mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2025-12-23 23:29:17 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,177 Commits 304 Branches 1,830 Tags
main
Commit Graph

923 Commits

Author SHA1 Message Date
Zoltan Kochan
3bf5e218a6 fix: linking commands of engines (#10354) 
close #10244
 2025-12-23 12:26:59 +01:00
Zoltan Kochan
01760da877 fix(git-resolver): installing git-hosted dependency using annotated tags (#10349) 
close #10335
 2025-12-22 23:05:40 +01:00
月正海角
a297ebc9f6 feat: improve error message for versions not meeting minimumReleaseAge (#10350) 
close #10307
 2025-12-22 17:28:52 +01:00
btea
4015eeb8e9 chore: replace write-pkg with write-package (#10351) 2025-12-22 16:21:30 +01:00
btea
ac4c9f4b96 fix: install absolute path pkg failed (#9888) 2025-12-22 14:57:45 +01:00
Khải
90bd3c31f8 feat(config)!: project-specific packageConfigs (#10304) 
* feat(config)!: project level `config.yaml`

* test: fix

* refactor: shorten some names

* docs(changeset): change wording

* feat: move project settings to pnpm-workspace.yaml

* test: remove unneeded fixture

* docs(changeset): correct

* refactor: replace validation with creation

* docs: consistent terminology

* perf: validate once

* test: projectConfig

* refactor: explicitly use `undefined`

* refactor: reuse `ProjectConfigRecord`

* chore(deps): remove unused dependency

* style: remove extra pipe character

* refactor: rename to `projectConfigs`

* feat: flatten `projectConfig` with `match`

* refactor: correct error class names

* docs(changeset): update

* test: fix

* feat: rename to `packageConfigs`

Rename `projectConfigs` to `packageConfigs` in the workspace manifest.

The term "project config" is still used internally, because, internally,
"project" refers to workspace packages whilst "package" refers to 3rd party
packages and dependencies.

* docs(changeset): clarify `project-N`
 2025-12-21 12:01:18 +01:00
Trevor Burnham
8b5dcaac4d feat: provide wantedLockfile to shouldForceResolve (#10330) 2025-12-19 01:41:10 +01:00
Zoltan Kochan
e46a652939 fix: the add command should not fail, when blockExoticSubdeps is true (#10327) 
close #10324
 2025-12-17 11:24:32 +01:00
klassiker
c5fbddee05 fix(git-fetcher): ensure the specified commit is used after checkout (#10310) 
* fix(git-fetcher): ensure the specified commit is used after checkout

* fix(git-resolver): always resolve to a full commit

* chore: add changeset heavy-dragons-start

* test: fix related test case

* test: fix some other test that gets stuck

* Update heavy-dragons-start.md with PR reference

Add reference to pull request #10310 for clarity.
 2025-12-17 03:26:18 +01:00
Zoltan Kochan
0048667db4 refactor: use Maps instead of Records (#10312) 2025-12-15 11:48:19 +01:00
Zoltan Kochan
9fa3b6bc6b fix: validate that Object methods are not used on Maps (#10314) 2025-12-14 13:14:39 +01:00
Oren
ae8b816121 feat: support blockExoticSubdeps option to disallow non-trusted dep sources in subdeps (#10265) 
* feat(core): add onlyRegistryDependencies option to disallow non-registry subdependencies

* fix: onlyRegistryDependencies=>registrySubdepsOnly

* fix: allow resolution from custom resolver

* fix: add registry-subdeps-only to types

* docs: update changesets

* refactor: registry-only

* refactor: registrySubdepsOnly=>blockExoticSubdeps

* fix: trust runtime deps

* refactor: remove comment

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-10 12:14:16 +01:00
Oren
ba065f6a8b fix(git-fetcher): block git dependencies from running prepare scripts unless allowed (#10288) 
* fix(git-fetcher): block git dependencies from running prepare scripts unless allowed

* Update exec/prepare-package/src/index.ts

Co-authored-by: Zoltan Kochan <z@kochan.io>

* Also implement in gitHostedTarballFetcher

* refactor: move allowBuild function creation to the store manager

* refactor: pass allowBuild function to fetch function directly

* refactor: revert not needed changes and update changesets

* test: fix

* fix: implemented CR suggestions

* test: fix

* test: fix

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-09 18:25:07 +01:00
Oren
98a0410aa1 fix(tarball-resolver): add integrity hash to HTTP tarball dependencies (#10287) 
* fix(tarball-resolver): add integrity hash to HTTP tarball dependencies

* Refactor to download tarball just once

* Fix tests

* fix: only calc hash when it is not passed in to the fetcher

* docs: update changesets
 2025-12-08 23:38:27 +01:00
Zoltan Kochan
19f36cfc39 fix: don't silently skip an optional dependency if it cannot be resolved from a mature version (#10289) 
close #10270
 2025-12-08 11:18:24 +01:00
Zoltan Kochan
05fb1aee5f fix: reporting ignored dependency builds (#10276) 2025-12-06 16:32:19 +01:00
Zoltan Kochan
4362c06005 fix: dependencies that were added to onlyBuiltDependencies should be built on install (#10256) 2025-12-02 15:31:52 +01:00
Zoltan Kochan
5f73b0f2b6 perf: always link runtimes from the global virtual store directory (#10233) 2025-12-01 14:27:18 +01:00
Trevor Burnham
38b8e357b5 feat: add custom resolvers and fetchers (#10246) 2025-11-30 14:19:04 +01:00
Brandon Cheng
69ebe38764 fix: throw a frozen lockfile error when catalogs change (#10231) 
* fix: throw a frozen lockfile error when catalogs change

* fix: work around lockfile mismatch when installing `__fixtures__`

```
> @ step1 /home/runner/work/pnpm/pnpm/__fixtures__
> node ../pnpm/dist/pnpm.mjs install -rf --frozen-lockfile --no-shared-workspace-lockfile --no-link-workspace-packages

.                                        |  WARN  using --force I sure hope you know what you are doing
Scope: all 26 workspace projects
circular                                 | Progress: resolved 1, reused 0, downloaded 0, added 0
circular                                 |   +4 +
fixture                                  | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture                                  |  +12 +
fixture-with-no-pkg-name-and-no-version  | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture-with-no-pkg-name-and-no-version  |  +12 +
fixture-with-no-pkg-version              | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture-with-no-pkg-version              |  +12 +
circular                                 | Progress: resolved 4, reused 0, downloaded 4, added 4, done
fixture                                  | Progress: resolved 12, reused 6, downloaded 6, added 12, done
fixture-with-no-pkg-name-and-no-version  | Progress: resolved 12, reused 0, downloaded 0, added 12, done
fixture-with-no-pkg-version              | Progress: resolved 12, reused 0, downloaded 0, added 12, done
general                                  | Progress: resolved 1, reused 0, downloaded 0, added 0
general                                  |  +13 +
has-2-outdated-deps                      | Progress: resolved 1, reused 0, downloaded 0, added 0
has-2-outdated-deps                      |   +2 +
undefined
/home/runner/work/pnpm/pnpm/__fixtures__/has-outdated-deps-using-catalog-protocol:
 ERR_PNPM_LOCKFILE_CONFIG_MISMATCH  Cannot proceed with the frozen installation. The current "catalogs" configuration doesn't match the value found in the lockfile

Update your lockfile using "pnpm install --no-frozen-lockfile"
```

close #9369
 2025-11-26 01:09:37 +01:00
Zoltan Kochan
4893853569 perf: increase the default network concurrency on machines with many CPU cores (#10215) 
close #10068
 2025-11-21 15:29:56 +01:00
Zoltan Kochan
83fe533266 fix: don't silently skip an optional dependency if if fails trust policy check (#10211) 
close #10208
 2025-11-20 12:51:31 +01:00
btea
f80ae03f60 refactor: add createPackageVersionPolicyByExclude (#10194) 2025-11-18 00:59:15 +01:00
Ryo Matsukawa
b51bb42da5 feat!: support lowercase options in pnpm add (-d, -p, -o, -e) (#10079) 
close #9197
 2025-11-17 23:52:11 +01:00
Zoltan Kochan
7e2910e70f chore(release): 11.0.0-alpha.0 2025-11-13 15:44:27 +01:00
Ryo Matsukawa
9d3f00b09a feat: add support for trustPolicyExclude (#10168) 
close #10164
 2025-11-11 13:00:20 +01:00
Ryo Matsukawa
10bc39152e feat: add support for npm package trust evidence check via a new trustPolicy setting (#10103) 
close #8889

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-09 23:23:58 +01:00
btea
cbdc1067cc refactor: replace deprecated method (#10075) 2025-11-09 11:23:24 +01:00
Trevor Burnham
0b5ccc9238 fix(update): prevent package.json updates when updating indirect dependencies (#5118) (#10155) 
close #5118
 2025-11-06 15:13:51 +01:00
Zoltan Kochan
9b344c8982 perf: use v8 serialize/deserialize instead of JSON (#9971) 
close #9965
 2025-11-06 01:01:06 +01:00
Zoltan Kochan
efb48dcab5 feat: install js runtime as prod dependency (#10141) 2025-10-31 17:12:50 +01:00
Zoltan Kochan
3ce5f82bd7 Merge remote-tracking branch 'origin/main' into v11 2025-10-28 18:40:05 +01:00
Zoltan Kochan
49f03d14ee chore(release): 10.20.0 2025-10-28 17:35:21 +01:00
Zoltan Kochan
dab9abef5c Merge remote-tracking branch 'origin/main' into v11 2025-10-24 14:19:07 +02:00
Zoltan Kochan
d9bcd616ea chore(release): 10.19.1-oidc-test.3 2025-10-24 01:36:02 +02:00
Zoltan Kochan
0cde1287c8 chore: update repository fields 2025-10-23 11:57:12 +02:00
Zoltan Kochan
e5ac91fa67 chore(release): 10.19.1-oidc-test.0 2025-10-23 10:30:03 +02:00
Zoltan Kochan
43d7b18c2f chore(release): 10.19.0 2025-10-21 15:30:20 +02:00
Zoltan Kochan
dee39ecb8a feat: support allowing the build of specific versions of dependencies (#10104) 
close #10076
 2025-10-21 12:38:16 +02:00
Ryo Matsukawa
7c1382f7b7 feat: add support for exact versions in minimumReleaseAgeExclude (#10059) 
close #9985

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-10-18 11:10:08 +02:00
Zoltan Kochan
1bfc105da0 chore(release): 10.18.3 2025-10-14 11:27:45 +02:00
Ryo Matsukawa
9c65b96f2c fix: preserve version and hasBin for variations packages (#10065) 
close #10022
 2025-10-13 10:00:56 +02:00
Ryo Matsukawa
a8797c4e59 fix: handle EISDIR error when bin field points to directory (#10080) 
close #9441
 2025-10-13 10:00:06 +02:00
Zoltan Kochan
a43166624e Merge remote-tracking branch 'origin/main' into v11 2025-10-10 10:01:19 +02:00
Zoltan Kochan
e146e988ea feat: loading ESM pnpmfiles (#9730) 2025-10-10 09:50:21 +02:00
Zoltan Kochan
1b15e45ae9 chore(release): 10.18.2 2025-10-09 16:56:04 +02:00
Zoltan Kochan
651a27aea4 chore(release): 10.18.1 2025-10-06 14:13:59 +02:00
Brandon Cheng
a004e37db7 fix: only show save catalog skip warning when using pnpm add (#10041) 
close #9662
 2025-10-06 14:03:11 +02:00
Zoltan Kochan
c5e895f657 fix: don't print a warning when --lockfile-only is used (#10044) 
close #8320
 2025-10-05 02:28:26 +02:00
Zoltan Kochan
bdbd31aa4f chore(release): 10.18.0 2025-10-02 16:36:27 +02:00