Minor Changes
-
The list of packages that are allowed to run installation scripts now may be provided in a separate configuration file. The path to the file should be specified via the
pnpm.onlyBuiltDependenciesFile
field inpackage.json
. For instance:{ "dependencies": { "@my-org/policy": "1.0.0" } "pnpm": { "onlyBuiltDependenciesFile": "node_modules/@my-org/policy/allow-build.json" } }
In the example above, the list is loaded from a dependency. The JSON file with the list should contain an array of package names. For instance:
["esbuild", "@reflink/reflink"]
With the above list, only
esbuild
and@reflink/reflink
will be allowed to run scripts during installation.Related issue: #7137.
-
Add
disallow-workspace-cycles
option to error instead of warn about cyclic dependencies -
Allow
env rm
to remove multiple node versions at once, and introduceenv add
for installing node versions without setting as default #7155.
Patch Changes
- Use reflinks instead of hard links by default on macOS and Windows Dev Drives #5001.
- Fix memory error in
pnpm why
when the dependencies tree is too big, the command will now prune the tree to just 10 end leafs and now supports--depth
argument #7122. - Use
neverBuiltDependencies
andonlyBuiltDependencies
from the rootpackage.json
of the workspace, whenshared-workspace-lockfile
is set tofalse
#7141. - Optimize peers resolution to avoid out-of-memory exceptions in some rare cases, when there are too many circular dependencies and peer dependencies #7149.
- Instead of
pnpm.overrides
replacingresolutions
, the two are now merged. This is intended to make it easier to migrate from Yarn by allowing one to keep usingresolutions
for Yarn, but adding additional changes just for pnpm usingpnpm.overrides
.