Major Changes
-
The
pnpm link
command adds overrides to the rootpackage.json
. In a workspace the override is added to the root of the workspace, so it links the dependency to all projects in a workspace.To link a package globally, just run
pnpm link
from the package's directory. Previously, the commandpnpm link -g
was required to link a package globally.Related PR: #8653.
-
Use sha256 for hashing long paths inside
node_modules/.pnpm
. -
Using SHA256 instead of md5 for hashing long peer dependency hashes in the lockfile. Should not affect a lot of users as the hashing is used for really long keys in the lockfile.
-
pnpm will now manage it's own versions according to the
packageManager
filed ofpackage.json
. To disable this, setmanage-package-manager-versions
tofalse
. -
pnpm test
should pass all the params after thetest
keyword to the underlying script. This is similar to howpnpm run test
works #8619. -
Changed the hash stored in the
packageExtensionsChecksum
field ofpnpm-lock.yaml
to SHA256. -
Use an SHA256 hash for the side effects cache keys.
-
Do not hoist to the root of
node_modules
packages that contain the wordeslint
orprettier
in their name. Changed the default value of thepublic-hoist-pattern
setting #8378. -
Update the compatibility database (
@yarnpkg/extensions
to v2.0.3). This might change your lockfile. -
Use SHA256 for storing the pnpmfile checksum in the lockfile #8530.
-
Some registries allow identical content to be published under different package names or versions. To accommodate this, index files in the store are now stored using both the content hash and package identifier.
This approach ensures that we can:
- Validate that the integrity in the lockfile corresponds to the correct package,
which might not be the case after a poorly resolved Git conflict. - Allow the same content to be referenced by different packages or different versions of the same package.
- Validate that the integrity in the lockfile corresponds to the correct package,
-
Allow passing CLI flags and options to
pnpm test
without--
#4821. -
Changed the structure of the index files in the store to store side effects cache information more efficiently. In the new version, side effects do not list all the files of the package but just the differences #8636.
-
The default value of
virtual-store-dir-max-length
on Windows reduced to 60 characters. -
Escape the
#
character in directory names within the virtual store (node_modules/.pnpm
) #8557. -
Store version bumped to v10. The new store layout has a different directory called "index" for storing the package content mappings. Previously these files were stored in the same directory where the package contents are (in "files"). The new store has also a new format for storing the mappings for side-effects cache.
-
pnpm add --global pnpm
or (pnpm add --global @pnpm/exe
) fails with an error suggesting to usepnpm self-update
#8728.
Minor Changes
-
Added a new setting called
verify-deps-before-run
for checking the state of dependencies before running scripts #8585. Theverify-deps-before-run
setting supports the following values:install
- Automatically runs install ifnode_modules
are not up to date.warn
- Prints a warning ifnode_modules
is not up to date.prompt
- Prompts the user for permission to run install ifnode_modules
is not up to date.error
- Throws an error ifnode_modules
is not up to date.false
- Disables dependency checks.
Patch Changes
- The
dlx
command should always resolve packages to their exact versions and use those exact versions to create a cache key. This waydlx
will always install the newest versions of the directly requested packages #8811. - Don't validate (and possibly purge)
node_modules
in commands which should not modify it (e.g.pnpm install --lockfile-only
) #8657.