mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-04-13 19:47:48 -04:00
Code Issues Packages Projects Releases Wiki Activity
10,667 Commits 381 Branches 1,872 Tags
bfd38cdc15e89b36eab4fa106a94de066c4638ef
Commit Graph

10667 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot]
ad0cfad1b8 chore(deps): bump the github-actions group across 1 directory with 2 updates (#10229) 
Bumps the github-actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](08c6903cd8...1af3b93b68)

Updates `github/codeql-action` from 4.31.2 to 4.31.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0499de31b9...fdbfb4d275)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.31.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-24 15:02:57 +01:00
Zoltan Kochan
6f361aa3b3 fix: trustPolicy should ignore trust evidences of prerelease versions (#10227) 2025-11-24 14:53:47 +01:00
Kairui Liu
2a50b8936e fix: handle ENOENT errors in containerized environments by falling back to copy (#10218) 
* fix: linkOrCopy failed

* refactor: hard-link-dir

* docs: add changesets

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-22 16:27:15 +01:00
btea
144ce0e98b fix: improve the error messages related to trustPolicy mismatch (#10203) 
---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-22 02:35:19 +01:00
Matt Kantor
df1af144aa docs: fix usage example in @pnpm/read-package-json README (#10219) 
This module has no default export.
 2025-11-22 02:29:10 +01:00
Zoltan Kochan
4893853569 perf: increase the default network concurrency on machines with many CPU cores (#10215) 
close #10068
 2025-11-21 15:29:56 +01:00
Zoltan Kochan
a5fdbf9bb3 fix: update @pnpm/npm-conf to v3.0.1 
related PR: https://github.com/pnpm/npm-conf/pull/17
 2025-11-21 01:48:20 +01:00
Zoltan Kochan
b5722a2b39 ci: increase timeout limits 2025-11-20 16:26:48 +01:00
Zoltan Kochan
404a0793f5 ci: don't use standalone pnpm exe 2025-11-20 15:31:14 +01:00
Zoltan Kochan
c7dd46580e chore: update pnpm to v11 2025-11-20 15:25:06 +01:00
Zoltan Kochan
83fe533266 fix: don't silently skip an optional dependency if if fails trust policy check (#10211) 
close #10208
 2025-11-20 12:51:31 +01:00
Zoltan Kochan
98a5f1ce33 fix: node runtime is not moved to dependencies on pnpm add (#10210) 
close #10209
 2025-11-20 02:35:46 +01:00
Ryo Matsukawa
8ffb1a7f0c fix: display npm: protocol for aliased packages in list and why (#10084) 
* fix: support alias resolution in pnpm why with npm:
protocol

* refactor: make alias required instead of optional

* refactor: reorder field to put alias first
 2025-11-20 01:08:53 +01:00
silentip404
d3cf00e308 fix(self-update): respect custom registry when installing pnpm version (#10205) 
* fix(self-update): respect custom registry when installing pnpm version

When managePackageManagerVersions is enabled and a custom registry is
configured in .npmrc, pnpm was attempting to auto-install the specified
version from registry.npmjs.org instead of respecting the user's custom
registry configuration.

This happens because installPnpmToTools runs in a temporary directory
outside the project, which doesn't automatically pick up the project's
.npmrc configuration. The fix explicitly passes the registry configuration
from opts.registries.default or opts.rawConfig.registry to the pnpm add
command via the --config.registry flag.

* refactor: self-update

* Update .changeset/cold-buckets-crash.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-11-19 22:43:32 +01:00
Tmk
499ef22bd5 fix: remove redundant mirror slash (#10204) 2025-11-19 21:46:03 +01:00
Zoltan Kochan
60f3a05064 fix: js-yaml version 2025-11-18 14:59:20 +01:00
btea
734420ce01 fix: audit (#10198) 
* fix: audit

* fix: use safer range

* fix: don't remove our fork of js-yaml

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-18 11:42:28 +01:00
btea
f80ae03f60 refactor: add createPackageVersionPolicyByExclude (#10194) 2025-11-18 00:59:15 +01:00
Ryo Matsukawa
b51bb42da5 feat!: support lowercase options in pnpm add (-d, -p, -o, -e) (#10079) 
close #9197
 2025-11-17 23:52:11 +01:00
Zoltan Kochan
09bb8dbd8c fix: store prune should not fail if the store contains Node.js (#10193) 
close #10131
 2025-11-17 23:45:48 +01:00
Ryo Matsukawa
2464485700 feat: add --lockfile-only option to pnpm list (#10066) 
close #10020

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-17 16:57:29 +01:00
Brandon Cheng
a0e3a21a93 fix: use esm import for @pnpm/patch-package in @pnpm/apply-patch (#10191) 2025-11-16 23:35:25 +01:00
Brandon Cheng
23b139a10f chore: ignore GHSA-mh29-5h37-fv8m (#10192) 
https://github.com/changesets/changesets/issues/1762
 2025-11-16 22:21:41 +01:00
Zoltan Kochan
46f10165ed fix: self-update should not install @pnpm/exe >= 11 (#10190) 2025-11-14 15:19:36 +01:00
btea
4e64267d08 chore: add unrs-resolver to onlyBuiltDependencies (#10184) 2025-11-13 22:18:07 +01:00
Zoltan Kochan
2fe74dac98 chore(release): 11.0.0-alpha.1 v11.0.0-alpha.1 2025-11-13 18:19:57 +01:00
Zoltan Kochan
f5f9f4ec6e chore: don't crash if some artifacts are not found v11.0.0-alpha.0 2025-11-13 17:10:07 +01:00
Zoltan Kochan
e18840d279 fix: update publish-packed 2025-11-13 17:08:13 +01:00
Zoltan Kochan
d3ce6e8985 ci: run Node.js 24 in the release action 2025-11-13 16:21:52 +01:00
Zoltan Kochan
7e2910e70f chore(release): 11.0.0-alpha.0 2025-11-13 15:44:27 +01:00
Zoltan Kochan
b57e08bd2d docs: fix changeset 2025-11-13 15:20:12 +01:00
Zoltan Kochan
2da49df476 chore: fix lockfile 2025-11-12 15:54:27 +01:00
Zoltan Kochan
575528e09d chore: update pnpm 2025-11-12 15:04:15 +01:00
Zoltan Kochan
0fd53e10bd fix: concurrently hard linking a directory (#10181) 
close #10179
 2025-11-12 14:07:18 +01:00
Zoltan Kochan
ba70035691 fix: update parse-npm-tarball-url to v4 (#10182) 
close #10175
 2025-11-12 14:06:56 +01:00
Zoltan Kochan
ec973ea8a2 ci: checkout a known good commit of ldid 2025-11-11 23:09:18 +01:00
Zoltan Kochan
3ad031d787 fix: compile 2025-11-11 13:05:57 +01:00
Ryo Matsukawa
9d3f00b09a feat: add support for trustPolicyExclude (#10168) 
close #10164
 2025-11-11 13:00:20 +01:00
Khải
075aa993bb feat(config): global yaml (#10145) 
* feat(config): global `rc.yaml`

* fix: undefined `rawConfig`

* test: add a test

* feat: re-export `isSupportedNpmConfig`

* feat: return `'compat'` to distinguish compatibility reason

* docs: `isSupportedNpmConfig`

* fix: eslint

* docs: clarify the case of the config key

* feat(cli/config/set): target yaml for pnpm-specific settings

* fix: read the correct file

* fix: write to the correct directory

* refactor: remove disabled code

* refactor: get `configDir` directly

* docs: remove outdated documentation

* test: fix a test

* test: rename

* fix: explicitly tell npm the config file path

* test: add a test

* test: add a test

* test: fix a test

* fix: local config dir

* fix: `managingAuthSettings`

* test: rename

* test: fix

* test: add a test

* test: demonstrate choosing config files

* test: fix

* docs: yet another consideration

* test: demonstrate choosing config files

* fix: correct local config file names in test helper

* test: demonstrate choosing config files

* test: use the helper

* test: add a test

* test: correct a test

* test: fix

* test: fix

* fix: eslint

* test: remove duplicate

* feat: validate `rc.yaml`

* docs: changeset

* test: fix `configDelete.test.ts`

* feat: other `npm` call-sites

* fix: make optional again

* feat: remove the change from `publish`

* fix: eslint

* refactor: just one is sufficient

* refactor: replace type union with 3 functions

* refactor(test): extract helper functions

* fix: add `rc.yaml` to `rawConfig`

* test: keep workspace settings out of `rc.yaml`

* test: fix `spawn ENOENT`

* chore(git): revert invalid change

This reverts commit 1ff6fe2323.

* feat: rename `rc.yaml` to `config.yaml`

* refactor: replace `acceptNonRc` with `!globalSettingsOnly`

* feat!: remove compat completely

* refactor: rename a function

* fix: no actual catalogs

* refactor: replace bool flag with preemptive filter

* feat!: filter global config keys

* test: fix

* fix: exclude `deploy-all-files`

* fix: reverse schema merge order

* feat(cli/config/set): validate global config yaml key

* test: remove duplicated assertion

* docs: correct

* docs: goal changed
 2025-11-11 11:24:06 +01:00
Zoltan Kochan
f03b9ecf4e feat: support engines in publishConfig (#10169) 2025-11-11 01:18:23 +01:00
dependabot[bot]
d5f736ce56 chore(deps): bump softprops/action-gh-release (#10165) 
Bumps the github-actions group with 1 update: [softprops/action-gh-release](https://github.com/softprops/action-gh-release).


Updates `softprops/action-gh-release` from 2.4.1 to 2.4.2
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](6da8fa9354...5be0e66d93)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 2.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-10 14:18:42 +01:00
Zoltan Kochan
ab9be93edf chore: bundle @pnpm/exe with Node.js 24 2025-11-10 02:39:34 +01:00
Zoltan Kochan
8a31cf1398 feat: added engines.runtime to pnpm CLI 
The pnpm CLI will now be installed with Node.js
 2025-11-10 01:24:00 +01:00
Zoltan Kochan
df6d546e13 chore: fix repository URLs in package.json files of utils 2025-11-10 00:58:29 +01:00
Ryo Matsukawa
10bc39152e feat: add support for npm package trust evidence check via a new trustPolicy setting (#10103) 
close #8889

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-09 23:23:58 +01:00
Zoltan Kochan
b09722fc01 fix: concurrently hard linking a directory (#10163) 
close #10160
 2025-11-09 12:07:11 +01:00
btea
cbdc1067cc refactor: replace deprecated method (#10075) 2025-11-09 11:23:24 +01:00
Ryo Matsukawa
d5d4eedeeb feat: add support for pnpm config get globalconfig (#10090) 
close #9977
 2025-11-08 14:14:36 +01:00
Mike DiDomizio
357490525a fix: gitBranchLockfile/mergeGitBranchLockfilesBranchPattern set in workspace file (#10139) 
close #9651
 2025-11-06 15:42:21 +01:00
Trevor Burnham
0b5ccc9238 fix(update): prevent package.json updates when updating indirect dependencies (#5118) (#10155) 
close #5118
 2025-11-06 15:13:51 +01:00