mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2025-12-23 23:29:17 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,177 Commits 304 Branches 1,830 Tags
main
Commit Graph

2576 Commits

Author SHA1 Message Date
Zoltan Kochan
3bf5e218a6 fix: linking commands of engines (#10354) 
close #10244
 2025-12-23 12:26:59 +01:00
Zoltan Kochan
01760da877 fix(git-resolver): installing git-hosted dependency using annotated tags (#10349) 
close #10335
 2025-12-22 23:05:40 +01:00
月正海角
a297ebc9f6 feat: improve error message for versions not meeting minimumReleaseAge (#10350) 
close #10307
 2025-12-22 17:28:52 +01:00
btea
ac4c9f4b96 fix: install absolute path pkg failed (#9888) 2025-12-22 14:57:45 +01:00
Zoltan Kochan
1cc61e87bc feat!: change the default values of blockExoticSubdeps and strictDepBuilds (#10332) 2025-12-22 14:36:46 +01:00
Khải
97cf97609e fix(cli/config): phantom keys (#10323) 
* fix(cli/config): phantom keys

Fixes https://github.com/pnpm/pnpm/issues/10296

This patch also include other refactors.

* test: does not traverse the prototype chain

* test: more properties

* test: fix other tests

* feat: revert unrelated changes
 2025-12-22 12:26:14 +01:00
Sam Chung
1bc6b5ac2c fix: try not to make network requests with prefer offline (#10334) 2025-12-21 19:04:11 +01:00
Dasa Paddock
29764fb140 feat(hooks): add beforePacking hook (#10303) 
* feat(hooks): add `readPackageForPublishing` hook

* feat: pass project `dir` parameter to `readPackageForPublishing` hook

* chore: cleanup

* fix: add support for multiple pnpmfiles

* test: readPackageForPublishing hook

* test: add more tests

* test: small update

* refactor: pass in `hooks` as an option

* test: pass in `hooks` as an option

* test: small update

* chore: rename `readPackageForPublishing` to `beforePacking`
 2025-12-21 15:49:47 +01:00
Khải
90bd3c31f8 feat(config)!: project-specific packageConfigs (#10304) 
* feat(config)!: project level `config.yaml`

* test: fix

* refactor: shorten some names

* docs(changeset): change wording

* feat: move project settings to pnpm-workspace.yaml

* test: remove unneeded fixture

* docs(changeset): correct

* refactor: replace validation with creation

* docs: consistent terminology

* perf: validate once

* test: projectConfig

* refactor: explicitly use `undefined`

* refactor: reuse `ProjectConfigRecord`

* chore(deps): remove unused dependency

* style: remove extra pipe character

* refactor: rename to `projectConfigs`

* feat: flatten `projectConfig` with `match`

* refactor: correct error class names

* docs(changeset): update

* test: fix

* feat: rename to `packageConfigs`

Rename `projectConfigs` to `packageConfigs` in the workspace manifest.

The term "project config" is still used internally, because, internally,
"project" refers to workspace packages whilst "package" refers to 3rd party
packages and dependencies.

* docs(changeset): clarify `project-N`
 2025-12-21 12:01:18 +01:00
Zoltan Kochan
e46a652939 fix: the add command should not fail, when blockExoticSubdeps is true (#10327) 
close #10324
 2025-12-17 11:24:32 +01:00
klassiker
c5fbddee05 fix(git-fetcher): ensure the specified commit is used after checkout (#10310) 
* fix(git-fetcher): ensure the specified commit is used after checkout

* fix(git-resolver): always resolve to a full commit

* chore: add changeset heavy-dragons-start

* test: fix related test case

* test: fix some other test that gets stuck

* Update heavy-dragons-start.md with PR reference

Add reference to pull request #10310 for clarity.
 2025-12-17 03:26:18 +01:00
Zoltan Kochan
76718b32ad feat: create a new field for allowing/disallowing builds (#10311) 
ref #10235
 2025-12-13 22:14:27 +01:00
btea
0dfa8b862b fix: installation failed due to installation link redirection (v11) (#10286) 
* fix: installation failed due to installation link redirection

* fix: handle all different cases of redirect locations

* docs: update changesets

* refactor: implement CR suggestion

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-12 20:19:36 +01:00
Ryo Matsukawa
8b864ccc98 fix: show deprecation in outdated table/list formats (#10207) 
close #8658
 2025-12-12 17:08:06 +01:00
Randall Leeds
8385a8cff6 fix(deploy): omit inject workspace packages setting in deploy lockfiles (#10294) 
* fix(deploy): omit inject workspace packages setting in deploy lockfiles

When the deploy command creates a new lockfile, create the deployment
lockfile without the setting to inject workspace packages, because it
has already been applied when creating the lockfile and the deployment
is not, itself, a workspace.

* docs: add changesets

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-12 14:33:37 +01:00
Dasa Paddock
144d76f15f feat(pack): add support for --dry-run (#10306) 
close #10301
 2025-12-12 14:00:54 +01:00
VR
e0f0a7d85f fix: npm compat on installing redirecting tarballs (#10197) 
close #9802

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-11 11:55:02 +01:00
Minijus L
3585d9a372 fix: normalize tarball URLs by removing default HTTP/HTTPS ports (#10273) 
* fix: normalize tarball URLs by removing default HTTP/HTTPS ports

closes #6725

* feat: refactor, add test and changeset

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-11 08:04:39 +01:00
Oren
ae8b816121 feat: support blockExoticSubdeps option to disallow non-trusted dep sources in subdeps (#10265) 
* feat(core): add onlyRegistryDependencies option to disallow non-registry subdependencies

* fix: onlyRegistryDependencies=>registrySubdepsOnly

* fix: allow resolution from custom resolver

* fix: add registry-subdeps-only to types

* docs: update changesets

* refactor: registry-only

* refactor: registrySubdepsOnly=>blockExoticSubdeps

* fix: trust runtime deps

* refactor: remove comment

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-10 12:14:16 +01:00
Oren
ba065f6a8b fix(git-fetcher): block git dependencies from running prepare scripts unless allowed (#10288) 
* fix(git-fetcher): block git dependencies from running prepare scripts unless allowed

* Update exec/prepare-package/src/index.ts

Co-authored-by: Zoltan Kochan <z@kochan.io>

* Also implement in gitHostedTarballFetcher

* refactor: move allowBuild function creation to the store manager

* refactor: pass allowBuild function to fetch function directly

* refactor: revert not needed changes and update changesets

* test: fix

* fix: implemented CR suggestions

* test: fix

* test: fix

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-09 18:25:07 +01:00
Oren
98a0410aa1 fix(tarball-resolver): add integrity hash to HTTP tarball dependencies (#10287) 
* fix(tarball-resolver): add integrity hash to HTTP tarball dependencies

* Refactor to download tarball just once

* Fix tests

* fix: only calc hash when it is not passed in to the fetcher

* docs: update changesets
 2025-12-08 23:38:27 +01:00
Zoltan Kochan
2cb0657599 fix: don't fail with ERR_PNPM_MISSING_TIME on packages that are excluded from trust checks (#10292) 
* fix: don't fail with ERR_PNPM_MISSING_TIME on packages that are excluded from trust checks

close #10259

* test: add coverage for excluded packages missing time field (#10293)

* Initial plan

* test: add coverage for excluded packages missing time field

Co-authored-by: zkochan <1927579+zkochan@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: zkochan <1927579+zkochan@users.noreply.github.com>

---------

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: zkochan <1927579+zkochan@users.noreply.github.com>
 2025-12-08 15:21:25 +01:00
Aaron
fea46dc8c4 fix(publish): respect --force flag in recursive publish (#10277) 
When using 'pnpm -r publish --force', the --force flag was being
ignored. The flag was checked to determine which packages to publish,
but wasn't passed to individual publish commands.

This adds --force to the appendedArgs array so it gets passed through
to each publish call, following the same pattern as other CLI flags
like --access, --dry-run, and --otp.

close #10272
 2025-12-08 11:33:30 +01:00
Zoltan Kochan
19f36cfc39 fix: don't silently skip an optional dependency if it cannot be resolved from a mature version (#10289) 
close #10270
 2025-12-08 11:18:24 +01:00
Zoltan Kochan
05fb1aee5f fix: reporting ignored dependency builds (#10276) 2025-12-06 16:32:19 +01:00
Zoltan Kochan
4362c06005 fix: dependencies that were added to onlyBuiltDependencies should be built on install (#10256) 2025-12-02 15:31:52 +01:00
Zoltan Kochan
5f73b0f2b6 perf: always link runtimes from the global virtual store directory (#10233) 2025-12-01 14:27:18 +01:00
Trevor Burnham
38b8e357b5 feat: add custom resolvers and fetchers (#10246) 2025-11-30 14:19:04 +01:00
Khải
3aa50c8365 feat(init): --bare (#10228) 
* feat(init): fields preset

* feat: replace `init-preset` with `init-bare`

* feat: remove init-bare

close #10226

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-29 14:55:02 +01:00
Bart Riepe
7730a7f25c feat: allow loading certificates from scoped cert, ca and key (#10230) 
* feat: allow loading certificates from `cert`, `ca` and `key`

These properties are supported in .npmrc, but get ignored by pnpm, this will make pnpm read
and use them as well.

* refactor: getNetworkConfigs.ts

* docs: update changesets

* fix: issues

* docs: update changesets

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-29 11:37:57 +01:00
Zoltan Kochan
d2a7b0206f revert: "fix(self-update): respect custom registry when installing pnpm version (#10205)" 
This reverts commit d3cf00e308.
 2025-11-27 14:39:37 +01:00
btea
7cec347701 fix: WMIC is being removed (#10223) 
* fix: `WMI` is being removed

* fix: update

* fix: update

* fix: validate drive before usage

* fix: remove not needed dep

* refactor: regex

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-27 14:08:12 +01:00
Zoltan Kochan
60b5fd17ed fix: don't reimport node.js on every install (#10239) 2025-11-26 01:10:36 +01:00
Brandon Cheng
69ebe38764 fix: throw a frozen lockfile error when catalogs change (#10231) 
* fix: throw a frozen lockfile error when catalogs change

* fix: work around lockfile mismatch when installing `__fixtures__`

```
> @ step1 /home/runner/work/pnpm/pnpm/__fixtures__
> node ../pnpm/dist/pnpm.mjs install -rf --frozen-lockfile --no-shared-workspace-lockfile --no-link-workspace-packages

.                                        |  WARN  using --force I sure hope you know what you are doing
Scope: all 26 workspace projects
circular                                 | Progress: resolved 1, reused 0, downloaded 0, added 0
circular                                 |   +4 +
fixture                                  | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture                                  |  +12 +
fixture-with-no-pkg-name-and-no-version  | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture-with-no-pkg-name-and-no-version  |  +12 +
fixture-with-no-pkg-version              | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture-with-no-pkg-version              |  +12 +
circular                                 | Progress: resolved 4, reused 0, downloaded 4, added 4, done
fixture                                  | Progress: resolved 12, reused 6, downloaded 6, added 12, done
fixture-with-no-pkg-name-and-no-version  | Progress: resolved 12, reused 0, downloaded 0, added 12, done
fixture-with-no-pkg-version              | Progress: resolved 12, reused 0, downloaded 0, added 12, done
general                                  | Progress: resolved 1, reused 0, downloaded 0, added 0
general                                  |  +13 +
has-2-outdated-deps                      | Progress: resolved 1, reused 0, downloaded 0, added 0
has-2-outdated-deps                      |   +2 +
undefined
/home/runner/work/pnpm/pnpm/__fixtures__/has-outdated-deps-using-catalog-protocol:
 ERR_PNPM_LOCKFILE_CONFIG_MISMATCH  Cannot proceed with the frozen installation. The current "catalogs" configuration doesn't match the value found in the lockfile

Update your lockfile using "pnpm install --no-frozen-lockfile"
```

close #9369
 2025-11-26 01:09:37 +01:00
Zoltan Kochan
1e6de2539b fix: dependency graph hash calculation (#10236) 2025-11-25 20:36:52 +01:00
Zoltan Kochan
6f361aa3b3 fix: trustPolicy should ignore trust evidences of prerelease versions (#10227) 2025-11-24 14:53:47 +01:00
Kairui Liu
2a50b8936e fix: handle ENOENT errors in containerized environments by falling back to copy (#10218) 
* fix: linkOrCopy failed

* refactor: hard-link-dir

* docs: add changesets

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-22 16:27:15 +01:00
btea
144ce0e98b fix: improve the error messages related to trustPolicy mismatch (#10203) 
---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-22 02:35:19 +01:00
Zoltan Kochan
4893853569 perf: increase the default network concurrency on machines with many CPU cores (#10215) 
close #10068
 2025-11-21 15:29:56 +01:00
Zoltan Kochan
a5fdbf9bb3 fix: update @pnpm/npm-conf to v3.0.1 
related PR: https://github.com/pnpm/npm-conf/pull/17
 2025-11-21 01:48:20 +01:00
Zoltan Kochan
83fe533266 fix: don't silently skip an optional dependency if if fails trust policy check (#10211) 
close #10208
 2025-11-20 12:51:31 +01:00
Zoltan Kochan
98a5f1ce33 fix: node runtime is not moved to dependencies on pnpm add (#10210) 
close #10209
 2025-11-20 02:35:46 +01:00
Ryo Matsukawa
8ffb1a7f0c fix: display npm: protocol for aliased packages in list and why (#10084) 
* fix: support alias resolution in pnpm why with npm:
protocol

* refactor: make alias required instead of optional

* refactor: reorder field to put alias first
 2025-11-20 01:08:53 +01:00
silentip404
d3cf00e308 fix(self-update): respect custom registry when installing pnpm version (#10205) 
* fix(self-update): respect custom registry when installing pnpm version

When managePackageManagerVersions is enabled and a custom registry is
configured in .npmrc, pnpm was attempting to auto-install the specified
version from registry.npmjs.org instead of respecting the user's custom
registry configuration.

This happens because installPnpmToTools runs in a temporary directory
outside the project, which doesn't automatically pick up the project's
.npmrc configuration. The fix explicitly passes the registry configuration
from opts.registries.default or opts.rawConfig.registry to the pnpm add
command via the --config.registry flag.

* refactor: self-update

* Update .changeset/cold-buckets-crash.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-19 22:43:32 +01:00
Tmk
499ef22bd5 fix: remove redundant mirror slash (#10204) 2025-11-19 21:46:03 +01:00
Ryo Matsukawa
b51bb42da5 feat!: support lowercase options in pnpm add (-d, -p, -o, -e) (#10079) 
close #9197
 2025-11-17 23:52:11 +01:00
Zoltan Kochan
09bb8dbd8c fix: store prune should not fail if the store contains Node.js (#10193) 
close #10131
 2025-11-17 23:45:48 +01:00
Ryo Matsukawa
2464485700 feat: add --lockfile-only option to pnpm list (#10066) 
close #10020

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-17 16:57:29 +01:00
Brandon Cheng
a0e3a21a93 fix: use esm import for @pnpm/patch-package in @pnpm/apply-patch (#10191) 2025-11-16 23:35:25 +01:00
Zoltan Kochan
46f10165ed fix: self-update should not install @pnpm/exe >= 11 (#10190) 2025-11-14 15:19:36 +01:00