mirror/pnpm - pnpm - Gitea: Git with a cup of tea

mirror of https://github.com/pnpm/pnpm.git synced 2026-04-02 22:42:26 -04:00

Author	SHA1	Message	Date
Minijus L	cfec937abd	fix: normalize tarball URLs by removing default HTTP/HTTPS ports (#10273 ) * fix: normalize tarball URLs by removing default HTTP/HTTPS ports closes #6725 * feat: refactor, add test and changeset --------- Co-authored-by: Zoltan Kochan <z@kochan.io>	2025-12-11 12:02:02 +01:00
Oren	73cc63504d	feat: support blockExoticSubdeps option to disallow non-trusted dep sources in subdeps (#10265 ) * feat(core): add onlyRegistryDependencies option to disallow non-registry subdependencies * fix: onlyRegistryDependencies=>registrySubdepsOnly * fix: allow resolution from custom resolver * fix: add registry-subdeps-only to types * docs: update changesets * refactor: registry-only * refactor: registrySubdepsOnly=>blockExoticSubdeps * fix: trust runtime deps * refactor: remove comment --------- Co-authored-by: Zoltan Kochan <z@kochan.io>	2025-12-10 12:22:37 +01:00
Zoltan Kochan	7d0e7e855e	test: fix	2025-12-10 12:15:55 +01:00
Zoltan Kochan	585c82f568	test: fix	2025-12-10 01:08:59 +01:00
Oren	40775391d5	fix(git-fetcher): block git dependencies from running prepare scripts unless allowed (#10288 ) * fix(git-fetcher): block git dependencies from running prepare scripts unless allowed * Update exec/prepare-package/src/index.ts Co-authored-by: Zoltan Kochan <z@kochan.io> * Also implement in gitHostedTarballFetcher * refactor: move allowBuild function creation to the store manager * refactor: pass allowBuild function to fetch function directly * refactor: revert not needed changes and update changesets * test: fix * fix: implemented CR suggestions * test: fix * test: fix --------- Co-authored-by: Zoltan Kochan <z@kochan.io>	2025-12-10 00:51:43 +01:00
Oren	b7d3ec65b1	fix(tarball-resolver): add integrity hash to HTTP tarball dependencies (#10287 ) * fix(tarball-resolver): add integrity hash to HTTP tarball dependencies * Refactor to download tarball just once * Fix tests * fix: only calc hash when it is not passed in to the fetcher * docs: update changesets	2025-12-10 00:49:50 +01:00
Zoltan Kochan	b0cd2dea48	chore(release): 10.25.0 v10.25.0	2025-12-08 15:33:42 +01:00
Zoltan Kochan	8e05103cda	fix: don't fail with ERR_PNPM_MISSING_TIME on packages that are excluded from trust checks (#10292 ) * fix: don't fail with ERR_PNPM_MISSING_TIME on packages that are excluded from trust checks close #10259 * test: add coverage for excluded packages missing time field (#10293) * Initial plan * test: add coverage for excluded packages missing time field Co-authored-by: zkochan <1927579+zkochan@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: zkochan <1927579+zkochan@users.noreply.github.com> --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: zkochan <1927579+zkochan@users.noreply.github.com>	2025-12-08 15:27:16 +01:00
Zoltan Kochan	fa82ec393a	docs: update sponsors	2025-12-08 15:27:09 +01:00
Aaron	d334fdc573	fix(publish): respect --force flag in recursive publish (#10277 ) When using 'pnpm -r publish --force', the --force flag was being ignored. The flag was checked to determine which packages to publish, but wasn't passed to individual publish commands. This adds --force to the appendedArgs array so it gets passed through to each publish call, following the same pattern as other CLI flags like --access, --dry-run, and --otp. close #10272	2025-12-08 15:26:59 +01:00
Zoltan Kochan	17d34fab8c	fix: don't silently skip an optional dependency if it cannot be resolved from a mature version (#10289 ) close #10270	2025-12-08 15:26:51 +01:00
Zoltan Kochan	98b00f4348	fix: audit error	2025-12-07 02:03:47 +01:00
btea	00c7107187	fix: audit error (#10262 )	2025-12-07 02:02:53 +01:00
Zoltan Kochan	9b05bdd7e1	fix: reporting ignored dependency builds (#10276 )	2025-12-06 16:43:42 +01:00
Zoltan Kochan	7c15c93c26	chore(release): libs	2025-12-02 16:02:38 +01:00
Zoltan Kochan	e90dd8d1c7	test: fix plugin-commands-init	2025-12-02 15:58:56 +01:00
Zoltan Kochan	a8293fbb70	fix: audit error	2025-12-02 15:37:12 +01:00
Zoltan Kochan	033a2561eb	fix: dependencies that were added to onlyBuiltDependencies should be built on install (#10256 )	2025-12-02 15:36:29 +01:00
Khải	78f12ef920	feat(init): --bare (#10228 ) * feat(init): fields preset * feat: replace `init-preset` with `init-bare` * feat: remove init-bare close #10226 --------- Co-authored-by: Zoltan Kochan <z@kochan.io>	2025-12-02 08:18:12 +01:00
Bart Riepe	b0ec709fa5	feat: allow loading certificates from scoped `cert`, `ca` and `key` (#10230 ) * feat: allow loading certificates from `cert`, `ca` and `key` These properties are supported in .npmrc, but get ignored by pnpm, this will make pnpm read and use them as well. * refactor: getNetworkConfigs.ts * docs: update changesets * fix: issues * docs: update changesets --------- Co-authored-by: Zoltan Kochan <z@kochan.io>	2025-12-02 08:17:41 +01:00
Zoltan Kochan	82e2c30484	chore(release): @pnpm/default-reporter@1002.1.0	2025-11-28 13:23:38 +01:00
Zoltan Kochan	a58d5103af	feat(default-reporter): using custom instruction for builds approval	2025-11-28 13:14:28 +01:00
Zoltan Kochan	16d08d0cb0	chore(release): 10.24.0 v10.24.0	2025-11-27 14:53:58 +01:00
btea	d42558f82b	fix: `WMIC` is being removed (#10223 ) * fix: `WMI` is being removed * fix: update * fix: update * fix: validate drive before usage * fix: remove not needed dep * refactor: regex --------- Co-authored-by: Zoltan Kochan <z@kochan.io>	2025-11-27 14:48:00 +01:00
Zoltan Kochan	0416f2c256	revert: "fix(self-update): respect custom registry when installing pnpm version (#10205 )" This reverts commit `2194432539`.	2025-11-27 14:45:19 +01:00
Zoltan Kochan	4efa1c31a4	fix: don't reimport node.js on every install (#10239 )	2025-11-26 01:14:17 +01:00
Brandon Cheng	3631b01697	fix: throw a frozen lockfile error when catalogs change (#10231 ) close #9369	2025-11-26 01:13:54 +01:00
Zoltan Kochan	6552272b6b	fix: dependency graph hash calculation (#10236 )	2025-11-25 20:37:22 +01:00
Zoltan Kochan	2c0cbe70ca	fix: trustPolicy should ignore trust evidences of prerelease versions (#10227 )	2025-11-24 15:04:39 +01:00
Kairui Liu	66b2c58255	fix: handle `ENOENT` errors in containerized environments by falling back to copy (#10218 ) * fix: linkOrCopy failed * refactor: hard-link-dir * docs: add changesets --------- Co-authored-by: Zoltan Kochan <z@kochan.io>	2025-11-23 01:30:52 +01:00
btea	287712d833	fix: improve the error messages related to `trustPolicy` mismatch (#10203 ) --------- Co-authored-by: Zoltan Kochan <z@kochan.io>	2025-11-22 02:39:26 +01:00
Matt Kantor	8695e49dc2	docs: fix usage example in `@pnpm/read-package-json` README (#10219 ) This module has no default export.	2025-11-22 02:39:21 +01:00
Zoltan Kochan	463f30ccfb	perf: increase the default network concurrency on machines with many CPU cores (#10215 ) close #10068	2025-11-22 02:39:14 +01:00
Zoltan Kochan	615c066e68	fix: update @pnpm/npm-conf to v3.0.1 related PR: https://github.com/pnpm/npm-conf/pull/17	2025-11-21 01:57:33 +01:00
Zoltan Kochan	603aedae0a	chore(release): 10.23.0 v10.23.0	2025-11-20 14:46:54 +01:00
Zoltan Kochan	f248e8f688	fix: update glob to fix vulnerability	2025-11-20 14:22:15 +01:00
Zoltan Kochan	43c56d9e7e	fix: don't silently skip an optional dependency if if fails trust policy check (#10211 ) close #10208	2025-11-20 14:21:13 +01:00
Zoltan Kochan	2fc23e46e2	fix: node runtime is not moved to dependencies on pnpm add (#10210 ) close #10209	2025-11-20 02:37:02 +01:00
Ryo Matsukawa	c206765715	fix: display `npm:` protocol for aliased packages in list and why (#10084 ) * fix: support alias resolution in pnpm why with npm: protocol * refactor: make alias required instead of optional * refactor: reorder field to put alias first	2025-11-20 02:36:53 +01:00
silentip404	2194432539	fix(self-update): respect custom registry when installing pnpm version (#10205 ) * fix(self-update): respect custom registry when installing pnpm version When managePackageManagerVersions is enabled and a custom registry is configured in .npmrc, pnpm was attempting to auto-install the specified version from registry.npmjs.org instead of respecting the user's custom registry configuration. This happens because installPnpmToTools runs in a temporary directory outside the project, which doesn't automatically pick up the project's .npmrc configuration. The fix explicitly passes the registry configuration from opts.registries.default or opts.rawConfig.registry to the pnpm add command via the --config.registry flag. * refactor: self-update * Update .changeset/cold-buckets-crash.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Zoltan Kochan <z@kochan.io> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-11-20 02:36:43 +01:00
Tmk	f442897cd7	fix: remove redundant mirror slash (#10204 )	2025-11-20 02:36:33 +01:00
Zoltan Kochan	5e7cf44914	fix: js-yaml version	2025-11-18 15:17:10 +01:00
btea	234c5b4634	refactor: add `createPackageVersionPolicyByExclude` (#10194 )	2025-11-18 11:53:21 +01:00
Zoltan Kochan	32dae0276b	fix: store prune should not fail if the store contains Node.js (#10193 ) close #10131	2025-11-18 11:52:46 +01:00
Ryo Matsukawa	24dc8713b0	feat: add `--lockfile-only` option to `pnpm list` (#10066 ) close #10020 --------- Co-authored-by: Zoltan Kochan <z@kochan.io>	2025-11-18 11:51:20 +01:00
Brandon Cheng	e12e7c1f85	chore: ignore GHSA-mh29-5h37-fv8m (#10192 ) https://github.com/changesets/changesets/issues/1762	2025-11-18 11:51:06 +01:00
Zoltan Kochan	e75aaed84c	fix: self-update should not install @pnpm/exe >= 11 (#10190 )	2025-11-14 15:22:13 +01:00
Zoltan Kochan	1de6d19f59	chore(release): 10.22.0 v10.22.0	2025-11-12 14:13:12 +01:00
Zoltan Kochan	4a9422d768	fix: concurrently hard linking a directory (#10181 ) close #10179	2025-11-12 14:09:57 +01:00
Zoltan Kochan	2b81704372	fix: update parse-npm-tarball-url to v4 (#10182 ) close #10175	2025-11-12 14:09:44 +01:00

1 2 3 4 5 ...

10071 Commits