mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2025-12-23 23:29:17 -05:00
Code Issues Packages Projects Releases Wiki Activity
10,177 Commits 304 Branches 1,830 Tags
main
Commit Graph

10177 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Khải
3aa50c8365 feat(init): --bare (#10228) 
* feat(init): fields preset

* feat: replace `init-preset` with `init-bare`

* feat: remove init-bare

close #10226

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-29 14:55:02 +01:00
Bart Riepe
7730a7f25c feat: allow loading certificates from scoped cert, ca and key (#10230) 
* feat: allow loading certificates from `cert`, `ca` and `key`

These properties are supported in .npmrc, but get ignored by pnpm, this will make pnpm read
and use them as well.

* refactor: getNetworkConfigs.ts

* docs: update changesets

* fix: issues

* docs: update changesets

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-29 11:37:57 +01:00
Zoltan Kochan
49c1b9c10e feat(default-reporter): using custom instruction for builds approval 2025-11-28 13:12:14 +01:00
Trevor Burnham
9620df2789 fix: add CommonJS shims for compatibility with older Corepack versions (#10245) 
close #10242
 2025-11-27 18:18:55 +01:00
Zoltan Kochan
d2a7b0206f revert: "fix(self-update): respect custom registry when installing pnpm version (#10205)" 
This reverts commit d3cf00e308.
 2025-11-27 14:39:37 +01:00
btea
7cec347701 fix: WMIC is being removed (#10223) 
* fix: `WMI` is being removed

* fix: update

* fix: update

* fix: validate drive before usage

* fix: remove not needed dep

* refactor: regex

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-27 14:08:12 +01:00
Zoltan Kochan
60b5fd17ed fix: don't reimport node.js on every install (#10239) 2025-11-26 01:10:36 +01:00
Brandon Cheng
69ebe38764 fix: throw a frozen lockfile error when catalogs change (#10231) 
* fix: throw a frozen lockfile error when catalogs change

* fix: work around lockfile mismatch when installing `__fixtures__`

```
> @ step1 /home/runner/work/pnpm/pnpm/__fixtures__
> node ../pnpm/dist/pnpm.mjs install -rf --frozen-lockfile --no-shared-workspace-lockfile --no-link-workspace-packages

.                                        |  WARN  using --force I sure hope you know what you are doing
Scope: all 26 workspace projects
circular                                 | Progress: resolved 1, reused 0, downloaded 0, added 0
circular                                 |   +4 +
fixture                                  | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture                                  |  +12 +
fixture-with-no-pkg-name-and-no-version  | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture-with-no-pkg-name-and-no-version  |  +12 +
fixture-with-no-pkg-version              | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture-with-no-pkg-version              |  +12 +
circular                                 | Progress: resolved 4, reused 0, downloaded 4, added 4, done
fixture                                  | Progress: resolved 12, reused 6, downloaded 6, added 12, done
fixture-with-no-pkg-name-and-no-version  | Progress: resolved 12, reused 0, downloaded 0, added 12, done
fixture-with-no-pkg-version              | Progress: resolved 12, reused 0, downloaded 0, added 12, done
general                                  | Progress: resolved 1, reused 0, downloaded 0, added 0
general                                  |  +13 +
has-2-outdated-deps                      | Progress: resolved 1, reused 0, downloaded 0, added 0
has-2-outdated-deps                      |   +2 +
undefined
/home/runner/work/pnpm/pnpm/__fixtures__/has-outdated-deps-using-catalog-protocol:
 ERR_PNPM_LOCKFILE_CONFIG_MISMATCH  Cannot proceed with the frozen installation. The current "catalogs" configuration doesn't match the value found in the lockfile

Update your lockfile using "pnpm install --no-frozen-lockfile"
```

close #9369
 2025-11-26 01:09:37 +01:00
Zoltan Kochan
1e6de2539b fix: dependency graph hash calculation (#10236) 2025-11-25 20:36:52 +01:00
Zoltan Kochan
306d161ccb chore: fix audit error 2025-11-25 17:03:54 +01:00
dependabot[bot]
ad0cfad1b8 chore(deps): bump the github-actions group across 1 directory with 2 updates (#10229) 
Bumps the github-actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](08c6903cd8...1af3b93b68)

Updates `github/codeql-action` from 4.31.2 to 4.31.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0499de31b9...fdbfb4d275)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.31.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-24 15:02:57 +01:00
Zoltan Kochan
6f361aa3b3 fix: trustPolicy should ignore trust evidences of prerelease versions (#10227) 2025-11-24 14:53:47 +01:00
Kairui Liu
2a50b8936e fix: handle ENOENT errors in containerized environments by falling back to copy (#10218) 
* fix: linkOrCopy failed

* refactor: hard-link-dir

* docs: add changesets

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-22 16:27:15 +01:00
btea
144ce0e98b fix: improve the error messages related to trustPolicy mismatch (#10203) 
---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-22 02:35:19 +01:00
Matt Kantor
df1af144aa docs: fix usage example in @pnpm/read-package-json README (#10219) 
This module has no default export.
 2025-11-22 02:29:10 +01:00
Zoltan Kochan
4893853569 perf: increase the default network concurrency on machines with many CPU cores (#10215) 
close #10068
 2025-11-21 15:29:56 +01:00
Zoltan Kochan
a5fdbf9bb3 fix: update @pnpm/npm-conf to v3.0.1 
related PR: https://github.com/pnpm/npm-conf/pull/17
 2025-11-21 01:48:20 +01:00
Zoltan Kochan
b5722a2b39 ci: increase timeout limits 2025-11-20 16:26:48 +01:00
Zoltan Kochan
404a0793f5 ci: don't use standalone pnpm exe 2025-11-20 15:31:14 +01:00
Zoltan Kochan
c7dd46580e chore: update pnpm to v11 2025-11-20 15:25:06 +01:00
Zoltan Kochan
83fe533266 fix: don't silently skip an optional dependency if if fails trust policy check (#10211) 
close #10208
 2025-11-20 12:51:31 +01:00
Zoltan Kochan
98a5f1ce33 fix: node runtime is not moved to dependencies on pnpm add (#10210) 
close #10209
 2025-11-20 02:35:46 +01:00
Ryo Matsukawa
8ffb1a7f0c fix: display npm: protocol for aliased packages in list and why (#10084) 
* fix: support alias resolution in pnpm why with npm:
protocol

* refactor: make alias required instead of optional

* refactor: reorder field to put alias first
 2025-11-20 01:08:53 +01:00
silentip404
d3cf00e308 fix(self-update): respect custom registry when installing pnpm version (#10205) 
* fix(self-update): respect custom registry when installing pnpm version

When managePackageManagerVersions is enabled and a custom registry is
configured in .npmrc, pnpm was attempting to auto-install the specified
version from registry.npmjs.org instead of respecting the user's custom
registry configuration.

This happens because installPnpmToTools runs in a temporary directory
outside the project, which doesn't automatically pick up the project's
.npmrc configuration. The fix explicitly passes the registry configuration
from opts.registries.default or opts.rawConfig.registry to the pnpm add
command via the --config.registry flag.

* refactor: self-update

* Update .changeset/cold-buckets-crash.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-19 22:43:32 +01:00
Tmk
499ef22bd5 fix: remove redundant mirror slash (#10204) 2025-11-19 21:46:03 +01:00
Zoltan Kochan
60f3a05064 fix: js-yaml version 2025-11-18 14:59:20 +01:00
btea
734420ce01 fix: audit (#10198) 
* fix: audit

* fix: use safer range

* fix: don't remove our fork of js-yaml

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-18 11:42:28 +01:00
btea
f80ae03f60 refactor: add createPackageVersionPolicyByExclude (#10194) 2025-11-18 00:59:15 +01:00
Ryo Matsukawa
b51bb42da5 feat!: support lowercase options in pnpm add (-d, -p, -o, -e) (#10079) 
close #9197
 2025-11-17 23:52:11 +01:00
Zoltan Kochan
09bb8dbd8c fix: store prune should not fail if the store contains Node.js (#10193) 
close #10131
 2025-11-17 23:45:48 +01:00
Ryo Matsukawa
2464485700 feat: add --lockfile-only option to pnpm list (#10066) 
close #10020

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-17 16:57:29 +01:00
Brandon Cheng
a0e3a21a93 fix: use esm import for @pnpm/patch-package in @pnpm/apply-patch (#10191) 2025-11-16 23:35:25 +01:00
Brandon Cheng
23b139a10f chore: ignore GHSA-mh29-5h37-fv8m (#10192) 
https://github.com/changesets/changesets/issues/1762
 2025-11-16 22:21:41 +01:00
Zoltan Kochan
46f10165ed fix: self-update should not install @pnpm/exe >= 11 (#10190) 2025-11-14 15:19:36 +01:00
btea
4e64267d08 chore: add unrs-resolver to onlyBuiltDependencies (#10184) 2025-11-13 22:18:07 +01:00
Zoltan Kochan
2fe74dac98 chore(release): 11.0.0-alpha.1 v11.0.0-alpha.1 2025-11-13 18:19:57 +01:00
Zoltan Kochan
f5f9f4ec6e chore: don't crash if some artifacts are not found v11.0.0-alpha.0 2025-11-13 17:10:07 +01:00
Zoltan Kochan
e18840d279 fix: update publish-packed 2025-11-13 17:08:13 +01:00
Zoltan Kochan
d3ce6e8985 ci: run Node.js 24 in the release action 2025-11-13 16:21:52 +01:00
Zoltan Kochan
7e2910e70f chore(release): 11.0.0-alpha.0 2025-11-13 15:44:27 +01:00
Zoltan Kochan
b57e08bd2d docs: fix changeset 2025-11-13 15:20:12 +01:00
Zoltan Kochan
2da49df476 chore: fix lockfile 2025-11-12 15:54:27 +01:00
Zoltan Kochan
575528e09d chore: update pnpm 2025-11-12 15:04:15 +01:00
Zoltan Kochan
0fd53e10bd fix: concurrently hard linking a directory (#10181) 
close #10179
 2025-11-12 14:07:18 +01:00
Zoltan Kochan
ba70035691 fix: update parse-npm-tarball-url to v4 (#10182) 
close #10175
 2025-11-12 14:06:56 +01:00
Zoltan Kochan
ec973ea8a2 ci: checkout a known good commit of ldid 2025-11-11 23:09:18 +01:00
Zoltan Kochan
3ad031d787 fix: compile 2025-11-11 13:05:57 +01:00
Ryo Matsukawa
9d3f00b09a feat: add support for trustPolicyExclude (#10168) 
close #10164
 2025-11-11 13:00:20 +01:00
Khải
075aa993bb feat(config): global yaml (#10145) 
* feat(config): global `rc.yaml`

* fix: undefined `rawConfig`

* test: add a test

* feat: re-export `isSupportedNpmConfig`

* feat: return `'compat'` to distinguish compatibility reason

* docs: `isSupportedNpmConfig`

* fix: eslint

* docs: clarify the case of the config key

* feat(cli/config/set): target yaml for pnpm-specific settings

* fix: read the correct file

* fix: write to the correct directory

* refactor: remove disabled code

* refactor: get `configDir` directly

* docs: remove outdated documentation

* test: fix a test

* test: rename

* fix: explicitly tell npm the config file path

* test: add a test

* test: add a test

* test: fix a test

* fix: local config dir

* fix: `managingAuthSettings`

* test: rename

* test: fix

* test: add a test

* test: demonstrate choosing config files

* test: fix

* docs: yet another consideration

* test: demonstrate choosing config files

* fix: correct local config file names in test helper

* test: demonstrate choosing config files

* test: use the helper

* test: add a test

* test: correct a test

* test: fix

* test: fix

* fix: eslint

* test: remove duplicate

* feat: validate `rc.yaml`

* docs: changeset

* test: fix `configDelete.test.ts`

* feat: other `npm` call-sites

* fix: make optional again

* feat: remove the change from `publish`

* fix: eslint

* refactor: just one is sufficient

* refactor: replace type union with 3 functions

* refactor(test): extract helper functions

* fix: add `rc.yaml` to `rawConfig`

* test: keep workspace settings out of `rc.yaml`

* test: fix `spawn ENOENT`

* chore(git): revert invalid change

This reverts commit 1ff6fe2323.

* feat: rename `rc.yaml` to `config.yaml`

* refactor: replace `acceptNonRc` with `!globalSettingsOnly`

* feat!: remove compat completely

* refactor: rename a function

* fix: no actual catalogs

* refactor: replace bool flag with preemptive filter

* feat!: filter global config keys

* test: fix

* fix: exclude `deploy-all-files`

* fix: reverse schema merge order

* feat(cli/config/set): validate global config yaml key

* test: remove duplicated assertion

* docs: correct

* docs: goal changed
 2025-11-11 11:24:06 +01:00
Zoltan Kochan
f03b9ecf4e feat: support engines in publishConfig (#10169) 2025-11-11 01:18:23 +01:00