mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-04-28 11:01:30 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
fcdd50aaa773bc30f90bba767ca6c374646bf87e
pnpm/resolving/npm-resolver/CHANGELOG.md
Zoltan Kochan fcdd50aaa7 chore(release): 11.0.0-rc.3
2026-04-21 00:17:38 +02:00

37 KiB
Raw Blame History

@pnpm/npm-resolver

1100.1.0

Minor Changes

  • 9e0833c: Added a new setting minimumReleaseAgeIgnoreMissingTime, which is true by default. When enabled, pnpm skips the minimumReleaseAge maturity check if the registry metadata does not include the time field. Set to false to fail resolution instead.

Patch Changes

  • Updated dependencies [72c1e05]
    • @pnpm/resolving.resolver-base@1100.1.0
    • @pnpm/store.cafs@1100.0.2
    • @pnpm/worker@1100.0.2
    • @pnpm/crypto.hash@1100.0.0

1100.0.1

Patch Changes

  • Updated dependencies [ff28085]
    • @pnpm/types@1101.0.0
    • @pnpm/config.pick-registry-for-package@1100.0.1
    • @pnpm/core-loggers@1100.0.1
    • @pnpm/resolving.registry.types@1100.0.1
    • @pnpm/resolving.resolver-base@1100.0.1
    • @pnpm/store.cafs@1100.0.1
    • @pnpm/worker@1100.0.1
    • @pnpm/crypto.hash@1100.0.0
    • @pnpm/resolving.registry.pkg-metadata-filter@1100.0.1

1005.0.0

Major Changes

  • 491a84f: This package is now pure ESM.
  • 19f36cf: Changed the error code for no matching version that satisfies the maturity configuration.
  • 7d2fd48: Node.js v18, 19, 20, and 21 support discontinued.
  • 56a59df: Store the bundled manifest (name, version, bin, engines, scripts, etc.) directly in the package index file, eliminating the need to read package.json from the content-addressable store during resolution and installation. This reduces I/O and speeds up repeat installs #10473.

Minor Changes

  • facdd71: Adding trustPolicyIgnoreAfter allows you to ignore trust policy checks for packages published more than a specified time ago#10352.

  • 0625e20: Support bare workspace: protocol without version specifier. It is now treated as workspace:* and resolves to the concrete version during publish #10436.

  • 10bc391: Added a new setting: trustPolicy.

  • 15549a9: Add the ability to fix vulnerabilities by updating packages in the lockfile instead of adding overrides.

  • 9d3f00b: Added support for trustPolicyExclude #10164.

    You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example:

    trustPolicy: no-downgrade
trustPolicyExclude:
  - chokidar@4.0.3
  - webpack@4.47.0 || 5.102.1

Patch Changes

  • a297ebc: Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #10307.

  • 831f574: When package metadata is malformed or can't be fetched, the error thrown will now show the originating error.

  • 0e9c559: An internal refactor was performed to remove a misleading usage of pMemoize. Previously the maxAge argument was passed, but this field is ignored by the p-memoize NPM package.

  • 19f36cf: Don't silently skip an optional dependency if it cannot be resolved from a version that satisfies the minimumReleaseAge setting #10270.

  • 61cad0c: fix: treat HTTP 400 responses as errors in the npm resolver fetch

    The status check used > 400 instead of >= 400, causing 400 Bad Request responses to bypass the error path and fall into JSON parse/retry logic instead.

  • 143ca78: Fix link-workspace-packages=true incorrectly linking workspace packages when the requested version doesn't match the workspace package's version. Previously, on fresh installs the version constraint is overridden to * in the fallback resolution paths, causing any workspace package with a matching name to be linked regardless of version #10173.

  • 6f361aa: trustPolicy should ignore the trust evidences of prerelease versions, when installing a non-prerelease version.

  • 938ea1f: Revert Try to avoid making network calls with preferOffline #10334.

  • 2cb0657: Don't fail with a ERR_PNPM_MISSING_TIME error if a package that is excluded from trust policy checks is missing the time field in the metadata.

  • bb8baa7: Fixed optional dependencies to request full metadata from the registry to get the libc field, which is required for proper platform compatibility checks #9950.

  • 144ce0e: Improve the error messages related to trustPolicy mismatch.

  • ba70035: Update parse-npm-tarball-url to fix deprecation warnings on Node.js 24.

  • 3585d9a: Normalize the tarball URLs before saving them to the lockfile. URLs should not contain default ports, like :80 for http and :443 for https #10273.

  • 6557dc0: Fixed a bug preventing the clearCache function returned by createNpmResolver from properly clearing metadata cache.

  • Updated dependencies [facdd71]

  • Updated dependencies [e2e0a32]

  • Updated dependencies [c55c614]

  • Updated dependencies [9b0a460]

  • Updated dependencies [76718b3]

  • Updated dependencies [a8f016c]

  • Updated dependencies [cc1b8e3]

  • Updated dependencies [7cec347]

  • Updated dependencies [3bf5e21]

  • Updated dependencies [491a84f]

  • Updated dependencies [6656baa]

  • Updated dependencies [2ea6463]

  • Updated dependencies [50fbeca]

  • Updated dependencies [caabba4]

  • Updated dependencies [075aa99]

  • Updated dependencies [3bf5e21]

  • Updated dependencies [d3d6938]

  • Updated dependencies [0625e20]

  • Updated dependencies [bb8baa7]

  • Updated dependencies [878a773]

  • Updated dependencies [f8e6774]

  • Updated dependencies [ee9fe58]

  • Updated dependencies [7d2fd48]

  • Updated dependencies [efb48dc]

  • Updated dependencies [56a59df]

  • Updated dependencies [780af09]

  • Updated dependencies [50fbeca]

  • Updated dependencies [cb367b9]

  • Updated dependencies [7b1c189]

  • Updated dependencies [6c480a4]

  • Updated dependencies [8ffb1a7]

  • Updated dependencies [05fb1ae]

  • Updated dependencies [71de2b3]

  • Updated dependencies [4893853]

  • Updated dependencies [10bc391]

  • Updated dependencies [38b8e35]

  • Updated dependencies [b7f0f21]

  • Updated dependencies [831f574]

  • Updated dependencies [2df8b71]

  • Updated dependencies [15549a9]

  • Updated dependencies [cc7c0d2]

  • Updated dependencies [9d3f00b]

  • Updated dependencies [98a0410]

  • Updated dependencies [efb48dc]

    • @pnpm/resolving.resolver-base@1006.0.0
    • @pnpm/store.cafs@1001.0.0
    • @pnpm/worker@1001.0.0
    • @pnpm/constants@1002.0.0
    • @pnpm/types@1001.0.0
    • @pnpm/workspace.range-resolver@1001.0.0
    • @pnpm/config.pick-registry-for-package@1001.0.0
    • @pnpm/resolving.jsr-specifier-parser@1001.0.0
    • @pnpm/fetching.types@1001.0.0
    • @pnpm/core-loggers@1002.0.0
    • @pnpm/workspace.spec-parser@1001.0.0
    • @pnpm/fs.graceful-fs@1001.0.0
    • @pnpm/error@1001.0.0
    • @pnpm/crypto.hash@1001.0.0
    • @pnpm/resolving.registry.types@1000.1.0
    • @pnpm/store.index@1000.0.0
    • @pnpm/resolving.registry.pkg-metadata-filter@1000.1.2

1004.4.1

Patch Changes

  • 6c3dcb8: Skip time field validation for packages excluded by minimumReleaseAgeExclude (allows packages that would otherwise throw ERR_PNPM_MISSING_TIME).
  • Updated dependencies [0152a51]
    • @pnpm/registry.pkg-metadata-filter@1000.1.1

1004.4.0

Minor Changes

  • 7c1382f: The npm resolver supports publishedByExclude now.

Patch Changes

  • Updated dependencies [7c1382f]
  • Updated dependencies [7c1382f]
  • Updated dependencies [7c1382f]
  • Updated dependencies [dee39ec]
    • @pnpm/registry.pkg-metadata-filter@1000.1.0
    • @pnpm/types@1000.9.0
    • @pnpm/resolver-base@1005.1.0
    • @pnpm/pick-registry-for-package@1000.0.11
    • @pnpm/core-loggers@1001.0.4
    • @pnpm/registry.types@1000.0.1
    • @pnpm/crypto.hash@1000.2.1

1004.3.0

Minor Changes

  • fb4da0c: Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

    Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps. Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

    Related PR: #10025.

Patch Changes

  • Updated dependencies [9b9faa5]
  • Updated dependencies [4a2d871]
    • @pnpm/graceful-fs@1000.0.1
    • @pnpm/registry.pkg-metadata-filter@1000.0.0
    • @pnpm/registry.types@1000.0.0
    • @pnpm/crypto.hash@1000.2.1

1004.2.3

Patch Changes

  • baf8bf6: When a version specifier cannot be resolved because the versions don't satisfy the minimumReleaseAge setting, print this information out in the error message #9974.
  • 702ddb9: When minimumReleaseAge is set and the latest tag is not mature enough, prefer a non-deprecated version as the new latest #9987.

1004.2.2

Patch Changes

  • 121b44e: Don't ignore the minimumReleaseAge check, when the package is requested by exact version and the packument is loaded from cache #9978.
  • 02f8b69: When minimumReleaseAge is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #9979.

1004.2.1

Patch Changes

  • Updated dependencies [6365bc4]
    • @pnpm/constants@1001.3.1
    • @pnpm/error@1000.0.5
    • @pnpm/resolving.jsr-specifier-parser@1000.0.3
    • @pnpm/crypto.hash@1000.2.0

1004.2.0

Minor Changes

  • 38e2599: There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

    The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed.

    If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:

    minimumReleaseAgeExclude:
  - webpack

    Related issue: #9921.

Patch Changes

  • Updated dependencies [e792927]
    • @pnpm/types@1000.8.0
    • @pnpm/pick-registry-for-package@1000.0.10
    • @pnpm/core-loggers@1001.0.3
    • @pnpm/resolver-base@1005.0.1
    • @pnpm/crypto.hash@1000.2.0

1004.1.3

Patch Changes

  • Updated dependencies [d1edf73]
  • Updated dependencies [86b33e9]
  • Updated dependencies [d1edf73]
  • Updated dependencies [f91922c]
    • @pnpm/constants@1001.3.0
    • @pnpm/resolver-base@1005.0.0
    • @pnpm/error@1000.0.4
    • @pnpm/resolving.jsr-specifier-parser@1000.0.2
    • @pnpm/crypto.hash@1000.2.0

1004.1.2

Patch Changes

  • Updated dependencies [1a07b8f]
  • Updated dependencies [1ba2e15]
  • Updated dependencies [1a07b8f]
  • Updated dependencies [1a07b8f]
    • @pnpm/types@1000.7.0
    • @pnpm/fetching-types@1000.2.0
    • @pnpm/resolver-base@1004.1.0
    • @pnpm/constants@1001.2.0
    • @pnpm/pick-registry-for-package@1000.0.9
    • @pnpm/core-loggers@1001.0.2
    • @pnpm/error@1000.0.3
    • @pnpm/crypto.hash@1000.2.0
    • @pnpm/resolving.jsr-specifier-parser@1000.0.1

1004.1.1

Patch Changes

  • Updated dependencies [cf630a8]
    • @pnpm/crypto.hash@1000.2.0

1004.1.0

Minor Changes

  • 2721291: Create different resolver result types which provide more information.

Patch Changes

  • Updated dependencies [2721291]
  • Updated dependencies [6acf819]
    • @pnpm/resolver-base@1004.0.0
    • @pnpm/crypto.hash@1000.1.1

1004.0.1

Patch Changes

  • 09cf46f: Update @pnpm/logger in peer dependencies.
  • Updated dependencies [09cf46f]
  • Updated dependencies [5ec7255]
    • @pnpm/core-loggers@1001.0.1
    • @pnpm/types@1000.6.0
    • @pnpm/pick-registry-for-package@1000.0.8
    • @pnpm/resolver-base@1003.0.1
    • @pnpm/crypto.hash@1000.1.1

1004.0.0

Major Changes

  • 8a9f3a4: pref renamed to bareSpecifier.
  • 5b73df1: Renamed normalizedPref to specifiers.

Minor Changes

  • 9c3dd03: Added support for installing JSR packages. You can now install JSR packages using the following syntax:

    pnpm add jsr:<pkg_name>

    or with a version range:

    pnpm add jsr:<pkg_name>@<range>

    For example, running:

    pnpm add jsr:@foo/bar

    will add the following entry to your package.json:

    {
  "dependencies": {
    "@foo/bar": "jsr:^0.1.2"
  }
}

    When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions:

    {
  "dependencies": {
    "@foo/bar": "npm:@jsr/foo__bar@^0.1.2"
  }
}

    Related issue: #8941.

    Note: The @jsr scope defaults to https://npm.jsr.io/ if the @jsr:registry setting is not defined.

Patch Changes

  • Updated dependencies [8a9f3a4]
  • Updated dependencies [9c3dd03]
  • Updated dependencies [5b73df1]
  • Updated dependencies [9c3dd03]
  • Updated dependencies [5b73df1]
    • @pnpm/resolver-base@1003.0.0
    • @pnpm/core-loggers@1001.0.0
    • @pnpm/logger@1001.0.0
    • @pnpm/resolving.jsr-specifier-parser@1000.0.0
    • @pnpm/types@1000.5.0
    • @pnpm/pick-registry-for-package@1000.0.7
    • @pnpm/crypto.hash@1000.1.1

1003.0.0

Major Changes

  • 81f441c: updateToLatest replaced with update field.

Patch Changes

  • Updated dependencies [81f441c]
    • @pnpm/resolver-base@1002.0.0
    • @pnpm/crypto.hash@1000.1.1

1002.0.0

Major Changes

  • 72cff38: The resolving function now takes a registries object, so it finds the required registry itself instead of receiving it from package requester.

Patch Changes

  • Updated dependencies [750ae7d]
  • Updated dependencies [72cff38]
  • Updated dependencies [750ae7d]
    • @pnpm/types@1000.4.0
    • @pnpm/resolver-base@1001.0.0
    • @pnpm/core-loggers@1000.2.0
    • @pnpm/pick-registry-for-package@1000.0.6
    • @pnpm/crypto.hash@1000.1.1

1001.0.1

Patch Changes

  • Updated dependencies [5f7be64]
  • Updated dependencies [5f7be64]
    • @pnpm/types@1000.3.0
    • @pnpm/core-loggers@1000.1.5
    • @pnpm/resolver-base@1000.2.1
    • @pnpm/crypto.hash@1000.1.1

1001.0.0

Major Changes

  • 3d52365: The @pnpm/npm-resolver package can now return workspace in the resolvedVia field of its results. This will be the case if the resolved package was requested through the workspace: protocol or if the wanted dependency's name and specifier match a package in the workspace. Previously, the resolvedVia field was always set to local-filesystem for workspace packages.

Patch Changes

  • Updated dependencies [3d52365]
    • @pnpm/resolver-base@1000.2.0
    • @pnpm/crypto.hash@1000.1.1

1000.1.7

Patch Changes

  • @pnpm/crypto.hash@1000.1.1

1000.1.6

Patch Changes

  • 8371664: When a package version cannot be found in the package metadata, print the registry from which the package was fetched.

1000.1.5

Patch Changes

  • Updated dependencies [daf47e9]
  • Updated dependencies [a5e4965]
    • @pnpm/crypto.hash@1000.1.0
    • @pnpm/types@1000.2.1
    • @pnpm/core-loggers@1000.1.4
    • @pnpm/resolver-base@1000.1.4

1000.1.4

Patch Changes

  • Updated dependencies [8fcc221]
    • @pnpm/types@1000.2.0
    • @pnpm/core-loggers@1000.1.3
    • @pnpm/resolver-base@1000.1.3
    • @pnpm/crypto.hash@1000.0.0

1000.1.3

Patch Changes

  • Updated dependencies [9a44e6c]
  • Updated dependencies [b562deb]
    • @pnpm/constants@1001.1.0
    • @pnpm/types@1000.1.1
    • @pnpm/error@1000.0.2
    • @pnpm/core-loggers@1000.1.2
    • @pnpm/resolver-base@1000.1.2
    • @pnpm/crypto.hash@1000.0.0

1000.1.2

Patch Changes

  • Updated dependencies [9591a18]
    • @pnpm/types@1000.1.0
    • @pnpm/core-loggers@1000.1.1
    • @pnpm/resolver-base@1000.1.1
    • @pnpm/crypto.hash@1000.0.0

1000.1.1

Patch Changes

  • Updated dependencies [516c4b3]
    • @pnpm/core-loggers@1000.1.0
    • @pnpm/crypto.hash@1000.0.0

1000.1.0

Minor Changes

  • 6483b64: A new setting, inject-workspace-packages, has been added to allow hard-linking all local workspace dependencies instead of symlinking them. Previously, this behavior was achievable via the dependenciesMeta[].injected setting, which remains supported #8836.

Patch Changes

  • Updated dependencies [d2e83b0]
  • Updated dependencies [6483b64]
  • Updated dependencies [b0f3c71]
  • Updated dependencies [a76da0c]
    • @pnpm/constants@1001.0.0
    • @pnpm/resolver-base@1000.1.0
    • @pnpm/fetching-types@1000.1.0
    • @pnpm/error@1000.0.1
    • @pnpm/crypto.hash@1000.0.0

22.0.0

Major Changes

  • 501c152: Use SHA256 to encode the package name of a package that has upper case letters in its name.

Patch Changes

  • Updated dependencies [19d5b51]
  • Updated dependencies [8108680]
  • Updated dependencies [dcd2917]
  • Updated dependencies [c4f5231]
    • @pnpm/constants@10.0.0
    • @pnpm/crypto.hash@1.0.0
    • @pnpm/error@6.0.3

21.1.1

Patch Changes

  • 222d10a: Use crypto.hash, when available, for improved performance #8629.
  • Updated dependencies [222d10a]
  • Updated dependencies [222d10a]
    • @pnpm/crypto.polyfill@1.0.0

21.1.0

Minor Changes

  • 83681da: Keep libc field in clearMeta.

Patch Changes

  • Updated dependencies [83681da]
    • @pnpm/constants@9.0.0
    • @pnpm/error@6.0.2

21.0.5

Patch Changes

  • Updated dependencies [d500d9f]
    • @pnpm/types@12.2.0
    • @pnpm/core-loggers@10.0.7
    • @pnpm/resolver-base@13.0.4

21.0.4

Patch Changes

  • Updated dependencies [7ee59a1]
    • @pnpm/types@12.1.0
    • @pnpm/core-loggers@10.0.6
    • @pnpm/resolver-base@13.0.3

21.0.3

Patch Changes

  • Updated dependencies [cb006df]
    • @pnpm/types@12.0.0
    • @pnpm/core-loggers@10.0.5
    • @pnpm/resolver-base@13.0.2

21.0.2

Patch Changes

  • Updated dependencies [0ef168b]
    • @pnpm/types@11.1.0
    • @pnpm/core-loggers@10.0.4
    • @pnpm/resolver-base@13.0.1

21.0.1

Patch Changes

  • afe520d: Update rename-overwrite to v6.

21.0.0

Major Changes

  • dd00eeb: Renamed dir to rootDir in the Project object.

Patch Changes

  • Updated dependencies [dd00eeb]
  • Updated dependencies
    • @pnpm/resolver-base@13.0.0
    • @pnpm/types@11.0.0
    • @pnpm/core-loggers@10.0.3

20.0.1

Patch Changes

  • Updated dependencies [13e55b2]
    • @pnpm/types@10.1.1
    • @pnpm/core-loggers@10.0.2
    • @pnpm/resolver-base@12.0.2

20.0.0

Major Changes

19.0.4

Patch Changes

  • Updated dependencies [45f4262]
    • @pnpm/types@10.1.0
    • @pnpm/core-loggers@10.0.1
    • @pnpm/resolver-base@12.0.1

19.0.3

Patch Changes

  • Updated dependencies [a7aef51]
    • @pnpm/error@6.0.1

19.0.2

Patch Changes

  • 43b6bb7: Print a better error message when resolution-mode is set to time-based and the registry fails to return the "time" field in the package's metadata.

19.0.1

Patch Changes

  • cb0f459: pnpm update should not fail when there's an aliased local workspace dependency #7975.
  • Updated dependencies [cb0f459]
    • @pnpm/workspace.spec-parser@1.0.0

19.0.0

Major Changes

  • cdd8365: Package ID does not contain the registry domain.
  • 43cdd87: Node.js v16 support dropped. Use at least Node.js v18.12.
  • d381a60: Support for lockfile v5 is dropped. Use pnpm v8 to convert lockfile v5 to lockfile v6 #7470.

Patch Changes

  • Updated dependencies [7733f3a]
  • Updated dependencies [3ded840]
  • Updated dependencies [43cdd87]
  • Updated dependencies [b13d2dc]
  • Updated dependencies [730929e]
    • @pnpm/types@10.0.0
    • @pnpm/error@6.0.0
    • @pnpm/resolve-workspace-range@6.0.0
    • @pnpm/resolver-base@12.0.0
    • @pnpm/fetching-types@6.0.0
    • @pnpm/core-loggers@10.0.0
    • @pnpm/graceful-fs@4.0.0

18.1.0

Minor Changes

  • 31054a63e: Running pnpm update -r --latest will no longer downgrade prerelease dependencies #7436.

Patch Changes

  • Updated dependencies [31054a63e]
    • @pnpm/resolver-base@11.1.0

18.0.2

Patch Changes

  • 33313d2fd: Update rename-overwrite to v5.
  • Updated dependencies [4d34684f1]
    • @pnpm/types@9.4.2
    • @pnpm/core-loggers@9.0.6
    • @pnpm/resolver-base@11.0.2

18.0.1

Patch Changes

  • Updated dependencies
    • @pnpm/types@9.4.1
    • @pnpm/core-loggers@9.0.5
    • @pnpm/resolver-base@11.0.1

18.0.0

Major Changes

  • cd4fcfff0: (IMPORTANT) When the package tarballs aren't hosted on the same domain on which the registry (the server with the package metadata) is, the dependency keys in the lockfile should only contain /<pkg_name>@<pkg_version, not <domain>/<pkg_name>@<pkg_version>.

    This change is a fix to avoid the same package from being added to node_modules/.pnpm multiple times. The change to the lockfile is backward compatible, so previous versions of pnpm will work with the fixed lockfile.

    We recommend that all team members update pnpm in order to avoid repeated changes in the lockfile.

    Related PR: #7318.

17.0.0

Major Changes

  • 4c2450208: (Important) Tarball resolutions in pnpm-lock.yaml will no longer contain a registry field. This field has been unused for a long time. This change should not cause any issues besides backward compatible modifications to the lockfile #7262.

Patch Changes

  • Updated dependencies [4c2450208]
    • @pnpm/resolver-base@11.0.0

16.0.13

Patch Changes

  • Updated dependencies [43ce9e4a6]
    • @pnpm/types@9.4.0
    • @pnpm/core-loggers@9.0.4
    • @pnpm/resolver-base@10.0.4

16.0.12

Patch Changes

16.0.11

Patch Changes

  • Updated dependencies [d774a3196]
    • @pnpm/types@9.3.0
    • @pnpm/core-loggers@9.0.3
    • @pnpm/resolver-base@10.0.3

16.0.10

Patch Changes

  • Updated dependencies [9caa33d53]
    • @pnpm/graceful-fs@3.2.0

16.0.9

Patch Changes

  • 41c2b65cf: Respect workspace alias syntax in pkg graph #6922
  • Updated dependencies [083bbf590]
    • @pnpm/graceful-fs@3.1.0

16.0.8

Patch Changes

  • e958707b2: Improve performance by removing cryptographically generated id from temporary file names.
  • Updated dependencies [aa2ae8fe2]
    • @pnpm/types@9.2.0
    • @pnpm/core-loggers@9.0.2
    • @pnpm/resolver-base@10.0.2

16.0.7

Patch Changes

  • @pnpm/error@5.0.2

16.0.6

Patch Changes

16.0.5

Patch Changes

  • e6052260c: Print a meaningful error when a project referenced by the workspace: protocol is not found in the workspace #4477.
  • Updated dependencies [a9e0b7cbf]
    • @pnpm/types@9.1.0
    • @pnpm/core-loggers@9.0.1
    • @pnpm/resolver-base@10.0.1
    • @pnpm/error@5.0.1

16.0.4

Patch Changes

16.0.3

Patch Changes

  • c0760128d: bump semver to 7.4.0
  • Updated dependencies [c0760128d]
    • @pnpm/resolve-workspace-range@5.0.1

16.0.2

Patch Changes

  • ef6c22e12: Improve performance of clean install by preconverting and caching semver objects

16.0.1

Patch Changes

  • 642f8c1d0: Reduce max memory usage in npm-resolver

16.0.0

Major Changes

  • eceaa8b8b: Node.js 14 support dropped.
  • 9d026b7cb: Drop node.js 14 support. Update lru-cache.

Patch Changes

  • f835994ea: Deduplicate direct dependencies, when resolution-mode is set to lowest-direct #6042.
  • Updated dependencies [eceaa8b8b]
    • @pnpm/resolve-workspace-range@5.0.0
    • @pnpm/resolver-base@10.0.0
    • @pnpm/fetching-types@5.0.0
    • @pnpm/core-loggers@9.0.0
    • @pnpm/graceful-fs@3.0.0
    • @pnpm/error@5.0.0
    • @pnpm/types@9.0.0

15.0.9

Patch Changes

  • Updated dependencies [955874422]
    • @pnpm/graceful-fs@2.1.0

15.0.8

Patch Changes

  • 029143cff: When resolving dependencies, prefer versions that are already used in the root of the project. This is important to minimize the number of packages that will be nested during hoisting #6054.
  • Updated dependencies [029143cff]
  • Updated dependencies [029143cff]
    • @pnpm/resolver-base@9.2.0

15.0.7

Patch Changes

  • 74b535f19: Deduplicate direct dependencies.

    Let's say there are two projects in the workspace that dependend on foo. One project has foo@1.0.0 in the dependencies while another one has foo@^1.0.0 in the dependencies. In this case, foo@1.0.0 should be installed to both projects as satisfies the version specs of both projects.

  • 65563ae09: Return the lowest version when pickLowestVersion is true and the only versions in the metadata are prerelease versions.

15.0.6

Patch Changes

15.0.5

Patch Changes

  • @pnpm/error@4.0.1

15.0.4

Patch Changes

  • 83ba90fb8: Throw an accurate error message when trying to install a package that has no versions, or all of its versions are unpublished #5849.

15.0.3

Patch Changes

15.0.2

Patch Changes

  • a9d59d8bc: Update dependencies.
  • f3bfa2aae: pnpm add should prefer local projects from the workspace, even if they use prerelease versions.

15.0.1

Patch Changes

  • Updated dependencies [702e847c1]
    • @pnpm/types@8.9.0
    • @pnpm/core-loggers@8.0.2
    • @pnpm/resolver-base@9.1.4

15.0.0

Major Changes

  • 804de211e: GetCredentials function replaced with GetAuthHeader.

Patch Changes

  • Updated dependencies [804de211e]
    • @pnpm/fetching-types@4.0.0

14.0.1

Patch Changes

  • Updated dependencies [844e82f3a]
    • @pnpm/types@8.8.0
    • @pnpm/core-loggers@8.0.1
    • @pnpm/resolver-base@9.1.3

14.0.0

Major Changes

Patch Changes

  • Updated dependencies [043d988fc]
  • Updated dependencies [f884689e0]
    • @pnpm/error@4.0.0
    • @pnpm/core-loggers@8.0.0
    • @pnpm/resolve-workspace-range@4.0.0

13.1.11

Patch Changes

  • Updated dependencies [3ae888c28]
    • @pnpm/core-loggers@7.1.0

13.1.10

Patch Changes

  • Updated dependencies [e8a631bf0]
    • @pnpm/error@3.1.0

13.1.9

Patch Changes

  • Updated dependencies [d665f3ff7]
    • @pnpm/types@8.7.0
    • @pnpm/core-loggers@7.0.8
    • @pnpm/resolver-base@9.1.2

13.1.8

Patch Changes

  • Updated dependencies [156cc1ef6]
    • @pnpm/types@8.6.0
    • @pnpm/core-loggers@7.0.7
    • @pnpm/resolver-base@9.1.1

13.1.7

Patch Changes

  • a3ccd27a3: @types/ramda should be a dev dependency.

13.1.6

Patch Changes

  • d7fc07cc7: Include hasInstallScript in the abbreviated metadata.

13.1.5

Patch Changes

  • 7fac3b446: Pick a version even if it was published after the given date (if there is no better match).

13.1.4

Patch Changes

  • 53506c7ae: Don't modify the manifest of the injected workspace project, when it has the same dependency in prod and peer dependencies.

13.1.3

Patch Changes

13.1.2

Patch Changes

  • Updated dependencies [23984abd1]
    • @pnpm/resolver-base@9.1.0

13.1.1

Patch Changes

13.1.0

Minor Changes

  • c90798461: When publishConfig.directory is set, only symlink it to other workspace projects if publishConfig.linkDirectory is set to true. Otherwise, only use it for publishing #5115.

Patch Changes

  • Updated dependencies [c90798461]
    • @pnpm/types@8.5.0
    • @pnpm/core-loggers@7.0.6
    • @pnpm/resolver-base@9.0.6

13.0.7

Patch Changes

  • eb2426cf8: When a project in a workspace has a publishConfig.directory set, dependent projects should install the project from that directory #3901

13.0.6

Patch Changes

  • Updated dependencies [8e5b77ef6]
    • @pnpm/types@8.4.0
    • @pnpm/core-loggers@7.0.5
    • @pnpm/resolver-base@9.0.5

13.0.5

Patch Changes

  • Updated dependencies [2a34b21ce]
    • @pnpm/types@8.3.0
    • @pnpm/core-loggers@7.0.4
    • @pnpm/resolver-base@9.0.4

13.0.4

Patch Changes

  • Updated dependencies [fb5bbfd7a]
    • @pnpm/types@8.2.0
    • @pnpm/core-loggers@7.0.3
    • @pnpm/resolver-base@9.0.3

13.0.3

Patch Changes

  • Updated dependencies [4d39e4a0c]
    • @pnpm/types@8.1.0
    • @pnpm/core-loggers@7.0.2
    • @pnpm/resolver-base@9.0.2

13.0.2

Patch Changes

  • Updated dependencies [18ba5e2c0]
    • @pnpm/types@8.0.1
    • @pnpm/core-loggers@7.0.1
    • @pnpm/resolver-base@9.0.1

13.0.1

Patch Changes

  • @pnpm/error@3.0.1

13.0.0

Major Changes

Patch Changes

  • Updated dependencies [d504dc380]
  • Updated dependencies [542014839]
    • @pnpm/types@8.0.0
    • @pnpm/core-loggers@7.0.0
    • @pnpm/error@3.0.0
    • @pnpm/fetching-types@3.0.0
    • @pnpm/graceful-fs@2.0.0
    • @pnpm/resolve-workspace-range@3.0.0
    • @pnpm/resolver-base@9.0.0

12.1.8

Patch Changes

  • Updated dependencies [70ba51da9]
    • @pnpm/error@2.1.0

12.1.7

Patch Changes

12.1.6

Patch Changes

  • Updated dependencies [26cd01b88]
    • @pnpm/types@7.9.0
    • @pnpm/core-loggers@6.1.3
    • @pnpm/resolver-base@8.1.5

12.1.5

Patch Changes

  • Updated dependencies [b5734a4a7]
    • @pnpm/types@7.8.0
    • @pnpm/core-loggers@6.1.2
    • @pnpm/resolver-base@8.1.4

12.1.4

Patch Changes

  • Updated dependencies [6493e0c93]
    • @pnpm/types@7.7.1
    • @pnpm/core-loggers@6.1.1
    • @pnpm/resolver-base@8.1.3

12.1.3

Patch Changes

  • 81ed15666: Always add a trailing slash to the registry URL #4052.
  • Updated dependencies [ba9b2eba1]
  • Updated dependencies [ba9b2eba1]
    • @pnpm/core-loggers@6.1.0
    • @pnpm/types@7.7.0
    • @pnpm/resolver-base@8.1.2

12.1.2

Patch Changes

  • 9f61bd81b: Downgrading p-memoize to v4.0.1. pnpm v6.22.0 started to print the next warning #3989:

    (node:132923) TimeoutOverflowWarning: Infinity does not fit into a 32-bit signed integer.

12.1.1

Patch Changes

  • 108bd4a39: Injected directory resolutions should contain the relative path to the directory.
  • Updated dependencies [302ae4f6f]
    • @pnpm/types@7.6.0
    • @pnpm/core-loggers@6.0.6
    • @pnpm/resolver-base@8.1.1

12.1.0

Minor Changes

  • 4ab87844a: Support the resolution of injected local dependencies.

Patch Changes

  • Updated dependencies [4ab87844a]
  • Updated dependencies [4ab87844a]
    • @pnpm/types@7.5.0
    • @pnpm/resolver-base@8.1.0
    • @pnpm/core-loggers@6.0.5

12.0.5

Patch Changes

12.0.4

Patch Changes

  • Updated dependencies [bab172385]
    • @pnpm/fetching-types@2.2.1

12.0.3

Patch Changes

  • eadf0e505: The metadata file should be requested in compressed state.
  • Updated dependencies [eadf0e505]
    • @pnpm/fetching-types@2.2.0

12.0.2

Patch Changes

  • a4fed2798: Do not fail if a package has no shasum in the metadata.

    Fail if a package has broken shasum in the metadata.

12.0.1

Patch Changes

  • Updated dependencies [b734b45ea]
    • @pnpm/types@7.4.0
    • @pnpm/core-loggers@6.0.4
    • @pnpm/resolver-base@8.0.4

12.0.0

Major Changes

  • 691f64713: New required option added: cacheDir.

11.1.4

Patch Changes

  • Updated dependencies [8e76690f4]
    • @pnpm/types@7.3.0
    • @pnpm/core-loggers@6.0.3
    • @pnpm/resolver-base@8.0.3

11.1.3

Patch Changes

  • Updated dependencies [724c5abd8]
    • @pnpm/types@7.2.0
    • @pnpm/core-loggers@6.0.2
    • @pnpm/resolver-base@8.0.2

11.1.2

Patch Changes

  • ae36ac7d3: Fix: unhandled rejection in npm resolver when fetch fails
  • bf322c702: Avoid conflicts in metadata, when a package name has upper case letters.

11.1.1

Patch Changes

  • Updated dependencies [a2aeeef88]
    • @pnpm/graceful-fs@1.0.0

11.1.0

Minor Changes

  • 85fb21a83: Add support for workspace:^ and workspace:~ aliases
  • 05baaa6e7: Add new option: timeout.

Patch Changes

  • Updated dependencies [85fb21a83]
  • Updated dependencies [05baaa6e7]
  • Updated dependencies [97c64bae4]
    • @pnpm/resolve-workspace-range@2.1.0
    • @pnpm/fetching-types@2.1.0
    • @pnpm/types@7.1.0
    • @pnpm/core-loggers@6.0.1
    • @pnpm/resolver-base@8.0.1

11.0.1

Patch Changes

11.0.0

Major Changes

  • 97b986fbc: Node.js 10 support is dropped. At least Node.js 12.17 is required for the package to work.

Patch Changes

  • 83645c8ed: Update ssri.
  • Updated dependencies [97b986fbc]
  • Updated dependencies [90487a3a8]
    • @pnpm/core-loggers@6.0.0
    • @pnpm/error@2.0.0
    • @pnpm/fetching-types@2.0.0
    • @pnpm/resolve-workspace-range@2.0.0
    • @pnpm/resolver-base@8.0.0
    • @pnpm/types@7.0.0

10.2.2

Patch Changes

  • Updated dependencies [9ad8c27bf]
    • @pnpm/types@6.4.0
    • @pnpm/core-loggers@5.0.3
    • @pnpm/resolver-base@7.1.1

10.2.1

Patch Changes

  • f47551a3c: Throw a meaningful error on malformed registry metadata.

10.2.0

Minor Changes

  • 8698a7060: New option added: preferWorkspacePackages. When it is true, dependencies are linked from the workspace even, when there are newer version available in the registry.

Patch Changes

  • Updated dependencies [8698a7060]
    • @pnpm/resolver-base@7.1.0

10.1.0

Minor Changes

  • 284e95c5e: Skip workspace protocol specs that use relative path.
  • 084614f55: Support aliases to workspace packages. For instance, "foo": "workspace:bar@*" will link bar from the repository but aliased to foo. Before publish, these specs are converted to regular aliased versions.

10.0.7

Patch Changes

  • 5ff6c28fa: Retry metadata download if the received JSON is broken.
  • Updated dependencies [0c5f1bcc9]
    • @pnpm/error@1.4.0

10.0.6

Patch Changes

10.0.5

Patch Changes

  • Updated dependencies [b5d694e7f]
    • @pnpm/types@6.3.1
    • @pnpm/resolver-base@7.0.5

10.0.4

Patch Changes

  • Updated dependencies [d54043ee4]
    • @pnpm/types@6.3.0
    • @pnpm/resolver-base@7.0.4

10.0.3

Patch Changes

10.0.2

Patch Changes

  • 3633f5e46: When no matching version is found, report the actually specified version spec in the error message (not the normalized one).

10.0.1

Patch Changes

  • 75a36deba: Report information about any used auth token, if an error happens during fetch.
  • Updated dependencies [75a36deba]
    • @pnpm/error@1.3.1

10.0.0

Major Changes

  • a1cdae3dc: Does not accept a metaCache option anymore. Caching happens internally, using lru-cache.

9.1.0

Minor Changes

  • 6d480dd7a: Report whether/what authorization header was used to make the request, when the request fails with an authorization issue.

Patch Changes

  • Updated dependencies [6d480dd7a]
    • @pnpm/error@1.3.0

9.0.2

Patch Changes

  • 622c0b6f9: Always use the package name that is given at the root of the metadata object. Override any names that are specified in the version manifests. This fixes an issue with GitHub registry.
  • a2ef8084f: Use the same versions of dependencies across the pnpm monorepo.

9.0.1

Patch Changes

  • 379cdcaf8: When resolution from workspace fails, print the path to the project that has the unsatisfied dependency.

9.0.0

Major Changes

  • 71aeb9a38: Breaking changes to the API. fetchFromRegistry and getCredentials are passed in through arguments.

Patch Changes

  • Updated dependencies [71aeb9a38]
    • @pnpm/fetching-types@1.0.0

8.1.2

Patch Changes

  • Updated dependencies [db17f6f7b]
    • @pnpm/types@6.2.0
    • @pnpm/resolver-base@7.0.3
    • fetch-from-npm-registry@4.1.2

8.1.1

Patch Changes

  • Updated dependencies [71a8c8ce3]
    • @pnpm/types@6.1.0
    • @pnpm/resolver-base@7.0.2
    • fetch-from-npm-registry@4.1.1

8.1.0

Minor Changes

  • 4cf7ef367: Reducing filesystem operations required to write the metadata file to the cache.

Patch Changes

  • d3ddd023c: Update p-limit to v3.
  • Updated dependencies [2ebb7af33]
    • fetch-from-npm-registry@4.1.0

8.0.1

Patch Changes

  • Updated dependencies [872f81ca1]
    • fetch-from-npm-registry@4.0.3

8.0.0

Major Changes

  • 5bc033c43: Reduce the number of directories in the store by keeping all the metadata json files in the same directory.

Patch Changes

  • f453a5f46: Update version-selector-type to v3.
  • Updated dependencies [da091c711]
    • @pnpm/types@6.0.0
    • @pnpm/error@1.2.1
    • fetch-from-npm-registry@4.0.3
    • @pnpm/resolve-workspace-range@1.0.2
    • @pnpm/resolver-base@7.0.1

8.0.0-alpha.2

Patch Changes

  • Updated dependencies [da091c71]
    • @pnpm/types@6.0.0-alpha.0
    • @pnpm/resolver-base@7.0.1-alpha.0

8.0.0-alpha.1

Major Changes

  • 5bc033c43: Reduce the number of directories in the store by keeping all the metadata json files in the same directory.

7.3.12-alpha.0

Patch Changes

  • f453a5f46: Update version-selector-type to v3.
Reference in New Issue View Git Blame Copy Permalink