github pnpm/pnpm v7.0.0
on GitHub

latest releases: v10.0.0-alpha.2, v10.0.0-alpha.1, v9.13.2...
2 years ago

Major Changes

  • Node.js 12 is not supported.

  • The root package is excluded by default, when running pnpm -r exec|run|add #2769.

  • Filtering by path is done by globs.

    In pnpm v6, in order to pick packages under a certain directory, the following filter was used: --filter=./apps

    In pnpm v7, a glob should be used: --filter=./apps/**

    For easier upgrade, we have also added a setting to turn back filtering as it was in v6. Just set legacy-dir-filtering=true in .npmrc.

  • The NODE_PATH env variable is not set in the command shims (the files in node_modules/.bin). This env variable was really long and frequently caused errors on Windows.

    Also, the extend-node-path setting is removed.

    Related PR: #4253

  • The embed-readme setting is false by default.

  • When using pnpm run <script>, all command line arguments after the script name are now passed to the script's argv, even --. For example, pnpm run echo --hello -- world will now pass --hello -- world to the echo script's argv. Previously flagged arguments (e.g. --silent) were interpreted as pnpm arguments unless -- came before it.

    Related PR: #4290

  • Side effects cache is turned on by default. To turn it off, use side-effects-cache=false.

  • The npm_config_argv env variable is not set for scripts #4153.

  • pnpx is now just an alias of pnpm dlx.

    If you want to just execute the command of a dependency, run pnpm <cmd>. For instance, pnpm eslint.

    If you want to install and execute, use pnpm dlx <pkg name>.

  • pnpm install -g pkg will add the global command only to a predefined location. pnpm will not try to add a bin to the global Node.js or npm folder. To set the global bin directory, either set the PNPM_HOME env variable or the global-bin-dir setting.

  • pnpm pack should only pack a file as an executable if it's a bin or listed in the publishConfig.executableFiles array.

  • -W is not an alias of --ignore-workspace-root-check anymore. Just use -w or --workspace-root instead, which will also allow to install dependencies in the root of the workspace.

  • Allow to execute a lifecycle script in a directory that doesn't match the package's name. Previously this was only allowed with the --unsafe-perm CLI option #3709.

  • Local dependencies referenced through the file: protocol are hard linked (not symlinked) #4408. If you need to symlink a dependency, use the link: protocol instead.

  • strict-peer-dependencies is true by default #4427.

  • A prerelease version is always added as an exact version to package.json. If the next version of foo is 1.0.0-beta.1 then running pnpm add foo@next will add this to package.json: 

    {
  "dependencies": {
    "foo": "1.0.0-beta.1"
  }
}

    PR: #4435

  • Dependencies of the root workspace project are not used to resolve peer dependencies of other workspace projects #4469.

  • Don't hoist types by default to the root of node_modules #4459.

  • Any package with "prettier" in its name is hoisted.

  • Changed the location of the global store from ~/.pnpm-store to <pnpm home directory>/store

    On Linux, by default it will be ~/.local/share/pnpm/store
    On Windows: %LOCALAPPDATA%/pnpm/store
    On macOS: ~/Library/pnpm/store

    Related issue: #2574

  • 4bed585: The next deprecated settings were removed:

    • frozen-shrinkwrap
    • prefer-frozen-shrinkwrap
    • shared-workspace-shrinkwrap
    • shrinkwrap-directory
    • lockfile-directory
    • shrinkwrap-only
    • store

  • Use a base32 hash instead of a hex to encode too long dependency paths inside node_modules/.pnpm #4552.

  • New setting added: git-shallow-hosts. When cloning repositories from "shallow-hosts", pnpm will use shallow cloning to fetch only the needed commit, not all the history #4548.

  • Lockfile version bumped to v5.4.

  • Exit with an error when running pnpm install in a directory that has no package.json file in it (and in parent directories) #4609.

Our Sponsors

What's Changed

  • feat!: breaking config changes for v7 by @zkochan in #4253
  • feat(pack)!: limit what files are packed as executables by @zkochan in #4266
  • feat!: pnpx is an alias of pnpm dlx by @zkochan in #4267
  • feat: run scripts without -- by @gluxon in #4290
  • fix: revert backwards compatible handling of -- for run by @gluxon in #4291
  • feat!: global bins should be created only in predefined locations by @zkochan in #4280
  • ci: use pnpm v7 by @zkochan in #4307
  • feat!: remove -W option by @zkochan in #4308
  • test(audit): fix for 2022-02-15 by @gluxon in #4340
  • feat: -F is a short alias of --filter by @zkochan in #4342
  • feat: onlyBuiltDependencies by @zkochan in #4014
  • fix(make-dedicated-lockfile): don't re-resolve dependency versions in dedicated lockfile by @David-Collins in #4350
  • test(audit): mock responses from audit endpoint by @zkochan in #4354
  • fix: bad packageManager field by @Jack-Works in #4356
  • feat: use the versions from overrides when adding deps without specs by @zkochan in #4355
  • chore: document the interface of command packages by @illright in #3828
  • fix: print an info message when NODE_ENV is set to production by @zkochan in #4362
  • test: ignore override if a version is specified at install by @nikoladev in #4366
  • fix: ignore case, when verifying package name in the store by @zkochan in #4368
  • fix: peerDependencyRules with * as range by @zkochan in #4370
  • feat: run scripts without --unsafe-perm by @zkochan in #4369
  • chore(github): add welcome bot app by @BlackHole1 in #4373
  • fix: onlyBuiltDependencies should work by @zkochan in #4377
  • fix: pnpm i should work on virtual drives by @kazuare in #4386
  • fix: throw a meaningful error message on broken lockfile by @zkochan in #4387
  • fix: don't write data from the lockfile to the global store by @zkochan in #4395
  • fix(resolve-dependencies): a sequence of injected deps via the file protocol by @zkochan in #4415
  • feat: the file protocol should always inject the dependency by @zkochan in #4408
  • feat: add own implementation of the init command by @zkochan in #4422
  • feat: strict-peer-dependencies is true by default by @zkochan in #4427
  • feat: respect the npmrc by @Spencer17x in #4425
  • feat: a prerelease version is always saved as an exact version by @zkochan in #4435
  • feat: prevent deep imports using exports by @zkochan in #4440
  • fix: use @pnpm/graph-sequencer instead of graph-sequencer by @zkochan in #4458
  • fix: fetch should allow the same options as install by @zkochan in #4460
  • fix: typo by @HomyeeKing in #4462
  • fix(lockfile-utils): checking dependenciesMeta by @zkochan in #4463
  • fix: types should not be hoisted to the root of node_modules by @zkochan in #4459
  • chore: replace deprecated String.prototype.substr() by @CommanderRoot in #4479
  • Chore/friendly git error by @lawvs in #4488
  • fix: handle undefined version spec by @tmkx in #4487
  • lint: remove duplicate code by @milahu in #4496
  • fix: typo by @HomyeeKing in #4499
  • feat: don't resolve peer dependencies from workspace root by @zkochan in #4469
  • chore: fix typo by @sudongyuer in #4516
  • fix: set root by @HomyeeKing in #4515
  • fix(cmd-shim): extend NODE_PATH with path to hidden hoisted dir by @zkochan in #4513
  • chore: public-hoist-pattern prettier config by @fupengl in #3954
  • feat: remove deprecated settings by @zkochan in #4519
  • feat: the global store location should be inside the pnpm home directory by @zkochan in #4522
  • fix: the file protocol should link all files by default by @zkochan in #4532
  • fix: dependenciesMeta should be saved into the lockfile by @zkochan in #4538
  • fix: resolve peers from linked in dependencies by @zkochan in #4541
  • fix: peer dependency has workspace protocol by @zkochan in #4540
  • feat: use a shorter hash for dep path by @zkochan in #4552
  • feat(git-fetcher): shallow clone when fetching git resource by @kenrick95 in #4548
  • style(*): remove duplicate declarations in TypeScript types by @dev-itsheng in #4570
  • docs(*): fix problems with sample code in documentation by @dev-itsheng in #4572
  • fix(exe): use the strict equality operator, and make JSON.parse execute correctly by @dev-itsheng in #4571
  • Improve spnpm to use esbuild by @jondlm in #4574
  • style(*): typo by @dev-itsheng in #4573
  • fix(core): prevent duplication of peerDependencyRules in the lockfile by @kamsar in #4576
  • fix: store integrity check when the lockfile is updated by @zkochan in #4580
  • Fix add bug with overlapping workspace packages by @jondlm in #4575
  • fix(exec): commands of workspace project should be in PATH by @zkochan in #4583
  • fix(default-reporter): use loglevel to filter deprecation warnings (#4343) by @milahu in #4507
  • fix: an edge case with peer resolutions and circular deps by @zkochan in #4588
  • feat: shrink path to the global directory (to reduce chance of too long names on Windows) by @zkochan in #4591
  • fix(filter-workspace-packages): filter not working if the path contains Korean characters by @WhiteKiwi in #4595
  • chore: Set permissions for GitHub actions by @neilnaveen in #4607
  • fix: only pnpm install should fail on peer dep issues by @zkochan in #4596
  • feat: add legacy-dir-filtering by @zkochan in #4610
  • fix(init): don't fail if a parent dir has a package.json by @zkochan in #4615
  • fix: dlx should work without a configured global directory by @zkochan in #4612
  • fix(install): exit with an error when no package.json is found by @zkochan in #4614
  • fix: a file dep has a file dep by @zkochan in #4618
  • fix: publish in workspace by @zkochan in #4627
  • fix: don't fail when moving packages to node_modules/.ignored by @zkochan in #4626
  • fix: global linking by @zkochan in #4641
  • fix(exportable-manifest, types): add typesVersions field to PUBLISH_CONFIG_WHITELIST by @WhiteKiwi in #4637

New Contributors

Full Changelog: v6.31.0...v7.0.0

Check out latest releases or
releases around pnpm/pnpm v7.0.0

Don't miss a new pnpm release

NewReleases is sending notifications on new releases.

Get notifications