pnpm/fetch' +import { createNpmResolver } from '@pnpm/npm-resolver' +import { type Registries } from '@pnpm/types' +import nock from 'nock' +import { temporaryDirectory } from 'tempy' + +const registries: Registries = { + default: 'https://registry.npmjs.org/', +} + +const fetch = createFetchFromRegistry({}) +const getAuthHeader = () => undefined +const createResolveFromNpm = createNpmResolver.bind(null, fetch, getAuthHeader) + +afterEach(() => { + nock.cleanAll() + nock.disableNetConnect() +}) + +beforeEach(() => { + nock.enableNetConnect() +}) + +test('repopulate dist-tag to highest same-major version within the date cutoff', async () => { + const name = 'dist-tag-date' + const meta = { + name, + versions: { + '3.0.0': { + name, + version: '3.0.0', + dist: { tarball: `https://registry.npmjs.org/${name}/-/${name}-3.0.0.tgz` }, + }, + '3.1.0': { + name, + version: '3.1.0', + dist: { tarball: `https://registry.npmjs.org/${name}/-/${name}-3.1.0.tgz` }, + }, + '3.2.0': { + name, + version: '3.2.0', + dist: { tarball: `https://registry.npmjs.org/${name}/-/${name}-3.2.0.tgz` }, + }, + '2.9.9': { + name, + version: '2.9.9', + dist: { tarball: `https://registry.npmjs.org/${name}/-/${name}-2.9.9.tgz` }, + }, + }, + 'dist-tags': { + latest: '3.2.0', + }, + time: { + '2.9.9': '2020-01-01T00:00:00.000Z', + '3.0.0': '2020-02-01T00:00:00.000Z', + '3.1.0': '2020-03-01T00:00:00.000Z', + '3.2.0': '2020-05-01T00:00:00.000Z', + }, + } + + // Cutoff before 3.2.0, so latest must be remapped to 3.1.0 (same major 3) + const cutoff = new Date('2020-04-01T00:00:00.000Z') + + nock(registries.default) + .get(`/${name}`) + .reply(200, meta) + + const cacheDir = temporaryDirectory() + const { resolveFromNpm } = createResolveFromNpm({ + cacheDir, + fullMetadata: true, + registries, + }) + + const res = await resolveFromNpm({ alias: name, bareSpecifier: 'latest' }, { + publishedBy: cutoff, + }) + + expect(res!.id).toBe(`${name}@3.1.0`) +}) + +test('keep dist-tag if original version is within the date cutoff', async () => { + const name = 'dist-tag-date-keep' + const meta = { + name, + versions: { + '1.0.0': { + name, + version: '1.0.0', + dist: { tarball: `https://registry.npmjs.org/${name}/-/${name}-1.0.0.tgz` }, + }, + }, + 'dist-tags': { latest: '1.0.0' }, + time: { '1.0.0': '2020-01-01T00:00:00.000Z' }, + } + + const cutoff = new Date('2020-02-01T00:00:00.000Z') + + nock(registries.default) + .get(`/${name}`) + .reply(200, meta) + + const cacheDir = temporaryDirectory() + const { resolveFromNpm } = createResolveFromNpm({ + cacheDir, + fullMetadata: true, + registries, + }) + + const res = await resolveFromNpm({ alias: name, bareSpecifier: 'latest' }, { + publishedBy: cutoff, + }) + + expect(res!.id).toBe(`${name}@1.0.0`) +}) diff --git a/resolving/resolver-base/CHANGELOG.md b/resolving/resolver-base/CHANGELOG.md index d8313735dc..26f32be8eb 100644 --- a/resolving/resolver-base/CHANGELOG.md +++ b/resolving/resolver-base/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/resolver-base +## 1005.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1005.0.0 ### Major Changes diff --git a/resolving/resolver-base/package.json b/resolving/resolver-base/package.json index 8a68195177..91677284fc 100644 --- a/resolving/resolver-base/package.json +++ b/resolving/resolver-base/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/resolver-base", - "version": "1005.0.0", + "version": "1005.0.1", "description": "Types for pnpm-compatible resolvers", "keywords": [ "pnpm", diff --git a/resolving/tarball-resolver/CHANGELOG.md b/resolving/tarball-resolver/CHANGELOG.md index 9bf7f186c6..77a9ab4fb2 100644 --- a/resolving/tarball-resolver/CHANGELOG.md +++ b/resolving/tarball-resolver/CHANGELOG.md @@ -1,5 +1,11 @@ # @pnpm/tarball-resolver +## 1002.1.3 + +### Patch Changes + +- @pnpm/resolver-base@1005.0.1 + ## 1002.1.2 ### Patch Changes diff --git a/resolving/tarball-resolver/package.json b/resolving/tarball-resolver/package.json index d5d8eb2138..b673d990b5 100644 --- a/resolving/tarball-resolver/package.json +++ b/resolving/tarball-resolver/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/tarball-resolver", - "version": "1002.1.2", + "version": "1002.1.3", "description": "Resolver for tarball dependencies", "keywords": [ "pnpm", diff --git a/reviewing/dependencies-hierarchy/CHANGELOG.md b/reviewing/dependencies-hierarchy/CHANGELOG.md index 63bee23305..495f37397d 100644 --- a/reviewing/dependencies-hierarchy/CHANGELOG.md +++ b/reviewing/dependencies-hierarchy/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/reviewing.dependencies-hierarchy +## 1001.1.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/normalize-registries@1000.1.3 + - @pnpm/lockfile.detect-dep-types@1001.0.14 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/modules-yaml@1000.3.5 + ## 1001.0.19 ### Patch Changes diff --git a/reviewing/dependencies-hierarchy/package.json b/reviewing/dependencies-hierarchy/package.json index 20a72b8116..6d36051c4e 100644 --- a/reviewing/dependencies-hierarchy/package.json +++ b/reviewing/dependencies-hierarchy/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/reviewing.dependencies-hierarchy", - "version": "1001.0.19", + "version": "1001.1.0", "description": "Creates a dependencies hierarchy for a symlinked `node_modules`", "keywords": [ "pnpm", diff --git a/reviewing/dependencies-hierarchy/src/PackageNode.ts b/reviewing/dependencies-hierarchy/src/PackageNode.ts index ed4e8b5949..929963f187 100644 --- a/reviewing/dependencies-hierarchy/src/PackageNode.ts +++ b/reviewing/dependencies-hierarchy/src/PackageNode.ts @@ -12,4 +12,5 @@ export interface PackageNode { resolved?: string searched?: true version: string + searchMessage?: string } diff --git a/reviewing/dependencies-hierarchy/src/buildDependenciesHierarchy.ts b/reviewing/dependencies-hierarchy/src/buildDependenciesHierarchy.ts index 2ebdf73cb1..26c9bb1d70 100644 --- a/reviewing/dependencies-hierarchy/src/buildDependenciesHierarchy.ts +++ b/reviewing/dependencies-hierarchy/src/buildDependenciesHierarchy.ts @@ -11,13 +11,12 @@ import { detectDepTypes } from '@pnpm/lockfile.detect-dep-types' import { readModulesManifest } from '@pnpm/modules-yaml' import { normalizeRegistries } from '@pnpm/normalize-registries' import { readModulesDir } from '@pnpm/read-modules-dir' -import { safeReadPackageJsonFromDir } from '@pnpm/read-package-json' -import { type DependenciesField, DEPENDENCIES_FIELDS, type Registries } from '@pnpm/types' +import { safeReadPackageJsonFromDir, readPackageJsonFromDirSync } from '@pnpm/read-package-json' +import { type DependenciesField, type Finder, DEPENDENCIES_FIELDS, type Registries } from '@pnpm/types' import normalizePath from 'normalize-path' import realpathMissing from 'realpath-missing' import resolveLinkTarget from 'resolve-link-target' import { type PackageNode } from './PackageNode.js' -import { type SearchFunction } from './types.js' import { getTree } from './getTree.js' import { getTreeNodeChildId } from './getTreeNodeChildId.js' import { getPkgInfo } from './getPkgInfo.js' @@ -38,7 +37,7 @@ export async function buildDependenciesHierarchy ( include?: { [dependenciesField in DependenciesField]: boolean } registries?: Registries onlyProjects?: boolean - search?: SearchFunction + search?: Finder lockfileDir: string modulesDir?: string virtualStoreDirMaxLength: number @@ -109,7 +108,7 @@ async function dependenciesHierarchyForPackage ( include: { [dependenciesField in DependenciesField]: boolean } registries: Registries onlyProjects?: boolean - search?: SearchFunction + search?: Finder skipped: Set lockfileDir: string modulesDir?: string @@ -152,7 +151,7 @@ async function dependenciesHierarchyForPackage ( result[dependenciesField] = [] for (const alias in topDeps) { const ref = topDeps[alias] - const packageInfo = getPkgInfo({ + const { pkgInfo: packageInfo, readManifest } = getPkgInfo({ alias, currentPackages: currentLockfile.packages ?? {}, depTypes, @@ -166,7 +165,11 @@ async function dependenciesHierarchyForPackage ( virtualStoreDirMaxLength: opts.virtualStoreDirMaxLength, }) let newEntry: PackageNode | null = null - const matchedSearched = opts.search?.(packageInfo) + const matchedSearched = opts.search?.({ + name: packageInfo.name, + version: packageInfo.version, + readManifest, + }) const nodeId = getTreeNodeChildId({ parentId, dep: { alias, ref }, @@ -192,6 +195,9 @@ async function dependenciesHierarchyForPackage ( if (newEntry != null) { if (matchedSearched) { newEntry.searched = true + if (typeof matchedSearched === 'string') { + newEntry.searchMessage = matchedSearched + } } result[dependenciesField]!.push(newEntry) } @@ -219,11 +225,18 @@ async function dependenciesHierarchyForPackage ( path: pkgPath, version, } - const matchedSearched = opts.search?.(pkg) + const matchedSearched = opts.search?.({ + name: pkg.name, + version: pkg.version, + readManifest: () => readPackageJsonFromDirSync(pkgPath), + }) if ((opts.search != null) && !matchedSearched) return const newEntry: PackageNode = pkg if (matchedSearched) { newEntry.searched = true + if (typeof matchedSearched === 'string') { + newEntry.searchMessage = matchedSearched + } } result.unsavedDependencies = result.unsavedDependencies ?? [] result.unsavedDependencies.push(newEntry) diff --git a/reviewing/dependencies-hierarchy/src/createPackagesSearcher.ts b/reviewing/dependencies-hierarchy/src/createPackagesSearcher.ts index 0014b7f64e..e25b0f64bf 100644 --- a/reviewing/dependencies-hierarchy/src/createPackagesSearcher.ts +++ b/reviewing/dependencies-hierarchy/src/createPackagesSearcher.ts @@ -1,13 +1,31 @@ import { createMatcher } from '@pnpm/matcher' import npa from '@pnpm/npm-package-arg' -import { type SearchFunction } from './types.js' +import { type FinderContext, type Finder } from '@pnpm/types' import semver from 'semver' -export function createPackagesSearcher (queries: string[]): SearchFunction { - const searchers: SearchFunction[] = queries +export function createPackagesSearcher (queries: string[], finders?: Finder[]): Finder { + const searchers: Finder[] = queries .map(parseSearchQuery) .map((packageSelector) => search.bind(null, packageSelector)) - return (pkg) => searchers.some((search) => search(pkg)) + return (pkg) => { + if (searchers.length > 0 && searchers.some((search) => search(pkg))) { + return true + } + if (finders == null) return false + const messages: string[] = [] + let found = false + for (const finder of finders) { + const result = finder(pkg) + if (result) { + found = true + if (typeof result === 'string') { + messages.push(result) + } + } + } + if (messages.length) return messages.join('\n') + return found + } } type MatchFunction = (entry: string) => boolean @@ -17,15 +35,15 @@ function search ( matchName: MatchFunction matchVersion?: MatchFunction }, - pkg: { name: string, version: string } + { name, version }: FinderContext ): boolean { - if (!packageSelector.matchName(pkg.name)) { + if (!packageSelector.matchName(name)) { return false } if (packageSelector.matchVersion == null) { return true } - return !pkg.version.startsWith('link:') && packageSelector.matchVersion(pkg.version) + return !version.startsWith('link:') && packageSelector.matchVersion(version) } interface ParsedSearchQuery { diff --git a/reviewing/dependencies-hierarchy/src/getPkgInfo.ts b/reviewing/dependencies-hierarchy/src/getPkgInfo.ts index eba590ad6a..7ed5de78c6 100644 --- a/reviewing/dependencies-hierarchy/src/getPkgInfo.ts +++ b/reviewing/dependencies-hierarchy/src/getPkgInfo.ts @@ -9,8 +9,9 @@ import { pkgSnapshotToResolution, } from '@pnpm/lockfile.utils' import { type DepTypes, DepType } from '@pnpm/lockfile.detect-dep-types' -import { type Registries } from '@pnpm/types' +import { type DependencyManifest, type Registries } from '@pnpm/types' import { depPathToFilename, refToRelative } from '@pnpm/dependency-path' +import { readPackageJsonFromDirSync } from '@pnpm/read-package-json' import normalizePath from 'normalize-path' export interface GetPkgInfoOpts { @@ -40,7 +41,7 @@ export interface GetPkgInfoOpts { readonly rewriteLinkVersionDir?: string } -export function getPkgInfo (opts: GetPkgInfoOpts): PackageInfo { +export function getPkgInfo (opts: GetPkgInfoOpts): { pkgInfo: PackageInfo, readManifest: () => DependencyManifest } { let name!: string let version: string let resolved: string | undefined @@ -107,7 +108,10 @@ export function getPkgInfo (opts: GetPkgInfoOpts): PackageInfo { } else if (depType === DepType.ProdOnly) { packageInfo.dev = false } - return packageInfo + return { + pkgInfo: packageInfo, + readManifest: () => readPackageJsonFromDirSync(fullPackagePath), + } } interface PackageInfo { diff --git a/reviewing/dependencies-hierarchy/src/getTree.ts b/reviewing/dependencies-hierarchy/src/getTree.ts index 291b55a2c9..88c8d3b41e 100644 --- a/reviewing/dependencies-hierarchy/src/getTree.ts +++ b/reviewing/dependencies-hierarchy/src/getTree.ts @@ -1,8 +1,7 @@ import path from 'path' import { type PackageSnapshots, type ProjectSnapshot } from '@pnpm/lockfile.fs' import { type DepTypes } from '@pnpm/lockfile.detect-dep-types' -import { type Registries } from '@pnpm/types' -import { type SearchFunction } from './types.js' +import { type Finder, type Registries } from '@pnpm/types' import { type PackageNode } from './PackageNode.js' import { getPkgInfo } from './getPkgInfo.js' import { getTreeNodeChildId } from './getTreeNodeChildId.js' @@ -16,7 +15,7 @@ interface GetTreeOpts { excludePeerDependencies?: boolean lockfileDir: string onlyProjects?: boolean - search?: SearchFunction + search?: Finder skipped: Set registries: Registries importers: Record @@ -127,7 +126,7 @@ function getTreeHelper ( for (const alias in deps) { const ref = deps[alias] - const packageInfo = getPkgInfo({ + const { pkgInfo: packageInfo, readManifest } = getPkgInfo({ alias, currentPackages: opts.currentPackages, depTypes: opts.depTypes, @@ -142,7 +141,11 @@ function getTreeHelper ( virtualStoreDirMaxLength: opts.virtualStoreDirMaxLength, }) let circular: boolean - const matchedSearched = opts.search?.(packageInfo) + const matchedSearched = opts.search?.({ + name: packageInfo.name, + version: packageInfo.version, + readManifest, + }) let newEntry: PackageNode | null = null const nodeId = getTreeNodeChildId({ parentId, @@ -210,6 +213,9 @@ function getTreeHelper ( } if (matchedSearched) { newEntry.searched = true + if (typeof matchedSearched === 'string') { + newEntry.searchMessage = matchedSearched + } } if (!newEntry.isPeer || !opts.excludePeerDependencies || newEntry.dependencies?.length) { resultDependencies.push(newEntry) diff --git a/reviewing/dependencies-hierarchy/src/index.ts b/reviewing/dependencies-hierarchy/src/index.ts index ac6d0bad2d..525b73f68f 100644 --- a/reviewing/dependencies-hierarchy/src/index.ts +++ b/reviewing/dependencies-hierarchy/src/index.ts @@ -1,4 +1,3 @@ export { buildDependenciesHierarchy, type DependenciesHierarchy } from './buildDependenciesHierarchy.js' export { type PackageNode } from './PackageNode.js' -export { type SearchFunction } from './types.js' export { createPackagesSearcher } from './createPackagesSearcher.js' diff --git a/reviewing/dependencies-hierarchy/src/types.ts b/reviewing/dependencies-hierarchy/src/types.ts deleted file mode 100644 index e586221314..0000000000 --- a/reviewing/dependencies-hierarchy/src/types.ts +++ /dev/null @@ -1 +0,0 @@ -export type SearchFunction = (pkg: { name: string, version: string }) => boolean diff --git a/reviewing/dependencies-hierarchy/test/createPackagesSearcher.spec.ts b/reviewing/dependencies-hierarchy/test/createPackagesSearcher.spec.ts index 0dc7c824c9..6d6436f5aa 100644 --- a/reviewing/dependencies-hierarchy/test/createPackagesSearcher.spec.ts +++ b/reviewing/dependencies-hierarchy/test/createPackagesSearcher.spec.ts @@ -1,25 +1,44 @@ +import { type DependencyManifest } from '@pnpm/types' import { createPackagesSearcher } from '../lib/createPackagesSearcher.js' test('packages searcher', () => { { const search = createPackagesSearcher(['rimraf@*']) - expect(search({ name: 'rimraf', version: '1.0.0' })).toBeTruthy() - expect(search({ name: 'express', version: '1.0.0' })).not.toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '1.0.0' }))).toBeTruthy() + expect(search(mockContext({ name: 'express', version: '1.0.0' }))).not.toBeTruthy() } { const search = createPackagesSearcher(['rim*']) - expect(search({ name: 'rimraf', version: '1.0.0' })).toBeTruthy() - expect(search({ name: 'express', version: '1.0.0' })).not.toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '1.0.0' }))).toBeTruthy() + expect(search(mockContext({ name: 'express', version: '1.0.0' }))).not.toBeTruthy() } { const search = createPackagesSearcher(['rim*@2']) - expect(search({ name: 'rimraf', version: '2.0.0' })).toBeTruthy() - expect(search({ name: 'rimraf', version: '1.0.0' })).not.toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '2.0.0' }))).toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '1.0.0' }))).not.toBeTruthy() } { const search = createPackagesSearcher(['minimatch', 'once@1.4']) - expect(search({ name: 'minimatch', version: '2.0.0' })).toBeTruthy() - expect(search({ name: 'once', version: '1.4.1' })).toBeTruthy() - expect(search({ name: 'rimraf', version: '1.0.0' })).not.toBeTruthy() + expect(search(mockContext({ name: 'minimatch', version: '2.0.0' }))).toBeTruthy() + expect(search(mockContext({ name: 'once', version: '1.4.1' }))).toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '1.0.0' }))).not.toBeTruthy() } }) + +test('package searcher with 2 finders', () => { + const search = createPackagesSearcher([], [ + (ctx) => ctx.name === 'once', + (ctx) => ctx.name === 'rimraf', + ]) + expect(search(mockContext({ name: 'minimatch', version: '2.0.0' }))).toBeFalsy() + expect(search(mockContext({ name: 'once', version: '1.4.1' }))).toBeTruthy() + expect(search(mockContext({ name: 'rimraf', version: '1.0.0' }))).toBeTruthy() +}) + +function mockContext (manifest: DependencyManifest) { + return { + name: manifest.name, + version: manifest.version, + readManifest: () => manifest, + } +} diff --git a/reviewing/license-scanner/CHANGELOG.md b/reviewing/license-scanner/CHANGELOG.md index e2a71b91c0..b0fa935193 100644 --- a/reviewing/license-scanner/CHANGELOG.md +++ b/reviewing/license-scanner/CHANGELOG.md @@ -1,5 +1,24 @@ # @pnpm/license-scanner +## 1001.0.24 + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [df8d57f] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/package-is-installable@1000.0.13 + - @pnpm/types@1000.8.0 + - @pnpm/directory-fetcher@1000.1.11 + - @pnpm/lockfile.detect-dep-types@1001.0.14 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/lockfile.walker@1001.0.14 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/store.cafs@1000.0.17 + ## 1001.0.23 ### Patch Changes diff --git a/reviewing/license-scanner/package.json b/reviewing/license-scanner/package.json index 9e9d803dc6..6259c70925 100644 --- a/reviewing/license-scanner/package.json +++ b/reviewing/license-scanner/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/license-scanner", - "version": "1001.0.23", + "version": "1001.0.24", "description": "Check for licenses packages", "keywords": [ "pnpm", diff --git a/reviewing/list/CHANGELOG.md b/reviewing/list/CHANGELOG.md index 65d3d335b1..71e51c43dd 100644 --- a/reviewing/list/CHANGELOG.md +++ b/reviewing/list/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/list +## 1000.1.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [e792927] +- Updated dependencies [e792927] + - @pnpm/read-package-json@1000.1.0 + - @pnpm/reviewing.dependencies-hierarchy@1001.1.0 + - @pnpm/types@1000.8.0 + - @pnpm/read-project-manifest@1001.1.1 + ## 1000.0.22 ### Patch Changes diff --git a/reviewing/list/package.json b/reviewing/list/package.json index 5cba02904e..7a8403d082 100644 --- a/reviewing/list/package.json +++ b/reviewing/list/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/list", - "version": "1000.0.22", + "version": "1000.1.0", "description": "List installed packages in a symlinked `node_modules`", "keywords": [ "pnpm", diff --git a/reviewing/list/src/index.ts b/reviewing/list/src/index.ts index fdb6421f3e..8559a01d48 100644 --- a/reviewing/list/src/index.ts +++ b/reviewing/list/src/index.ts @@ -1,6 +1,6 @@ import path from 'path' import { safeReadProjectManifestOnly } from '@pnpm/read-project-manifest' -import { type DependenciesField, type Registries } from '@pnpm/types' +import { type DependenciesField, type Registries, type Finder } from '@pnpm/types' import { type PackageNode, buildDependenciesHierarchy, type DependenciesHierarchy, createPackagesSearcher } from '@pnpm/reviewing.dependencies-hierarchy' import { renderJson } from './renderJson.js' import { renderParseable } from './renderParseable.js' @@ -66,9 +66,10 @@ export async function searchForPackages ( registries?: Registries modulesDir?: string virtualStoreDirMaxLength: number + finders?: Finder[] } ): Promise { - const search = createPackagesSearcher(packages) + const search = createPackagesSearcher(packages, opts.finders) return Promise.all( Object.entries(await buildDependenciesHierarchy(projectPaths, { @@ -110,6 +111,7 @@ export async function listForPackages ( registries?: Registries modulesDir?: string virtualStoreDirMaxLength: number + finders?: Finder[] } ): Promise { const opts = { ...DEFAULTS, ...maybeOpts } @@ -143,6 +145,7 @@ export async function list ( showExtraneous?: boolean modulesDir?: string virtualStoreDirMaxLength: number + finders?: Finder[] } ): Promise { const opts = { ...DEFAULTS, ...maybeOpts } diff --git a/reviewing/list/src/renderTree.ts b/reviewing/list/src/renderTree.ts index b55b0aa74f..e75d9d49b0 100644 --- a/reviewing/list/src/renderTree.ts +++ b/reviewing/list/src/renderTree.ts @@ -113,12 +113,17 @@ export async function toArchyTree ( return Promise.all( sortPackages(entryNodes).map(async (node) => { const nodes = await toArchyTree(getPkgColor, node.dependencies ?? [], opts) + const labelLines: string[] = [ + printLabel(getPkgColor, node), + ] + if (node.searchMessage) { + labelLines.push(node.searchMessage) + } if (opts.long) { const pkg = await getPkgInfo(node) - const labelLines = [ - printLabel(getPkgColor, node), - pkg.description, - ] + if (pkg.description) { + labelLines.push(pkg.description) + } if (pkg.repository) { labelLines.push(pkg.repository) } @@ -128,14 +133,9 @@ export async function toArchyTree ( if (pkg.path) { labelLines.push(pkg.path) } - - return { - label: labelLines.join('\n'), - nodes, - } } return { - label: printLabel(getPkgColor, node), + label: labelLines.join('\n'), nodes, } }) diff --git a/reviewing/outdated/CHANGELOG.md b/reviewing/outdated/CHANGELOG.md index 3a5961397c..ae063f74e3 100644 --- a/reviewing/outdated/CHANGELOG.md +++ b/reviewing/outdated/CHANGELOG.md @@ -1,5 +1,27 @@ # @pnpm/outdated +## 1001.0.29 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + - @pnpm/pick-registry-for-package@1000.0.10 + - @pnpm/hooks.read-package-hook@1000.0.13 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/client@1001.0.4 + - @pnpm/manifest-utils@1001.0.4 + +## 1001.0.28 + +### Patch Changes + +- @pnpm/client@1001.0.3 + ## 1001.0.27 ### Patch Changes diff --git a/reviewing/outdated/package.json b/reviewing/outdated/package.json index 0877ce1adf..cd1121010f 100644 --- a/reviewing/outdated/package.json +++ b/reviewing/outdated/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/outdated", - "version": "1001.0.27", + "version": "1001.0.29", "description": "Check for outdated packages", "keywords": [ "pnpm", diff --git a/reviewing/plugin-commands-licenses/CHANGELOG.md b/reviewing/plugin-commands-licenses/CHANGELOG.md index c40799962d..7154b7205b 100644 --- a/reviewing/plugin-commands-licenses/CHANGELOG.md +++ b/reviewing/plugin-commands-licenses/CHANGELOG.md @@ -1,5 +1,22 @@ # @pnpm/plugin-commands-licenses +## 1000.0.37 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/license-scanner@1001.0.24 + - @pnpm/lockfile.fs@1001.1.18 + +## 1000.0.36 + +### Patch Changes + +- @pnpm/cli-utils@1001.1.2 + ## 1000.0.35 ### Patch Changes diff --git a/reviewing/plugin-commands-licenses/package.json b/reviewing/plugin-commands-licenses/package.json index 94a6b74f60..828e00f4d6 100644 --- a/reviewing/plugin-commands-licenses/package.json +++ b/reviewing/plugin-commands-licenses/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-licenses", - "version": "1000.0.35", + "version": "1000.0.37", "description": "The licenses command of pnpm", "keywords": [ "pnpm", diff --git a/reviewing/plugin-commands-listing/CHANGELOG.md b/reviewing/plugin-commands-listing/CHANGELOG.md index 66307edc42..770ed8f310 100644 --- a/reviewing/plugin-commands-listing/CHANGELOG.md +++ b/reviewing/plugin-commands-listing/CHANGELOG.md @@ -1,5 +1,26 @@ # @pnpm/plugin-commands-listing +## 1000.1.0 + +### Minor Changes + +- e792927: Added support for `finders` [#9946](https://github.com/pnpm/pnpm/pull/9946). + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/list@1000.1.0 + - @pnpm/cli-utils@1001.2.0 + +## 1000.0.35 + +### Patch Changes + +- @pnpm/cli-utils@1001.1.2 + ## 1000.0.34 ### Patch Changes diff --git a/reviewing/plugin-commands-listing/package.json b/reviewing/plugin-commands-listing/package.json index 58f8ecc14c..7ad01c4a4e 100644 --- a/reviewing/plugin-commands-listing/package.json +++ b/reviewing/plugin-commands-listing/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-listing", - "version": "1000.0.34", + "version": "1000.1.0", "description": "The list and why commands of pnpm", "keywords": [ "pnpm", diff --git a/reviewing/plugin-commands-listing/src/list.ts b/reviewing/plugin-commands-listing/src/list.ts index ef4b900240..0db364b36f 100644 --- a/reviewing/plugin-commands-listing/src/list.ts +++ b/reviewing/plugin-commands-listing/src/list.ts @@ -1,8 +1,9 @@ +import { PnpmError } from '@pnpm/error' import { docsUrl } from '@pnpm/cli-utils' import { FILTERING, OPTIONS, UNIVERSAL_OPTIONS } from '@pnpm/common-cli-options-help' import { type Config, types as allTypes } from '@pnpm/config' import { list, listForPackages } from '@pnpm/list' -import { type IncludedDependencies } from '@pnpm/types' +import { type Finder, type IncludedDependencies } from '@pnpm/types' import { pick } from 'ramda' import renderHelp from 'render-help' import { listRecursive } from './recursive.js' @@ -32,6 +33,7 @@ export const cliOptionsTypes = (): Record => ({ 'exclude-peers': Boolean, 'only-projects': Boolean, recursive: Boolean, + 'find-by': [String, Array], }) export const shorthands: Record = { @@ -124,6 +126,7 @@ export type ListCommandOptions = Pick + findBy?: string[] } ): Promise { + const finders: Finder[] = [] + if (opts.findBy) { + for (const finderName of opts.findBy) { + if (opts.finders?.[finderName] == null) { + throw new PnpmError('FINDER_NOT_FOUND', `No finder with name ${finderName} is found`) + } + finders.push(opts.finders[finderName]) + } + } const listOpts = { alwaysPrintRootPackage: opts.alwaysPrintRootPackage, depth: opts.depth ?? 0, @@ -192,8 +207,9 @@ export async function render ( showExtraneous: false, modulesDir: opts.modulesDir, virtualStoreDirMaxLength: opts.virtualStoreDirMaxLength, + finders, } - return (params.length > 0) + return (params.length > 0) || listOpts.finders.length > 0 ? listForPackages(params, prefixes, listOpts) : list(prefixes, listOpts) } diff --git a/reviewing/plugin-commands-listing/src/why.ts b/reviewing/plugin-commands-listing/src/why.ts index e6db08f86a..1e0d597248 100644 --- a/reviewing/plugin-commands-listing/src/why.ts +++ b/reviewing/plugin-commands-listing/src/why.ts @@ -25,6 +25,7 @@ export const cliOptionsTypes = (): Record => ({ ...rcOptionsTypes(), 'exclude-peers': Boolean, recursive: Boolean, + 'find-by': [String, Array], }) export const shorthands: Record = { @@ -103,8 +104,8 @@ export async function handler ( opts: ListCommandOptions, params: string[] ): Promise { - if (params.length === 0) { - throw new PnpmError('MISSING_PACKAGE_NAME', '`pnpm why` requires the package name') + if (params.length === 0 && opts.findBy == null) { + throw new PnpmError('MISSING_PACKAGE_NAME', '`pnpm why` requires the package name or --find-by=') } return list({ ...opts, diff --git a/reviewing/plugin-commands-listing/test/recursive.ts b/reviewing/plugin-commands-listing/test/recursive.ts index a83381ac2a..b9df81d110 100644 --- a/reviewing/plugin-commands-listing/test/recursive.ts +++ b/reviewing/plugin-commands-listing/test/recursive.ts @@ -260,5 +260,5 @@ test('`pnpm recursive why` should fail if no package name was provided', async ( } expect(err.code).toBe('ERR_PNPM_MISSING_PACKAGE_NAME') - expect(err.message).toBe('`pnpm why` requires the package name') + expect(err.message).toMatch('`pnpm why` requires the package name') }) diff --git a/reviewing/plugin-commands-outdated/CHANGELOG.md b/reviewing/plugin-commands-outdated/CHANGELOG.md index d03e073372..a063973f46 100644 --- a/reviewing/plugin-commands-outdated/CHANGELOG.md +++ b/reviewing/plugin-commands-outdated/CHANGELOG.md @@ -1,5 +1,27 @@ # @pnpm/plugin-commands-outdated +## 1000.0.37 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/default-resolver@1002.2.4 + - @pnpm/outdated@1001.0.29 + - @pnpm/lockfile.fs@1001.1.18 + - @pnpm/modules-yaml@1000.3.5 + +## 1000.0.36 + +### Patch Changes + +- @pnpm/outdated@1001.0.28 +- @pnpm/cli-utils@1001.1.2 +- @pnpm/default-resolver@1002.2.3 + ## 1000.0.35 ### Patch Changes diff --git a/reviewing/plugin-commands-outdated/package.json b/reviewing/plugin-commands-outdated/package.json index 440c06a0c4..ed040872a2 100644 --- a/reviewing/plugin-commands-outdated/package.json +++ b/reviewing/plugin-commands-outdated/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-outdated", - "version": "1000.0.35", + "version": "1000.0.37", "description": "The outdated command of pnpm", "keywords": [ "pnpm", diff --git a/store/cafs/CHANGELOG.md b/store/cafs/CHANGELOG.md index 6e769ceed6..b8e06c2091 100644 --- a/store/cafs/CHANGELOG.md +++ b/store/cafs/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/store.cafs +## 1000.0.17 + +### Patch Changes + +- @pnpm/fetcher-base@1001.0.1 +- @pnpm/store-controller-types@1004.0.2 + ## 1000.0.16 ### Patch Changes diff --git a/store/cafs/package.json b/store/cafs/package.json index f756f71594..6e6e35fbf7 100644 --- a/store/cafs/package.json +++ b/store/cafs/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store.cafs", - "version": "1000.0.16", + "version": "1000.0.17", "description": "A content-addressable filesystem for the packages storage", "keywords": [ "pnpm", diff --git a/store/create-cafs-store/CHANGELOG.md b/store/create-cafs-store/CHANGELOG.md index b5d11dd018..35573c2962 100644 --- a/store/create-cafs-store/CHANGELOG.md +++ b/store/create-cafs-store/CHANGELOG.md @@ -1,5 +1,15 @@ # @pnpm/create-cafs-store +## 1000.0.18 + +### Patch Changes + +- @pnpm/exec.pkg-requires-build@1000.0.10 +- @pnpm/fetcher-base@1001.0.1 +- @pnpm/store.cafs@1000.0.17 +- @pnpm/store-controller-types@1004.0.2 +- @pnpm/fs.indexed-pkg-importer@1000.1.12 + ## 1000.0.17 ### Patch Changes diff --git a/store/create-cafs-store/package.json b/store/create-cafs-store/package.json index 512d52298f..309102d491 100644 --- a/store/create-cafs-store/package.json +++ b/store/create-cafs-store/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/create-cafs-store", - "version": "1000.0.17", + "version": "1000.0.18", "description": "Create a CAFS store controller", "keywords": [ "pnpm", diff --git a/store/package-store/CHANGELOG.md b/store/package-store/CHANGELOG.md index 029d3d1812..ffeed524fe 100644 --- a/store/package-store/CHANGELOG.md +++ b/store/package-store/CHANGELOG.md @@ -1,5 +1,19 @@ # @pnpm/package-store +## 1002.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/package-requester@1006.0.1 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/resolver-base@1005.0.1 + - @pnpm/store.cafs@1000.0.17 + - @pnpm/store-controller-types@1004.0.2 + - @pnpm/worker@1000.1.12 + - @pnpm/create-cafs-store@1000.0.18 + ## 1002.0.9 ### Patch Changes diff --git a/store/package-store/package.json b/store/package-store/package.json index cd5d4f42bf..36b9e7c42b 100644 --- a/store/package-store/package.json +++ b/store/package-store/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/package-store", - "version": "1002.0.9", + "version": "1002.0.10", "description": "A storage for packages", "keywords": [ "pnpm", diff --git a/store/plugin-commands-server/CHANGELOG.md b/store/plugin-commands-server/CHANGELOG.md index 4b782c8dfa..75700d3364 100644 --- a/store/plugin-commands-server/CHANGELOG.md +++ b/store/plugin-commands-server/CHANGELOG.md @@ -1,5 +1,25 @@ # @pnpm/plugin-commands-server +## 1000.0.36 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/server@1001.0.10 + +## 1000.0.35 + +### Patch Changes + +- @pnpm/server@1001.0.9 +- @pnpm/store-connection-manager@1002.0.11 +- @pnpm/cli-utils@1001.1.2 + ## 1000.0.34 ### Patch Changes diff --git a/store/plugin-commands-server/package.json b/store/plugin-commands-server/package.json index 3377e5324b..8c6e80a962 100644 --- a/store/plugin-commands-server/package.json +++ b/store/plugin-commands-server/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-server", - "version": "1000.0.34", + "version": "1000.0.36", "description": "Commands for controlling the store server", "keywords": [ "pnpm", diff --git a/store/plugin-commands-store-inspecting/CHANGELOG.md b/store/plugin-commands-store-inspecting/CHANGELOG.md index b2cee59e8e..d129f7b653 100644 --- a/store/plugin-commands-store-inspecting/CHANGELOG.md +++ b/store/plugin-commands-store-inspecting/CHANGELOG.md @@ -1,5 +1,23 @@ # @pnpm/plugin-commands-store-inspecting +## 1000.0.33 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/client@1001.0.4 + - @pnpm/store.cafs@1000.0.17 + +## 1000.0.32 + +### Patch Changes + +- @pnpm/client@1001.0.3 + ## 1000.0.31 ### Patch Changes diff --git a/store/plugin-commands-store-inspecting/package.json b/store/plugin-commands-store-inspecting/package.json index a52550e9ad..42c131a412 100644 --- a/store/plugin-commands-store-inspecting/package.json +++ b/store/plugin-commands-store-inspecting/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-store-inspecting", - "version": "1000.0.31", + "version": "1000.0.33", "description": "The inspecting store commands of pnpm", "keywords": [ "pnpm", diff --git a/store/plugin-commands-store/CHANGELOG.md b/store/plugin-commands-store/CHANGELOG.md index d8950f2eca..dfd3fb102a 100644 --- a/store/plugin-commands-store/CHANGELOG.md +++ b/store/plugin-commands-store/CHANGELOG.md @@ -1,5 +1,29 @@ # @pnpm/plugin-commands-store +## 1000.0.37 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/store-connection-manager@1002.1.0 + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/normalize-registries@1000.1.3 + - @pnpm/lockfile.utils@1003.0.1 + - @pnpm/dependency-path@1001.1.1 + - @pnpm/get-context@1001.1.5 + - @pnpm/store.cafs@1000.0.17 + - @pnpm/store-controller-types@1004.0.2 + +## 1000.0.36 + +### Patch Changes + +- @pnpm/store-connection-manager@1002.0.11 +- @pnpm/cli-utils@1001.1.2 + ## 1000.0.35 ### Patch Changes diff --git a/store/plugin-commands-store/package.json b/store/plugin-commands-store/package.json index 6edf3c019d..9bb916e3d1 100644 --- a/store/plugin-commands-store/package.json +++ b/store/plugin-commands-store/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/plugin-commands-store", - "version": "1000.0.35", + "version": "1000.0.37", "description": "Commands for controlling the store", "keywords": [ "pnpm", diff --git a/store/server/CHANGELOG.md b/store/server/CHANGELOG.md index 0598e53a30..518d15bf1a 100644 --- a/store/server/CHANGELOG.md +++ b/store/server/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/server +## 1001.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/fetch@1000.2.5 + - @pnpm/store-controller-types@1004.0.2 + ## 1001.0.9 ### Patch Changes diff --git a/store/server/package.json b/store/server/package.json index babaa01aa9..e885c792c9 100644 --- a/store/server/package.json +++ b/store/server/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/server", - "version": "1001.0.9", + "version": "1001.0.10", "description": "A pnpm installer server", "keywords": [ "pnpm", diff --git a/store/store-connection-manager/CHANGELOG.md b/store/store-connection-manager/CHANGELOG.md index 27649ec1c5..603c230a85 100644 --- a/store/store-connection-manager/CHANGELOG.md +++ b/store/store-connection-manager/CHANGELOG.md @@ -1,5 +1,40 @@ # @pnpm/store-connection-manager +## 1002.1.0 + +### Minor Changes + +- 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. + + The new setting is called `minimumReleaseAge`. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting `minimumReleaseAge: 1440` ensures that only packages released at least one day ago can be installed. + + If you set `minimumReleaseAge` but need to disable this restriction for certain dependencies, you can list them under the `minimumReleaseAgeExclude` setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: + + ```yaml + minimumReleaseAgeExclude: + - webpack + ``` + + Related issue: [#9921](https://github.com/pnpm/pnpm/issues/9921). + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/client@1001.0.4 + - @pnpm/package-store@1002.0.10 + - @pnpm/server@1001.0.10 + +## 1002.0.11 + +### Patch Changes + +- @pnpm/client@1001.0.3 +- @pnpm/package-store@1002.0.9 +- @pnpm/server@1001.0.9 + ## 1002.0.10 ### Patch Changes diff --git a/store/store-connection-manager/package.json b/store/store-connection-manager/package.json index d695103791..1308eae0e5 100644 --- a/store/store-connection-manager/package.json +++ b/store/store-connection-manager/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store-connection-manager", - "version": "1002.0.10", + "version": "1002.1.0", "description": "Create a direct pnpm store controller or connect to a running store server", "keywords": [ "pnpm", diff --git a/store/store-connection-manager/src/createNewStoreController.ts b/store/store-connection-manager/src/createNewStoreController.ts index 4e8ef5eed9..4909bb9dab 100644 --- a/store/store-connection-manager/src/createNewStoreController.ts +++ b/store/store-connection-manager/src/createNewStoreController.ts @@ -29,6 +29,7 @@ export type CreateNewStoreControllerOptions = CreateResolverOptions & Pick { - const fullMetadata = opts.fetchFullMetadata ?? (opts.resolutionMode === 'time-based' && !opts.registrySupportsTimeField) + const fullMetadata = opts.fetchFullMetadata ?? ((opts.resolutionMode === 'time-based' || Boolean(opts.minimumReleaseAge)) && !opts.registrySupportsTimeField) const { resolve, fetchers, clearResolutionCache } = createClient({ customFetchers: opts.hooks?.fetchers, userConfig: opts.userConfig, @@ -94,6 +95,7 @@ export async function createNewStoreController ( includeOnlyPackageFiles: !opts.deployAllFiles, saveWorkspaceProtocol: opts.saveWorkspaceProtocol, preserveAbsolutePaths: opts.preserveAbsolutePaths, + strictPublishedByCheck: Boolean(opts.minimumReleaseAge), }) await fs.mkdir(opts.storeDir, { recursive: true }) return { diff --git a/store/store-controller-types/CHANGELOG.md b/store/store-controller-types/CHANGELOG.md index 0fe7d6b3e7..6b2c05c821 100644 --- a/store/store-controller-types/CHANGELOG.md +++ b/store/store-controller-types/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/store-controller-types +## 1004.0.2 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/fetcher-base@1001.0.1 + - @pnpm/resolver-base@1005.0.1 + ## 1004.0.1 ### Patch Changes diff --git a/store/store-controller-types/package.json b/store/store-controller-types/package.json index 2f9d04cd77..870dc5fc54 100644 --- a/store/store-controller-types/package.json +++ b/store/store-controller-types/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/store-controller-types", - "version": "1004.0.1", + "version": "1004.0.2", "description": "Types for the store controller", "keywords": [ "pnpm", diff --git a/testing/temp-store/CHANGELOG.md b/testing/temp-store/CHANGELOG.md index d4f7082b32..209c0a9d80 100644 --- a/testing/temp-store/CHANGELOG.md +++ b/testing/temp-store/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/testing.temp-store +## 1000.0.15 + +### Patch Changes + +- @pnpm/client@1001.0.4 +- @pnpm/package-store@1002.0.10 +- @pnpm/store-controller-types@1004.0.2 + +## 1000.0.14 + +### Patch Changes + +- @pnpm/client@1001.0.3 +- @pnpm/package-store@1002.0.9 + ## 1000.0.13 ### Patch Changes diff --git a/testing/temp-store/package.json b/testing/temp-store/package.json index bb548bb44a..1615c1062d 100644 --- a/testing/temp-store/package.json +++ b/testing/temp-store/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/testing.temp-store", - "version": "1000.0.13", + "version": "1000.0.15", "description": "A temporary store for testing purposes", "keywords": [ "pnpm", diff --git a/tools/plugin-commands-self-updater/CHANGELOG.md b/tools/plugin-commands-self-updater/CHANGELOG.md index 731518f642..c9b0ad2a8b 100644 --- a/tools/plugin-commands-self-updater/CHANGELOG.md +++ b/tools/plugin-commands-self-updater/CHANGELOG.md @@ -1,5 +1,27 @@ # @pnpm/tools.plugin-commands-self-updater +## 1000.1.23 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/link-bins@1000.2.2 + - @pnpm/cli-meta@1000.0.10 + - @pnpm/client@1001.0.4 + - @pnpm/read-project-manifest@1001.1.1 + +## 1000.1.22 + +### Patch Changes + +- Updated dependencies [affdd5b] + - @pnpm/link-bins@1000.2.1 + - @pnpm/client@1001.0.3 + - @pnpm/cli-utils@1001.1.2 + ## 1000.1.21 ### Patch Changes diff --git a/tools/plugin-commands-self-updater/package.json b/tools/plugin-commands-self-updater/package.json index 46a81cf210..9ac978ade8 100644 --- a/tools/plugin-commands-self-updater/package.json +++ b/tools/plugin-commands-self-updater/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/tools.plugin-commands-self-updater", - "version": "1000.1.21", + "version": "1000.1.23", "description": "A command for updating pnpm itself", "keywords": [ "pnpm", diff --git a/worker/CHANGELOG.md b/worker/CHANGELOG.md index a5e17c2334..71f2b15f7e 100644 --- a/worker/CHANGELOG.md +++ b/worker/CHANGELOG.md @@ -1,5 +1,16 @@ # @pnpm/worker +## 1000.1.12 + +### Patch Changes + +- @pnpm/exec.pkg-requires-build@1000.0.10 +- @pnpm/symlink-dependency@1000.0.11 +- @pnpm/store.cafs@1000.0.17 +- @pnpm/cafs-types@1000.0.0 +- @pnpm/fs.hard-link-dir@1000.0.1 +- @pnpm/create-cafs-store@1000.0.18 + ## 1000.1.11 ### Patch Changes diff --git a/worker/package.json b/worker/package.json index d9185a5ab4..a3195cc47e 100644 --- a/worker/package.json +++ b/worker/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/worker", - "version": "1000.1.11", + "version": "1000.1.12", "description": "A worker for extracting package taralls to the store", "keywords": [ "pnpm", diff --git a/workspace/filter-packages-from-dir/CHANGELOG.md b/workspace/filter-packages-from-dir/CHANGELOG.md index 840cd2f6c2..d336164cc0 100644 --- a/workspace/filter-packages-from-dir/CHANGELOG.md +++ b/workspace/filter-packages-from-dir/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/workspace.filter-packages-from-dir +## 1000.0.35 + +### Patch Changes + +- @pnpm/filter-workspace-packages@1000.0.35 +- @pnpm/workspace.find-packages@1000.0.35 +- @pnpm/workspace.read-manifest@1000.2.3 + +## 1000.0.34 + +### Patch Changes + +- @pnpm/workspace.find-packages@1000.0.34 +- @pnpm/filter-workspace-packages@1000.0.34 + ## 1000.0.33 ### Patch Changes diff --git a/workspace/filter-packages-from-dir/package.json b/workspace/filter-packages-from-dir/package.json index 47253df29c..88570c5e4a 100644 --- a/workspace/filter-packages-from-dir/package.json +++ b/workspace/filter-packages-from-dir/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.filter-packages-from-dir", - "version": "1000.0.33", + "version": "1000.0.35", "description": "Filters packages in a directory", "keywords": [ "pnpm", diff --git a/workspace/filter-workspace-packages/CHANGELOG.md b/workspace/filter-workspace-packages/CHANGELOG.md index 5e1efae368..9d997f4b8b 100644 --- a/workspace/filter-workspace-packages/CHANGELOG.md +++ b/workspace/filter-workspace-packages/CHANGELOG.md @@ -1,5 +1,18 @@ # @pnpm/filter-workspace-packages +## 1000.0.35 + +### Patch Changes + +- @pnpm/workspace.pkgs-graph@1000.0.19 +- @pnpm/workspace.find-packages@1000.0.35 + +## 1000.0.34 + +### Patch Changes + +- @pnpm/workspace.find-packages@1000.0.34 + ## 1000.0.33 ### Patch Changes diff --git a/workspace/filter-workspace-packages/package.json b/workspace/filter-workspace-packages/package.json index 4fc68e7539..a4a9d1fd05 100644 --- a/workspace/filter-workspace-packages/package.json +++ b/workspace/filter-workspace-packages/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/filter-workspace-packages", - "version": "1000.0.33", + "version": "1000.0.35", "description": "Filters packages in a workspace", "keywords": [ "pnpm", diff --git a/workspace/find-packages/CHANGELOG.md b/workspace/find-packages/CHANGELOG.md index fbe8ed7fa7..fecaaddb55 100644 --- a/workspace/find-packages/CHANGELOG.md +++ b/workspace/find-packages/CHANGELOG.md @@ -1,5 +1,20 @@ # @pnpm/find-workspace-packages +## 1000.0.35 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/cli-utils@1001.2.0 + - @pnpm/fs.find-packages@1000.0.14 + +## 1000.0.34 + +### Patch Changes + +- @pnpm/cli-utils@1001.1.2 + ## 1000.0.33 ### Patch Changes diff --git a/workspace/find-packages/package.json b/workspace/find-packages/package.json index f1d7df96bf..6f4d006558 100644 --- a/workspace/find-packages/package.json +++ b/workspace/find-packages/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.find-packages", - "version": "1000.0.33", + "version": "1000.0.35", "description": "Finds packages inside a workspace", "keywords": [ "pnpm", diff --git a/workspace/injected-deps-syncer/CHANGELOG.md b/workspace/injected-deps-syncer/CHANGELOG.md index bea0f09a6f..9145bd9c4e 100644 --- a/workspace/injected-deps-syncer/CHANGELOG.md +++ b/workspace/injected-deps-syncer/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/workspace.injected-deps-syncer +## 1000.0.12 + +### Patch Changes + +- @pnpm/directory-fetcher@1000.1.11 +- @pnpm/modules-yaml@1000.3.5 + ## 1000.0.11 ### Patch Changes diff --git a/workspace/injected-deps-syncer/package.json b/workspace/injected-deps-syncer/package.json index 6057787afa..0e63407184 100644 --- a/workspace/injected-deps-syncer/package.json +++ b/workspace/injected-deps-syncer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.injected-deps-syncer", - "version": "1000.0.11", + "version": "1000.0.12", "description": "Update all injected replica of a workspace package", "keywords": [ "pnpm", diff --git a/workspace/manifest-writer/CHANGELOG.md b/workspace/manifest-writer/CHANGELOG.md index 5f2755e65a..83bd69e903 100644 --- a/workspace/manifest-writer/CHANGELOG.md +++ b/workspace/manifest-writer/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/workspace.manifest-writer +## 1001.0.1 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + - @pnpm/lockfile.types@1002.0.1 + - @pnpm/workspace.read-manifest@1000.2.3 + ## 1001.0.0 ### Major Changes diff --git a/workspace/manifest-writer/package.json b/workspace/manifest-writer/package.json index 3be018ea78..648974a1f0 100644 --- a/workspace/manifest-writer/package.json +++ b/workspace/manifest-writer/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.manifest-writer", - "version": "1001.0.0", + "version": "1001.0.1", "description": "Updates the workspace manifest file", "keywords": [ "pnpm", diff --git a/workspace/pkgs-graph/CHANGELOG.md b/workspace/pkgs-graph/CHANGELOG.md index f312819261..446211e836 100644 --- a/workspace/pkgs-graph/CHANGELOG.md +++ b/workspace/pkgs-graph/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/workspace.pkgs-graph +## 1000.0.19 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/npm-resolver@1004.2.0 + - @pnpm/types@1000.8.0 + ## 1000.0.18 ### Patch Changes diff --git a/workspace/pkgs-graph/package.json b/workspace/pkgs-graph/package.json index d7c05121c8..c9ebe342cb 100644 --- a/workspace/pkgs-graph/package.json +++ b/workspace/pkgs-graph/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.pkgs-graph", - "version": "1000.0.18", + "version": "1000.0.19", "description": "Create a graph from an array of packages", "keywords": [ "pnpm", diff --git a/workspace/read-manifest/CHANGELOG.md b/workspace/read-manifest/CHANGELOG.md index dc9c2dbcb9..51119e8df1 100644 --- a/workspace/read-manifest/CHANGELOG.md +++ b/workspace/read-manifest/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/workspace.read-manifest +## 1000.2.3 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.2.2 ### Patch Changes diff --git a/workspace/read-manifest/package.json b/workspace/read-manifest/package.json index a29bebc737..ad38dbfd78 100644 --- a/workspace/read-manifest/package.json +++ b/workspace/read-manifest/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.read-manifest", - "version": "1000.2.2", + "version": "1000.2.3", "description": "Reads a workspace manifest file", "keywords": [ "pnpm", diff --git a/workspace/sort-packages/CHANGELOG.md b/workspace/sort-packages/CHANGELOG.md index 7b3fbc3b4f..e909b5df7e 100644 --- a/workspace/sort-packages/CHANGELOG.md +++ b/workspace/sort-packages/CHANGELOG.md @@ -1,5 +1,12 @@ # @pnpm/sort-packages +## 1000.0.10 + +### Patch Changes + +- Updated dependencies [e792927] + - @pnpm/types@1000.8.0 + ## 1000.0.9 ### Patch Changes diff --git a/workspace/sort-packages/package.json b/workspace/sort-packages/package.json index 03b695a14c..32bf842bb8 100644 --- a/workspace/sort-packages/package.json +++ b/workspace/sort-packages/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/sort-packages", - "version": "1000.0.9", + "version": "1000.0.10", "description": "Sort packages", "keywords": [ "pnpm", diff --git a/workspace/state/CHANGELOG.md b/workspace/state/CHANGELOG.md index 0e93225d15..8750c30d41 100644 --- a/workspace/state/CHANGELOG.md +++ b/workspace/state/CHANGELOG.md @@ -1,5 +1,14 @@ # @pnpm/workspace.state +## 1002.0.3 + +### Patch Changes + +- Updated dependencies [38e2599] +- Updated dependencies [e792927] + - @pnpm/config@1004.3.0 + - @pnpm/types@1000.8.0 + ## 1002.0.2 ### Patch Changes diff --git a/workspace/state/package.json b/workspace/state/package.json index 19f90ce6d5..3da5f1148b 100644 --- a/workspace/state/package.json +++ b/workspace/state/package.json @@ -1,6 +1,6 @@ { "name": "@pnpm/workspace.state", - "version": "1002.0.2", + "version": "1002.0.3", "description": "Track the list of actual paths of workspace packages in a cache", "keywords": [ "pnpm",