mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-04-02 22:42:26 -04:00
Code Issues Packages Projects Releases Wiki Activity
10,071 Commits 376 Branches 1,869 Tags
cfec937abd1f646965dffeafbe5aa477ef15bb1d
Commit Graph

892 Commits

Author SHA1 Message Date
Oren
73cc63504d feat: support blockExoticSubdeps option to disallow non-trusted dep sources in subdeps (#10265) 
* feat(core): add onlyRegistryDependencies option to disallow non-registry subdependencies

* fix: onlyRegistryDependencies=>registrySubdepsOnly

* fix: allow resolution from custom resolver

* fix: add registry-subdeps-only to types

* docs: update changesets

* refactor: registry-only

* refactor: registrySubdepsOnly=>blockExoticSubdeps

* fix: trust runtime deps

* refactor: remove comment

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-10 12:22:37 +01:00
Zoltan Kochan
7d0e7e855e test: fix 2025-12-10 12:15:55 +01:00
Oren
40775391d5 fix(git-fetcher): block git dependencies from running prepare scripts unless allowed (#10288) 
* fix(git-fetcher): block git dependencies from running prepare scripts unless allowed

* Update exec/prepare-package/src/index.ts

Co-authored-by: Zoltan Kochan <z@kochan.io>

* Also implement in gitHostedTarballFetcher

* refactor: move allowBuild function creation to the store manager

* refactor: pass allowBuild function to fetch function directly

* refactor: revert not needed changes and update changesets

* test: fix

* fix: implemented CR suggestions

* test: fix

* test: fix

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-10 00:51:43 +01:00
Oren
b7d3ec65b1 fix(tarball-resolver): add integrity hash to HTTP tarball dependencies (#10287) 
* fix(tarball-resolver): add integrity hash to HTTP tarball dependencies

* Refactor to download tarball just once

* Fix tests

* fix: only calc hash when it is not passed in to the fetcher

* docs: update changesets
 2025-12-10 00:49:50 +01:00
Zoltan Kochan
b0cd2dea48 chore(release): 10.25.0 2025-12-08 15:33:42 +01:00
Zoltan Kochan
17d34fab8c fix: don't silently skip an optional dependency if it cannot be resolved from a mature version (#10289) 
close #10270
 2025-12-08 15:26:51 +01:00
Zoltan Kochan
9b05bdd7e1 fix: reporting ignored dependency builds (#10276) 2025-12-06 16:43:42 +01:00
Zoltan Kochan
7c15c93c26 chore(release): libs 2025-12-02 16:02:38 +01:00
Zoltan Kochan
033a2561eb fix: dependencies that were added to onlyBuiltDependencies should be built on install (#10256) 2025-12-02 15:36:29 +01:00
Zoltan Kochan
16d08d0cb0 chore(release): 10.24.0 2025-11-27 14:53:58 +01:00
Brandon Cheng
3631b01697 fix: throw a frozen lockfile error when catalogs change (#10231) 
close #9369
 2025-11-26 01:13:54 +01:00
Zoltan Kochan
463f30ccfb perf: increase the default network concurrency on machines with many CPU cores (#10215) 
close #10068
 2025-11-22 02:39:14 +01:00
Zoltan Kochan
603aedae0a chore(release): 10.23.0 2025-11-20 14:46:54 +01:00
Zoltan Kochan
43c56d9e7e fix: don't silently skip an optional dependency if if fails trust policy check (#10211) 
close #10208
 2025-11-20 14:21:13 +01:00
btea
234c5b4634 refactor: add createPackageVersionPolicyByExclude (#10194) 2025-11-18 11:53:21 +01:00
Zoltan Kochan
1de6d19f59 chore(release): 10.22.0 2025-11-12 14:13:12 +01:00
Ryo Matsukawa
93d49548ca feat: add support for trustPolicyExclude (#10168) 
close #10164
 2025-11-11 13:01:56 +01:00
Zoltan Kochan
2e2dc27d07 chore(release): 10.21.0 2025-11-09 23:45:04 +01:00
Ryo Matsukawa
68ad0868b4 feat: add support for npm package trust evidence check via a new trustPolicy setting (#10103) 
close #8889

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-09 23:32:56 +01:00
Trevor Burnham
17344ca27f fix(update): prevent package.json updates when updating indirect dependencies (#5118) (#10155) 
close #5118
 2025-11-06 15:14:36 +01:00
Zoltan Kochan
f1ee865bc5 fix: compile 2025-10-31 17:26:59 +01:00
Zoltan Kochan
5847af412b feat: install js runtime as prod dependency (#10141) 2025-10-31 17:15:38 +01:00
Zoltan Kochan
49f03d14ee chore(release): 10.20.0 2025-10-28 17:35:21 +01:00
Zoltan Kochan
d9bcd616ea chore(release): 10.19.1-oidc-test.3 2025-10-24 01:36:02 +02:00
Zoltan Kochan
0cde1287c8 chore: update repository fields 2025-10-23 11:57:12 +02:00
Zoltan Kochan
e5ac91fa67 chore(release): 10.19.1-oidc-test.0 2025-10-23 10:30:03 +02:00
Zoltan Kochan
43d7b18c2f chore(release): 10.19.0 2025-10-21 15:30:20 +02:00
Zoltan Kochan
dee39ecb8a feat: support allowing the build of specific versions of dependencies (#10104) 
close #10076
 2025-10-21 12:38:16 +02:00
Ryo Matsukawa
7c1382f7b7 feat: add support for exact versions in minimumReleaseAgeExclude (#10059) 
close #9985

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-10-18 11:10:08 +02:00
Zoltan Kochan
1bfc105da0 chore(release): 10.18.3 2025-10-14 11:27:45 +02:00
Ryo Matsukawa
9c65b96f2c fix: preserve version and hasBin for variations packages (#10065) 
close #10022
 2025-10-13 10:00:56 +02:00
Ryo Matsukawa
a8797c4e59 fix: handle EISDIR error when bin field points to directory (#10080) 
close #9441
 2025-10-13 10:00:06 +02:00
Zoltan Kochan
1b15e45ae9 chore(release): 10.18.2 2025-10-09 16:56:04 +02:00
Zoltan Kochan
651a27aea4 chore(release): 10.18.1 2025-10-06 14:13:59 +02:00
Brandon Cheng
a004e37db7 fix: only show save catalog skip warning when using pnpm add (#10041) 
close #9662
 2025-10-06 14:03:11 +02:00
Zoltan Kochan
c5e895f657 fix: don't print a warning when --lockfile-only is used (#10044) 
close #8320
 2025-10-05 02:28:26 +02:00
Zoltan Kochan
bdbd31aa4f chore(release): 10.18.0 2025-10-02 16:36:27 +02:00
Zoltan Kochan
6618431aee chore(release): libs 2025-09-29 11:56:00 +02:00
Zoltan Kochan
fb4da0c0ab feat: print a warning if network requests are slow (#10025) 
* feat: print a warning if network requests are slow

* feat: print a warning if network requests are slow

add a new setting for fetch tarball speed

* feat: print a warning if network requests are slow

* fix: src/fetch.ts

* docs: add changeset
 2025-09-28 11:19:10 +02:00
btea
93fdc73626 fix: correctly apply cleanupUnusedCatalogs when remove pkg (#10005) 
close #9993

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-09-28 00:55:43 +02:00
Zoltan Kochan
f6242c333b chore(release): 10.17.1 2025-09-22 15:09:34 +02:00
btea
baf8bf6304 feat: improve error message when no mature enough matching package is found (#9974) 
---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-09-19 19:51:57 +02:00
Zoltan Kochan
1a1a272fa4 chore(release): 10.17.0 2025-09-17 16:48:25 +02:00
btea
3a58aaa3e3 feat: minimumReleaseAgeExclude support patterns (#9984) 
close #9983

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-09-17 16:45:01 +02:00
Zoltan Kochan
ea44ff979f chore(release): 10.16.1 2025-09-13 19:20:27 +02:00
Zoltan Kochan
a3c1498403 chore(release): 10.16.0 2025-09-12 14:24:30 +02:00
Tom Jenkinson
2ebd45a7f2 fix: throw error if no TTY instead of terminating with 0 exit code (#9960) 
close #9744
 2025-09-12 12:07:01 +02:00
Zoltan Kochan
38e2599ecd feat: set minimumReleaseAge to delay new versions of dependencies from being installed (#9957) 
close #9921
 2025-09-11 17:25:11 +02:00
btea
c182b2d588 fix: remove pkg apply cleanupUnusedCatalogs (#9930) 
* fix: remove pkg apply cleanupUnusedCatalogs

* fix: lint
 2025-09-07 00:03:56 +02:00
Zoltan Kochan
3d1711a439 chore(release): 10.15.1 2025-09-01 11:41:05 +02:00