mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-06-14 03:15:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
10,192 Commits 113 Branches 1,925 Tags
595cd414f8a3277f91c8a50b957313edb4e59f78
Commit Graph

10192 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Zoltan Kochan
595cd414f8 revert: "fix: allow pnpm run -r to work with empty pnpm-workspace.yaml (#10578) 
* revert: "fix: allow pnpm `run -r` to work with empty pnpm-workspace.yaml (#10520)"

This reverts commit f1cb40c4e1.

* revert: "test: fix"

This reverts commit 1dbbffb6ad.

* docs: add changeset

close #10571
 2026-02-09 02:21:46 +01:00
Zoltan Kochan
046c693a0b chore(release): 10.29.1 v10.29.1 2026-02-07 18:56:46 +01:00
Zoltan Kochan
607c2a603d fix: force isexe version that supports Node.js 18 2026-02-07 18:56:10 +01:00
Zoltan Kochan
11202fc1ed chore(release): 10.29.0 v10.29.0 2026-02-07 17:51:43 +01:00
Zoltan Kochan
f3cdd01238 chore: update pnpm 2026-02-07 16:49:51 +01:00
Zoltan Kochan
9b59a83cf4 fix: compile 2026-02-07 16:49:29 +01:00
Zoltan Kochan
6f61c615f7 fix: ignore vulnerability in dev dep 2026-02-07 02:23:40 +01:00
Zoltan Kochan
e364a73408 fix: update tar 2026-02-07 02:22:48 +01:00
Zoltan Kochan
08f28daebd fix: pnpm help should correctly show if pnpm is bundled with Node.js (#10563) 
close #10561
 2026-02-07 02:10:23 +01:00
Zoltan Kochan
901750fb3f test: fix 2026-02-07 00:50:41 +01:00
Zoltan Kochan
1dbbffb6ad test: fix 2026-02-07 00:07:00 +01:00
Zoltan Kochan
a68f8cfc0f test: fix 2026-02-06 21:57:46 +01:00
Zoltan Kochan
72fd99c6dc test: fix 2026-02-06 21:32:51 +01:00
Zoltan Kochan
c03fc464f1 style: fix 2026-02-06 21:14:29 +01:00
Zoltan Kochan
789b6de5e1 fix: compile 2026-02-06 21:00:34 +01:00
btea
7d8be9f1e9 feat: support auditLevel (#10554) 
* feat: support `auditLevel`

* refactor: auditLevel

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2026-02-06 20:32:20 +01:00
Ryo Matsukawa
22eaf9b50e fix(audit): respect --audit-level in JSON output (#10547) 
* fix(audit): respect --audit-level in JSON output

* refactor: audit

* docs: fix changeset

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2026-02-06 20:21:17 +01:00
Luca Casonato
e18eaf0fc0 fix: exit with signal code when inner pnpm fails (#10549) 
close #10548
 2026-02-06 20:21:11 +01:00
Alessio Attilio
7adf26b017 fix: skip local file: protocol dependencies during pnpm fetch (#10514) 
This fixes an issue where pnpm fetch would fail in Docker builds when
local directory dependencies (file: protocol) were not available.

The fix adds an ignoreLocalPackages option that is passed from the fetch
command to skip local dependencies during graph building, since pnpm
fetch only downloads packages from the registry and doesn't need local
packages that won't be available in Docker builds.

close #10460
 2026-02-06 20:21:04 +01:00
Ryo Matsukawa
f1cb40c4e1 fix: allow pnpm run -r to work with empty pnpm-workspace.yaml (#10520) 
close #10497
 2026-02-06 20:20:55 +01:00
btea
8887218d97 fix: remove the prefix for view version info (#10498) 2026-02-06 20:20:48 +01:00
이종혁
b37a6ee9bc fix(plugin-commands-store): support relative storeDir in store commands (#10490) 
close #10290

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2026-02-06 20:20:40 +01:00
Dennis Chen
a57ba4edee fix: warn when directory contains PATH delimiter character (#10487) 
* fix: warn when directory contains PATH delimiter character

Add a warning when the current directory contains the PATH delimiter
character (colon on macOS/Linux, semicolon on Windows). On macOS,
folder names containing forward slashes (/) appear as colons (:) at
the Unix layer. Since colons are PATH separators in POSIX systems,
this breaks PATH injection for node_modules/.bin.

close #10457

* test: add tests for PATH delimiter warning

- Test warning is emitted when directory contains delimiter
- Test no warning for normal directories
 2026-02-06 20:20:30 +01:00
Zoltan Kochan
9821d2d0c8 perf: save node_modules/.modules.yaml in JSON format (#10406) 2026-02-06 20:12:18 +01:00
Alessio Attilio
4471eb801f fix: preserve reference overrides in pnpm audit --fix (#10478) 
close #10325

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2026-02-06 20:10:43 +01:00
Ryo Matsukawa
7f18264751 fix: shamefullyHoist set via updateConfig in .pnpmfile.cjs (#10519) 
* fix: `shamefullyHoist` set via `updateConfig` in `.pnpmfile.cjs`

* refactor: consolidate derived config processing to cli-utils

Move shamefullyHoist → publicHoistPattern conversion from
config/config to cli-utils/getConfig.ts as suggested in review.

* test(config): update tests for derived config processing move

* refactor: move applyDerivedConfig to cli-utils

* refactor: move applyDerivedConfig to cli-utils

* test: use unit test for hoist: false in cli-utils

* revert: not needed changes

close #10271
 2026-02-06 20:08:26 +01:00
Lucas Gomes Santana
9bfa53d131 fix(deps): update tar version to 7.5.7 to fix security vulnerability (pnpm#10530) (#10539) 
close #10530
 2026-02-06 20:07:15 +01:00
Diogo Correia
b2347e75db fix(worker): inconsistent store structure due to race condition (#10536) 
close #10535
 2026-02-06 20:02:59 +01:00
Chanakya Sinde
e82fdb3d31 docs: fix grammar and use HTTPS links in Code of Conduct (#10523) 2026-02-06 20:02:51 +01:00
btea
25ed567b66 feat: support check more invalid workspace file (#10319) 
close #10313

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2026-02-06 20:02:45 +01:00
Ryo Matsukawa
9b0c33c522 fix(list): correct dependency paths with global virtual store (#10375) 
* fix(list): correct dependency paths with global virtual store

* fix: global virtual store path

* fix: test

* fix: symlink resolution should only apply to top-level dependencies

* fix: resolve subdependency paths with global virtual store

* fix(list): resolve correct paths with global virtual store

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2026-02-06 20:02:28 +01:00
Alessio Attilio
43d44c8d03 fix: prevent catalog: from leaking into pnpm-workspace.yaml (#10476) 
close #10176
 2026-02-06 20:02:20 +01:00
Maikel van Dort
6065d2e196 feat: dlx timeout & retry (#10512) 2026-02-06 20:02:11 +01:00
Brandon Cheng
0366516a76 fix: check updateSpec correctly when updating catalog snapshots (#10513) 2026-02-06 20:02:03 +01:00
Maikel van Dort
31acd866a9 docs: add codeblock highlight (#10510) 2026-02-06 20:01:52 +01:00
Yeom
f249b16185 fix(workspace.manifest-writer): preserve formatting in pnpm-workspace.yaml when updating catalogs (#10430) 
* fix(workspace.manifest-writer): preserve yaml formatting in pnpm-workspace.yaml

Ensure that the original formatting (quotes, etc.) in pnpm-workspace.yaml
is preserved when running commands like \`pnpm update\`.

Close #10425

* docs: add changeset

* fix(workspace/manifest-writer): restore formats

* test: manifest writer preservers quotes in catalogs

* fix(workspace.manifest-writer): only update catalog when values change

* fix: remove redundant code

* test: adding catalog

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2026-02-06 20:01:38 +01:00
Maikel van Dort
69dc1bf336 feat: add support for catalogs with dlx (#10434) 
* feat: add support for catalogs with dlx

* fix: feedback

* Update .changeset/curly-dryers-jam.md

Co-authored-by: Brandon Cheng <gluxon@users.noreply.github.com>

* Update .changeset/curly-dryers-jam.md

Close #10249

Co-authored-by: Brandon Cheng <gluxon@users.noreply.github.com>

---------

Co-authored-by: Brandon Cheng <gluxon@users.noreply.github.com>
 2026-02-06 20:01:26 +01:00
Shunta Takemoto
ed87c99359 feat: treat bare workspace: protocol as workspace:* (#10436) 
* feat: treat bare `workspace:` protocol as `workspace:*`

* chore: add chageset

* test(exportable-manifest): add test for `workspace` with explicit versions

* test: add tests and update changesets

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2026-02-06 20:00:43 +01:00
Trevor Burnham
5c7ee66fd5 fix(completion): correct documentation URL in help output (#10511) 
The completion command's help text was showing a URL that redirects to a 404 page
(https://pnpm.io/10.x/cli/completion\). This changes it to the correct URL
(https://pnpm.io/completion\) where the documentation actually exists.

close #10281
 2026-02-06 19:58:05 +01:00
Zoltan Kochan
89a2c4ec38 chore(release): 10.28.2 v10.28.2 2026-01-26 15:17:27 +01:00
Zoltan Kochan
506cb95d69 test: fix 2026-01-26 14:33:20 +01:00
Zoltan Kochan
2220fe95c0 test: fix 2026-01-26 13:47:24 +01:00
3w36zj6
a484cea3f2 fix(npm-resolver): request full metadata for optional dependencies (#10455) 
close #9950

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2026-01-26 01:28:47 +01:00
Zoltan Kochan
c90837083c test: fix 2026-01-23 01:09:46 +01:00
Zoltan Kochan
98a4a31ac2 test: fix 2026-01-22 21:51:14 +01:00
Zoltan Kochan
1ea0d7c6ea fix: compile 2026-01-21 22:59:43 +01:00
Zoltan Kochan
788bae16d3 test: fix 2026-01-21 16:13:36 +01:00
Zoltan Kochan
17432ad5bb fix: prevent path traversal in directories.bin (#10495) 
by validating the bin directory is a subdirectory of the package root and adding relevant tests.
 2026-01-21 15:54:44 +01:00
Zoltan Kochan
b277b45bc3 fix: skip symlinks pointing outside package root in git and file deps (#10493) 2026-01-21 15:54:06 +01:00
Zoltan Kochan
4e15d8c56c chore: update pnpm 2026-01-19 12:39:21 +01:00