mirror of https://github.com/pnpm/pnpm.git synced 2026-06-28 09:55:39 -04:00

Files

Zoltan Kochan 822beb5fa0 fix: harden package-manager bootstrap metadata (#12296 )

- Resolve package-manager bootstrap metadata through trusted user/CLI registries and trusted network config, defaulting to the public npm registry instead of project/workspace registry settings.
- Apply that bootstrap config in `switchCliVersion()` and `syncEnvLockfile()` so repository `.npmrc` proxy/TLS/configByUri values cannot steer package-manager bootstrap traffic.
- Validate repository-provided package-manager env-lockfile entries before auto-switch install/execution: dependency paths must be registry package paths and package records must use integrity-only resolutions.
- Preserve the fast path for fully resolved, valid package-manager metadata; incomplete metadata is still resolved through trusted bootstrap registries.
- Handle peer-suffixed package-manager snapshots by looking up `packages` entries with `removeSuffix(depPath)` while keeping `snapshots` keyed by the full dep path.

2026-06-10 00:30:31 +02:00

src

fix: harden package-manager bootstrap metadata (#12296 )

2026-06-10 00:30:31 +02:00

test

fix: harden package-manager bootstrap metadata (#12296 )

2026-06-10 00:30:31 +02:00

CHANGELOG.md

chore(release): 11.5.2 (#12207 )

2026-06-05 08:27:41 +02:00

package.json

chore(release): 11.5.2 (#12207 )

2026-06-05 08:27:41 +02:00

README.md

docs: fix package names in README files (#11409 )

2026-04-30 22:59:17 +02:00

tsconfig.json

feat: add runtimeOnFail setting (#11277 )

2026-04-17 12:00:17 +02:00

tsconfig.lint.json

refactor: rename internal packages to @pnpm/<domain>.<leaf> convention (#10997 )

2026-03-17 21:50:40 +01:00

README.md

@pnpm/config.reader

Gets configuration options for pnpm

Installation

pnpm add @pnpm/config.reader

Usage

import { getConfig } from '@pnpm/config.reader'

getConfig().then(pnpmConfig => console.log(pnpmConfig))

License

MIT