mirror of
https://github.com/pnpm/pnpm.git
synced 2026-06-28 09:55:39 -04:00
7cd5594a50
* feat(pacquet): add --ignore-scripts to install `pacquet install` runs the dependency build phase on the fresh-lockfile path (since pnpm/pnpm#12436), so a project with blocked build scripts (e.g. sharp, esbuild) fails with `ERR_PNPM_IGNORED_BUILDS` under the default `strictDepBuilds`. pnpm's answer is `--ignore-scripts`; pacquet had no equivalent, so there was no way to install such a project without approving every build. Add `--ignore-scripts`, mirroring pnpm: a `Config.ignore_scripts` field fed by the CLI flag (merged enable-only at the Install dispatch, like `--frozen-store`). When set, the during-install build loop bypasses its allow-build gate entirely — no script runs and nothing is recorded as an ignored build, so the install no longer fails under `strictDepBuilds`. Patches still apply, and the project's own lifecycle scripts are skipped too, matching pnpm's `ignoreScripts`. This also unblocks the vlt.sh benchmark, whose pacquet command was the only one missing the `--ignore-scripts` the pnpm command already passes, making pacquet show up as DNF on every fixture. * fix(pacquet): honor ignore_scripts for git deps and from workspace yaml/env Two follow-ups from PR review: - Git and git-hosted-tarball dependencies were fetched with `ignore_scripts: false` hardcoded, so their `prepare` script still ran during install even under `--ignore-scripts`. Thread `config.ignore_scripts` into `GitFetcher` / `GitHostedTarballFetcher`, and flip the git store-index key's `built` dimension to `!ignore_scripts` at both the write site (`install_package_by_snapshot`) and the warm-prefetch site (`snapshot_cache_key`) so the two stay in lock-step and address the same slot. - `Config.ignore_scripts` was only set by the CLI flag; `ignoreScripts` in `pnpm-workspace.yaml` and `PNPM_CONFIG_IGNORE_SCRIPTS` were silently dropped. Wire it through `WorkspaceSettings` + `apply_to` and the env overlay, mirroring `strictDepBuilds`.
简体中文 | 日本語 | 한국어 | Italiano | Português Brasileiro
Fast, disk space efficient package manager:
- Fast. Up to 2x faster than the alternatives (see benchmark).
- Efficient. Files inside
node_modulesare linked from a single content-addressable storage. - Great for monorepos.
- Strict. A package can access only dependencies that are specified in its
package.json. - Deterministic. Has a lockfile called
pnpm-lock.yaml. - Works as a Node.js version manager. See pnpm runtime.
- Works everywhere. Supports Windows, Linux, and macOS.
- Battle-tested. Used in production by teams of all sizes since 2016.
- See the full feature comparison with npm and Yarn.
To quote the Rush team:
Microsoft uses pnpm in Rush repos with hundreds of projects and hundreds of PRs per day, and we’ve found it to be very fast and reliable.
Platinum Sponsors
|
|
Gold Sponsors
|
|
|
|
|
|
|
|
Silver Sponsors
|
|
|
|
|
|
|
|
⏱️ Time.now |
Support this project by becoming a sponsor.
Background
pnpm uses a content-addressable filesystem to store all files from all module directories on a disk. When using npm, if you have 100 projects using lodash, you will have 100 copies of lodash on disk. With pnpm, lodash will be stored in a content-addressable storage, so:
- If you depend on different versions of lodash, only the files that differ are added to the store.
If lodash has 100 files, and a new version has a change only in one of those files,
pnpm updatewill only add 1 new file to the storage. - All the files are saved in a single place on the disk. When packages are installed, their files are linked from that single place consuming no additional disk space. Linking is performed using either hard-links or reflinks (copy-on-write).
As a result, you save gigabytes of space on your disk and you have a lot faster installations!
If you'd like more details about the unique node_modules structure that pnpm creates and
why it works fine with the Node.js ecosystem, read this small article: Flat node_modules is not the only way.
💖 Like this project? Let people know with a tweet
Getting Started
Benchmark
pnpm is up to 2x faster than npm and Yarn classic. See all benchmarks here.
Benchmarks on an app with lots of dependencies:
License
MIT, except the pnpr/ directory, which is source-available under the PolyForm Shield License 1.0.0.