mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-04-04 15:24:02 -04:00
Code Issues Packages Projects Releases Wiki Activity
10,071 Commits 377 Branches 1,869 Tags
cfec937abd1f646965dffeafbe5aa477ef15bb1d
Commit Graph

622 Commits

Author SHA1 Message Date
Oren
73cc63504d feat: support blockExoticSubdeps option to disallow non-trusted dep sources in subdeps (#10265) 
* feat(core): add onlyRegistryDependencies option to disallow non-registry subdependencies

* fix: onlyRegistryDependencies=>registrySubdepsOnly

* fix: allow resolution from custom resolver

* fix: add registry-subdeps-only to types

* docs: update changesets

* refactor: registry-only

* refactor: registrySubdepsOnly=>blockExoticSubdeps

* fix: trust runtime deps

* refactor: remove comment

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-10 12:22:37 +01:00
Oren
40775391d5 fix(git-fetcher): block git dependencies from running prepare scripts unless allowed (#10288) 
* fix(git-fetcher): block git dependencies from running prepare scripts unless allowed

* Update exec/prepare-package/src/index.ts

Co-authored-by: Zoltan Kochan <z@kochan.io>

* Also implement in gitHostedTarballFetcher

* refactor: move allowBuild function creation to the store manager

* refactor: pass allowBuild function to fetch function directly

* refactor: revert not needed changes and update changesets

* test: fix

* fix: implemented CR suggestions

* test: fix

* test: fix

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-12-10 00:51:43 +01:00
Oren
b7d3ec65b1 fix(tarball-resolver): add integrity hash to HTTP tarball dependencies (#10287) 
* fix(tarball-resolver): add integrity hash to HTTP tarball dependencies

* Refactor to download tarball just once

* Fix tests

* fix: only calc hash when it is not passed in to the fetcher

* docs: update changesets
 2025-12-10 00:49:50 +01:00
Zoltan Kochan
b0cd2dea48 chore(release): 10.25.0 2025-12-08 15:33:42 +01:00
Zoltan Kochan
9b05bdd7e1 fix: reporting ignored dependency builds (#10276) 2025-12-06 16:43:42 +01:00
Zoltan Kochan
7c15c93c26 chore(release): libs 2025-12-02 16:02:38 +01:00
Zoltan Kochan
033a2561eb fix: dependencies that were added to onlyBuiltDependencies should be built on install (#10256) 2025-12-02 15:36:29 +01:00
Zoltan Kochan
16d08d0cb0 chore(release): 10.24.0 2025-11-27 14:53:58 +01:00
Brandon Cheng
3631b01697 fix: throw a frozen lockfile error when catalogs change (#10231) 
close #9369
 2025-11-26 01:13:54 +01:00
Zoltan Kochan
603aedae0a chore(release): 10.23.0 2025-11-20 14:46:54 +01:00
Zoltan Kochan
1de6d19f59 chore(release): 10.22.0 2025-11-12 14:13:12 +01:00
Ryo Matsukawa
93d49548ca feat: add support for trustPolicyExclude (#10168) 
close #10164
 2025-11-11 13:01:56 +01:00
Zoltan Kochan
2e2dc27d07 chore(release): 10.21.0 2025-11-09 23:45:04 +01:00
Ryo Matsukawa
68ad0868b4 feat: add support for npm package trust evidence check via a new trustPolicy setting (#10103) 
close #8889

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-11-09 23:32:56 +01:00
Zoltan Kochan
5847af412b feat: install js runtime as prod dependency (#10141) 2025-10-31 17:15:38 +01:00
Zoltan Kochan
49f03d14ee chore(release): 10.20.0 2025-10-28 17:35:21 +01:00
Zoltan Kochan
0cde1287c8 chore: update repository fields 2025-10-23 11:57:12 +02:00
Zoltan Kochan
43d7b18c2f chore(release): 10.19.0 2025-10-21 15:30:20 +02:00
Zoltan Kochan
dee39ecb8a feat: support allowing the build of specific versions of dependencies (#10104) 
close #10076
 2025-10-21 12:38:16 +02:00
Ryo Matsukawa
7c1382f7b7 feat: add support for exact versions in minimumReleaseAgeExclude (#10059) 
close #9985

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-10-18 11:10:08 +02:00
Zoltan Kochan
1bfc105da0 chore(release): 10.18.3 2025-10-14 11:27:45 +02:00
Zoltan Kochan
1b15e45ae9 chore(release): 10.18.2 2025-10-09 16:56:04 +02:00
Zoltan Kochan
651a27aea4 chore(release): 10.18.1 2025-10-06 14:13:59 +02:00
Zoltan Kochan
c5e895f657 fix: don't print a warning when --lockfile-only is used (#10044) 
close #8320
 2025-10-05 02:28:26 +02:00
Zoltan Kochan
6618431aee chore(release): libs 2025-09-29 11:56:00 +02:00
Zoltan Kochan
f6242c333b chore(release): 10.17.1 2025-09-22 15:09:34 +02:00
Zoltan Kochan
1a1a272fa4 chore(release): 10.17.0 2025-09-17 16:48:25 +02:00
btea
3a58aaa3e3 feat: minimumReleaseAgeExclude support patterns (#9984) 
close #9983

---------

Co-authored-by: Zoltan Kochan <z@kochan.io>
 2025-09-17 16:45:01 +02:00
Zoltan Kochan
ea44ff979f chore(release): 10.16.1 2025-09-13 19:20:27 +02:00
Zoltan Kochan
a3c1498403 chore(release): 10.16.0 2025-09-12 14:24:30 +02:00
Tom Jenkinson
2ebd45a7f2 fix: throw error if no TTY instead of terminating with 0 exit code (#9960) 
close #9744
 2025-09-12 12:07:01 +02:00
Zoltan Kochan
38e2599ecd feat: set minimumReleaseAge to delay new versions of dependencies from being installed (#9957) 
close #9921
 2025-09-11 17:25:11 +02:00
Zoltan Kochan
3d1711a439 chore(release): 10.15.1 2025-09-01 11:41:05 +02:00
Zoltan Kochan
3482fe17d1 fix: pick package by real name to resolve a peer dependency (#9919) 
* fix: pick package by real name to resolve a peer dependency

close #9913

This fixes a regression introduced in #9835

* fix: resolve from alias

* test: fix

* refactor: test

* fix: sort aliases

* docs: add changesets

* refactor: types
 2025-08-31 10:40:02 +02:00
btea
05dd45ea82 perf: replace startsWith with strict equality (#9881) 2025-08-21 14:14:26 +02:00
Zoltan Kochan
facd7656e8 refactor: always use extensions in relative imports (#9878) 2025-08-19 15:25:11 +02:00
Zoltan Kochan
c89c93d59b test: use @jest/globals (#9877) 2025-08-19 00:16:25 +02:00
Zoltan Kochan
14c78e81d4 test: use jest.mocked (#9874) 2025-08-18 15:22:37 +02:00
btea
8747b4e7f6 feat: add cleanupUnusedCatalogs config (#9793) 2025-08-14 12:26:51 +02:00
Zoltan Kochan
dcfb186f21 chore(release): libs 2025-08-07 14:09:55 +02:00
Zoltan Kochan
aa24e7fe7f fix: when automatically installing peer deps, prefer the version found in the root of the workspace (#9835) 2025-08-07 14:07:13 +02:00
Zoltan Kochan
a4d654807c chore(release): 10.14.0 2025-07-31 15:00:26 +02:00
Zoltan Kochan
86b33e91ea feat: support installing Bun runtime (#9815) 
* feat: support installing Bun runtime

* feat: support installing Bun runtime

* fix: cache libc resolution

* refactor: shasum file fetching

* docs: add changesets

* feat: installing the right artifact

* test: supported architectures

* test: fix on Windows
 2025-07-31 13:46:13 +02:00
Brandon Cheng
98dd75a5d9 fix: re-resolve catalog entries when running pnpm dedupe (#9808) 
* test: catalog is deduped on pnpm dedupe

* fix: re-resolve catalog entries when running `pnpm dedupe`
 2025-07-30 11:47:27 +02:00
Brandon Cheng
9908269a12 fix: re-link local tarball when contents change (without rename) during filtered install (#9805) 
* test: ensure current lockfile updates when tarball integrity changes

* fix: update store when local tarball contents change without rename
 2025-07-30 11:31:24 +02:00
Zoltan Kochan
d1edf732ad feat: support installing Deno runtime (#9791) 
* feat: support installing Deno runtime

* refactor: use npm registry to resolve deno version

* feat: wip

* feat: installing deno runtime

* style: fix

* test: fix

* test: deno

* test: fix

* feat: deno

* feat: deno

* feat: create zip fetcher

* style: fix

* refactor: node fetch

* feat: support a new binary fetcher

* test: fix

* feat: rename zip-fetcher to binary-fetcher

* refactor: change naming

* fix: windows

* refactor: rename packages

* refactor: deno resolver

* refactor: runtime resolvers

* refactor: binary fetcher

* refactor: runtime resolvers

* refactor: runtime resolvers

* refactor: create SingleResolution

* refactor: remove not needed change

* refactor: package requester

* docs: add changesets

* refactor: use VariationsResolution and AtomicResolution

* refactor: implement CR suggestions

* docs: add changesets

* fix: address comment in CR

* feat: update formatting of pnpm-lock.yaml
 2025-07-30 11:27:07 +02:00
Zoltan Kochan
f91922c938 fix: store every Node.js artifact's integrity separately in the lockfile (#9798) 
* fix: store every Node.js artifact's integrity separately in the lockfile

* fix: store every Node.js artifact's integrity separately in the lockfile

* style: fix

* Potential fix for code scanning alert no. 76: Incomplete string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

* fix: windows

* refactor: node install

* fix: test

* fix: test on Windows

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2025-07-25 16:31:23 +02:00
Zoltan Kochan
fb9de7ac3a chore(release): 10.14.0-0 2025-07-23 14:54:13 +02:00
Zoltan Kochan
06d1835219 test: fix test due to a package removed from the npm registry 2025-07-23 13:39:53 +02:00
Zoltan Kochan
cefe4bf174 test: fix test due to a package removed from the npm registry 2025-07-23 11:46:56 +02:00