mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-03-30 21:11:55 -04:00
Code Issues Packages Projects Releases Wiki Activity
10,275 Commits 376 Branches 1,869 Tags
7b1c189f2eb0a555aed06cd2d7cb552eb73f7aa4
Commit Graph

225 Commits

Author SHA1 Message Date
Johan Quan Vo
7b1c189f2e feat!: remove deprecated patch options (#10505) 
* refactor: remove allowNonAppliedPatches

* refactor: remove ignorePatchFailures

* refactor: remove `strict` field in groupPatchedDependencies

* test: update test failure in package patching

* test: fix

* docs: update changesets

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2026-01-27 17:08:45 +01:00
Zoltan Kochan
3c40892b90 feat!: remove old way of declaring node.js in dependencies (#10507) 2026-01-25 16:07:30 +01:00
Zoltan Kochan
e3b35b6f37 style: update eslint to v9 (#10474) 2026-01-17 12:01:23 +01:00
Trevor Burnham
e0aa058cf3 feat: pass pkgSnapshot to shouldForceResolve (#10449) 
* feat: pass pkgSnapshot to shouldForceResolve

The shouldForceResolve hook now receives:
- depPath: The dependency path (e.g., 'lodash@4.17.21')
- pkgSnapshot: The lockfile entry with resolution, dependencies, etc.

This replaces the previous wantedDependency argument, which was inconsistent
with how wantedDependency is constructed for the resolve() method (where it
contains the user's alias and full specifier from package.json).
 2026-01-14 21:57:39 +01:00
Trevor Burnham
41664e83f5 feat: pass currentPkg to custom resolvers (#10440) 
- Add currentPkg (with name/version) to custom resolver ResolveOptions
- Pass currentPkg through to custom resolvers in default-resolver
- Simplify checkCustomResolverForceResolve to use parseDepPath
 2026-01-12 21:04:38 +01:00
Zoltan Kochan
8a8a51c394 perf: don't calculate package file paths in the store twice (#10428) 2026-01-12 15:58:25 +01:00
Zoltan Kochan
8b4bdf9a83 refactor: replace onlyBuiltDependencies and ignoredBuiltDependencies with allowBuilds (#10401) 2026-01-02 23:21:17 +01:00
Zoltan Kochan
cb367b9515 feat!: deprecate old settings that were replaced by allowBuilds (#10382) 2026-01-02 12:22:42 +01:00
btea
facdd717bf feat: add trustPolicyIgnoreAfter (#10359) 
* feat: add `trustPolicyIgnoreAfter`

* Update .changeset/big-lies-pump.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* refactor: npm-resolver

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-28 02:01:09 +01:00
Zoltan Kochan
71de2b3f2b feat!: remove use-node-version CLI option and pnpm.executionEnv.nodeVersion manifest field (#10373) 2025-12-27 22:41:53 +01:00
Zoltan Kochan
394d88cf5e feat: enable injected local packages to work with global virtual store (#10366) 
* feat: enable injected local packages to work with global virtual store

by leveraging `pkgLocationsByDepPath` for `file:` dependencies.

* fix: populate `pkgLocationsByDepPath` directly for directory dependencies in the graph builder

* refactor: store directory dependencies as a Map instead of an object

* refactor: improve file: dependency target directory resolution

by prioritizing `directoryDepsByDepPath` and providing a lockfile fallback.

* refactor: remove `pkgLocationsByDepPath` from hoisted dependency graph generation parameters

* test: fix

* test: fix

* refactor: simplify directory lookup for injected workspace packages

by directly using the dependency graph

* refactor: move extendProjectsWithTargetDirs to headless module and update imports

* refactor: make `directoryDepsByDepPath` required

in `LockfileToDepGraphOptions` and remove its nullish coalescing in headless

* refactor: directory dependency tracking

by renaming `directoryDepsByDepPath` to `injectionTargetsByDepPath`
and extracting related logic, and remove an unused export.

* docs: add changesets

* fix: implemented CR suggestions
 2025-12-27 12:21:19 +01:00
Trevor Burnham
8b5dcaac4d feat: provide wantedLockfile to shouldForceResolve (#10330) 2025-12-19 01:41:10 +01:00
Oren
ae8b816121 feat: support blockExoticSubdeps option to disallow non-trusted dep sources in subdeps (#10265) 
* feat(core): add onlyRegistryDependencies option to disallow non-registry subdependencies

* fix: onlyRegistryDependencies=>registrySubdepsOnly

* fix: allow resolution from custom resolver

* fix: add registry-subdeps-only to types

* docs: update changesets

* refactor: registry-only

* refactor: registrySubdepsOnly=>blockExoticSubdeps

* fix: trust runtime deps

* refactor: remove comment

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-10 12:14:16 +01:00
Oren
ba065f6a8b fix(git-fetcher): block git dependencies from running prepare scripts unless allowed (#10288) 
* fix(git-fetcher): block git dependencies from running prepare scripts unless allowed

* Update exec/prepare-package/src/index.ts

Co-authored-by: Zoltan Kochan <z@kochan.io>

* Also implement in gitHostedTarballFetcher

* refactor: move allowBuild function creation to the store manager

* refactor: pass allowBuild function to fetch function directly

* refactor: revert not needed changes and update changesets

* test: fix

* fix: implemented CR suggestions

* test: fix

* test: fix

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-09 18:25:07 +01:00
Zoltan Kochan
05fb1aee5f fix: reporting ignored dependency builds (#10276) 2025-12-06 16:32:19 +01:00
Zoltan Kochan
4362c06005 fix: dependencies that were added to onlyBuiltDependencies should be built on install (#10256) 2025-12-02 15:31:52 +01:00
Zoltan Kochan
5f73b0f2b6 perf: always link runtimes from the global virtual store directory (#10233) 2025-12-01 14:27:18 +01:00
Trevor Burnham
38b8e357b5 feat: add custom resolvers and fetchers (#10246) 2025-11-30 14:19:04 +01:00
Brandon Cheng
69ebe38764 fix: throw a frozen lockfile error when catalogs change (#10231) 
* fix: throw a frozen lockfile error when catalogs change

* fix: work around lockfile mismatch when installing `__fixtures__`

```
> @ step1 /home/runner/work/pnpm/pnpm/__fixtures__
> node ../pnpm/dist/pnpm.mjs install -rf --frozen-lockfile --no-shared-workspace-lockfile --no-link-workspace-packages

.                                        |  WARN  using --force I sure hope you know what you are doing
Scope: all 26 workspace projects
circular                                 | Progress: resolved 1, reused 0, downloaded 0, added 0
circular                                 |   +4 +
fixture                                  | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture                                  |  +12 +
fixture-with-no-pkg-name-and-no-version  | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture-with-no-pkg-name-and-no-version  |  +12 +
fixture-with-no-pkg-version              | Progress: resolved 1, reused 0, downloaded 0, added 0
fixture-with-no-pkg-version              |  +12 +
circular                                 | Progress: resolved 4, reused 0, downloaded 4, added 4, done
fixture                                  | Progress: resolved 12, reused 6, downloaded 6, added 12, done
fixture-with-no-pkg-name-and-no-version  | Progress: resolved 12, reused 0, downloaded 0, added 12, done
fixture-with-no-pkg-version              | Progress: resolved 12, reused 0, downloaded 0, added 12, done
general                                  | Progress: resolved 1, reused 0, downloaded 0, added 0
general                                  |  +13 +
has-2-outdated-deps                      | Progress: resolved 1, reused 0, downloaded 0, added 0
has-2-outdated-deps                      |   +2 +
undefined
/home/runner/work/pnpm/pnpm/__fixtures__/has-outdated-deps-using-catalog-protocol:
 ERR_PNPM_LOCKFILE_CONFIG_MISMATCH  Cannot proceed with the frozen installation. The current "catalogs" configuration doesn't match the value found in the lockfile

Update your lockfile using "pnpm install --no-frozen-lockfile"
```

close #9369
 2025-11-26 01:09:37 +01:00
Ryo Matsukawa
9d3f00b09a feat: add support for trustPolicyExclude (#10168) 
close #10164
 2025-11-11 13:00:20 +01:00
Ryo Matsukawa
10bc39152e feat: add support for npm package trust evidence check via a new trustPolicy setting (#10103) 
close #8889

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-09 23:23:58 +01:00
Zoltan Kochan
dab9abef5c Merge remote-tracking branch 'origin/main' into v11 2025-10-24 14:19:07 +02:00
Zoltan Kochan
dee39ecb8a feat: support allowing the build of specific versions of dependencies (#10104) 
close #10076
 2025-10-21 12:38:16 +02:00
Zoltan Kochan
a43166624e Merge remote-tracking branch 'origin/main' into v11 2025-10-10 10:01:19 +02:00
Zoltan Kochan
c5e895f657 fix: don't print a warning when --lockfile-only is used (#10044) 
close #8320
 2025-10-05 02:28:26 +02:00
Zoltan Kochan
6f861bccaa Merge remote-tracking branch 'origin/main' into v11 2025-09-12 22:35:14 +02:00
Tom Jenkinson
2ebd45a7f2 fix: throw error if no TTY instead of terminating with 0 exit code (#9960) 
close #9744
 2025-09-12 12:07:01 +02:00
Zoltan Kochan
38e2599ecd feat: set minimumReleaseAge to delay new versions of dependencies from being installed (#9957) 
close #9921
 2025-09-11 17:25:11 +02:00
Zoltan Kochan
46a65def8e Merge remote-tracking branch 'origin/main' into v11 2025-08-29 13:30:11 +02:00
Zoltan Kochan
1089a96589 fix: update dependencies (#9899) 2025-08-28 15:33:19 +02:00
Zoltan Kochan
3df6702bcb fix: update load-json-file, write-json-file, write-pkg 2025-08-28 11:37:38 +02:00
Zoltan Kochan
491a84fb26 feat: use ESM instead of commonjs (#9870) 2025-08-25 10:02:00 +02:00
btea
05dd45ea82 perf: replace startsWith with strict equality (#9881) 2025-08-21 14:14:26 +02:00
Zoltan Kochan
facd7656e8 refactor: always use extensions in relative imports (#9878) 2025-08-19 15:25:11 +02:00
btea
8747b4e7f6 feat: add cleanupUnusedCatalogs config (#9793) 2025-08-14 12:26:51 +02:00
Brandon Cheng
98dd75a5d9 fix: re-resolve catalog entries when running pnpm dedupe (#9808) 
* test: catalog is deduped on pnpm dedupe

* fix: re-resolve catalog entries when running `pnpm dedupe`
 2025-07-30 11:47:27 +02:00
Zoltan Kochan
cf630a8e84 feat: allow to set multiple pnpmfiles (#9702) 2025-07-08 14:54:07 +02:00
Zoltan Kochan
cc6db888d6 fix: hoisting of dependencies after resolution stage (#9686) 
close #9685
 2025-06-24 11:51:18 +02:00
Zoltan Kochan
b982a0d6dc fix: hoisting with global virtual store (#9648) 2025-06-22 22:03:29 +02:00
Zoltan Kochan
b217bbb4a7 feat: add a new setting for telling pnpm if the env is CI (#9616) 
This is an addition to https://github.com/pnpm/pnpm/pull/8190. The global virtual store isn't a good choice for CI. So, we disable it even if the setting sets `enableGlobalVirtualStore` to `true`.
 2025-06-08 15:00:22 +02:00
Zoltan Kochan
b3898dbb1e fix: take into account the integrities of packages in when calculating the dependency graph hash (#9605) 
* fix: take into account the integrities of packages in when calculating the dependency graph hash

* test: fix

* test: fix

* test: fix

* test: fix

* fix: include the package's integirty in the hash as well

* docs: add comment

* perf: hashing deps graph

* fix: deps graph hash

* refactor: calc graph hash

* test: fix

* refactor: calc graph hash

* refactor: rename uniquePkgId to fullPkgId

* docs: add changeset
 2025-06-08 01:05:10 +02:00
Zoltan Kochan
b0ead519b3 feat: global virtual store (#8190) 
close #1001
 2025-06-03 18:18:58 +02:00
Brandon Cheng
099ac93e08 refactor: use Catalogs config type instead of CatalogSnapshots for updatedCatalogs (#9589) 
* refactor: use Catalogs config type instead of CatalogSnapshots

* refactor: create catalogMetadata instead of manually patching snapshots
 2025-06-01 23:53:04 +02:00
Zoltan Kochan
7cd0e712df fix: install exiting with 1 exit code and no error message (#9567) 
close #9559
 2025-05-22 15:26:51 +02:00
martinkors
046af72a96 feat: add new catalogMode setting (#9552) 
* feat: add new `catalogMode` setting

Add new `catalogMode` setting for automatically adding new dependencies to
the default catalog.

Closes pnpm#8876, Closes pnpm#8308

* fix: catalogs don't only store semver ranges and versions

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-05-20 16:47:05 +02:00
Brandon Cheng
e7d0f6cdcf refactor: rename newCatalogs to updatedCatalogs (#9561) 2025-05-20 11:15:41 +02:00
Khải
93ac21ccd0 refactor: add types to installSome and installCase (#9539) 
---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-05-15 11:16:22 +02:00
Khải
c8341cca57 feat: pnpm add option to add new entries to catalogs (#9484) 
close #9425

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-05-14 18:32:05 +02:00
Zoltan Kochan
f0c3ed6781 fix: don't fail with strictPeerDependencies=true if the peerDependencyRules ignore the peer issues (#9505) 
close #9449
close #8859
close #7978
close #8382
 2025-05-09 11:38:56 +02:00
Zoltan Kochan
8a9f3a4835 refactor: rename pref to bare specifier (#9445) 2025-04-20 22:58:08 +02:00