- It should be possible to use a chain of local file dependencies #4611.
- Filtering by directory should work with directories that have unicode chars in the name #4595.
-
Fix an error with peer resolutions, which was happening when there was a circular dependency and another dependency that had the name of the circular dependency as a substring.
-
When
pnpm exec
is running a command in a workspace project, the commands that are in the dependencies of that workspace project should be in the PATH #4481. -
Hide "WARN deprecated" messages on loglevel error #4507
Don't show the progress bar when loglevel is set to warn or error.
- Don't check the integrity of the store with the package version from the lockfile, when the package was updated #4580.
- Don't update a direct dependency that has the same name as a dependency in the workspace, when adding a new dependency to a workspace project #4575.
- Setting the
auto-install-peers
totrue
should work.
- Linked in dependencies should be considered when resolving peer dependencies #4541.
- Peer dependency should be correctly resolved from the workspace, when it is declared using a workspace protocol #4529.
dependenciesMeta
should be saved into the lockfile, when it is added to the package manifest by a hook.
- Show a friendly error message when it is impossible to get the current Git branch name during publish #4488.
- When checking if the lockfile is up-to-date, an empty
dependenciesMeta
field in the manifest should be satisfied by a not set field in the lockfile #4463. - It should be possible to reference a workspace project that has no version specified in its
package.json
#4487.
-
4941f31ee: The location of an injected directory dependency should be correctly located, when there is a chain of local dependencies (declared via the
file:
protocol`).The next scenario was not working prior to the fix. There are 3 projects in the same folder: foo, bar, qar.
foo/package.json
:{ "name": "foo", "dependencies": { "bar": "file:../bar" }, "dependenciesMeta": { "bar": { "injected": true } } }
bar/package.json
:{ "name": "bar", "dependencies": { "qar": "file:../qar" }, "dependenciesMeta": { "qar": { "injected": true } } }
qar/package.json
:{ "name": "qar" }
Related PR: #4415.
- In order to guarantee that only correct data is written to the store, data from the lockfile should not be written to the store. Only data directly from the package tarball or package metadata #4395.
- Throw a meaningful error message on
pnpm install
when the lockfile is broken andnode-linker
is set tohoisted
#4387.
onlyBuiltDependencies
should work #4377. The newonlyBuiltDependencies
feature was released with a bug in v6.32.0, so it didn't work.
-
A new setting is supported in the
pnpm
section of thepackage.json
file #4001.onlyBuiltDependencies
is an array of package names that are allowed to be executed during installation. If this field exists, only mentioned packages will be able to run install scripts.{ "pnpm": { "onlyBuiltDependencies": ["fsevents"] } }
-
-F
is a short alias of--filter
#3467. -
When adding a new dependency, use the version specifier from the overrides, when present #4313.
Normally, if the latest version of
foo
is2.0.0
, thenpnpm add foo
installsfoo@^2.0.0
. This behavior changes iffoo
is specified in an override:{ "pnpm": { "overrides": { "foo": "1.0.0" } } }
In this case,
pnpm add foo
will addfoo@1.0.0
to the dependency. However, if a version is explicitly specifying, then the specified version will be used and the override will be ignored. Sopnpm add foo@0
will install v0 and it doesn't matter what is in the overrides.
- Ignore case, when verifying package name in the store #4367.
- When a peer dependency range is extended with
*
, just replace any range with*
. - When some dependency types are skipped, let the user know via the installation summary.
-
Added
--shell-mode
/-c
option support topnpm exec
#4328--shell-mode
: shell interpreter. See: https://github.com/sindresorhus/execa/tree/484f28de7c35da5150155e7a523cbb20de161a4f#shell
Usage example:
pnpm -r --shell-mode exec -- echo \"\$PNPM_PACKAGE_NAME\" pnpm -r -c exec -- echo \"\$PNPM_PACKAGE_NAME\"
{ "scripts": { "check": " pnpm -r --shell-mode exec -- echo \"\\$PNPM_PACKAGE_NAME\"" } }
- Remove meaningless keys from
publishConfig
when thepack
orpublish
commands are used #4311 - The
pnpx
,pnpm dlx
,pnpm create
, andpnpm exec
commands should set thenpm_config_user_agent
env variable #3985.
-
This fixes an issue introduced in pnpm v6.30.0.
When a package is not linked to
node_modules
, no info message should be printed about it being "relinked" from the store #4314.
- When checking that a package is linked from the store, check the existence of the package and read its stats with a single filesystem operation #4304.
node_modules
directories inside injected dependencies should not be overwritten #4299.
- Installation should not hang when there are broken symlinks in
node_modules
.
- Add support of the
update-notifier
configuration option #4158.
- A package should be able to be a dependency of itself.
- New option added:
embed-readme
. Whenfalse
,pnpm publish
doesn't save the readme file's content topackage.json
before publish #4265.
pnpm exec
should look for the executed command in thenode_modules/.bin
directory that is relative to the current working directory. Only after that should it look for the executable in the workspace root.
- Injected dependencies should work properly in projects that use the hoisted node linker #4259.
peerDependencyRules
should work when bothoverrides
andpackageExtensions
are present as well #4255.pnpm list
should show information whether a package is private or not #4246.
-
Side effects cache is not an experimental feature anymore.
Side effects cache is saved separately for packages with different dependencies. So if
foo
hasbar
in the dependencies, then a separate cache will be created each timefoo
is installed with a different version ofbar
#4238.
- Update command should work when there is a dependency with emty version in
devDependencies
#4196. - Side effects cache should work in a workspace.
- During installation, override any symlinks in
node_modules
. This was an issue only withnode-linker=hoisted
#4229. - Print warnings about deprecated subdependencies #4227.
-
In order to mute some types of peer dependency warnings, a new section in
package.json
may be used for declaring peer dependency warning rules. For example, the next configuration will turn off any warnings about missingbabel-loader
peer dependency and about@angular/common
, when the wanted version of@angular/common
is not v13.{ "name": "foo", "version": "0.0.0", "pnpm": { "peerDependencyRules": { "ignoreMissing": ["babel-loader"], "allowedVersions": { "@angular/common": "13" } } } }
-
New setting supported:
auto-install-peers
. When it is set totrue
,pnpm add <pkg>
automatically installs any missing peer dependencies asdevDependencies
#4213.
- Run the install scripts of hoisted dependencies in a workspace with no root project #4209.
-
New installation mode added that creates a flat
node_modules
directory without the usage of symlinks. This is similar to the one created by npm and Yarn Classic.To use this new installation mode, set the
node-linker
setting tohoisted
. These are the supported values ofnode-linker
:isolated
- the default value.hoisted
- flatnode_modules
without symlinks.pnp
- nonode_modules
. Yarn's Plug'n'Play managed by pnpm.
Related issue: #4073
-
Add support for token helper, a command line tool to obtain a token.
A token helper is an executable, set in the user's
.npmrc
which outputs an auth token. This can be used in situations where the authToken is not a constant value, but is something that refreshes regularly, where a script or other tool can use an existing refresh token to obtain a new access token.The configuration for the path to the helper must be an absolute path, with no arguments. In order to be secure, it is only permitted to set this value in the user
.npmrc
, otherwise a project could place a value in a project local.npmrc
and run arbitrary executables.Usage example:
; Setting a token helper for the default registry tokenHelper=/home/ivan/token-generator ; Setting a token helper for the specified registry //registry.corp.com:tokenHelper=/home/ivan/token-generator
Related PRs:
-
New CLI option:
--ignore-workspace
. When used, pnpm ignores any workspace configuration found in the current or parent directories. -
If
use-beta-cli
istrue
, then don't setnpm_config_argv
env variable for scripts #4175.
-
Don't throw an error during install when the bin of a dependency points to a path that doesn't exist #3763.
-
When reporting unmet peer dependency issues, if the peer dependency is resolved not from a dependency installed by the user, then print the name of the parent package that has the bad peer dependency installed as a dependency.
-
Injected subdependencies should be hard linked as well. So if
button
is injected intocard
andcard
is injected intopage
, then bothbutton
andcard
should be injected intopage
#4167.
- Install with
--frozen-lockfile
should not fail when the project has injected dependencies and a dedicated lockfile #4098.
-
If pnpm previously failed to install node when the
use-node-version
option is set, that download and install will now be re-attempted when pnpm is ran again #4104. -
Don't warn about unmet peer dependency when the peer is resolved from a prerelease version #4144.
For instance, if a project has
react@*
as a peer dependency, then react16.0.0-rc.0
should not cause a warning. -
pnpm update pkg
should not fail ifpkg
not found as a direct dependency, unless--depth=0
is passed as a CLI option #4122. -
When printing peer dependency issues, print the "*" range in double quotes. This will make it easier to copy the package resolutions and put them to the end of a
pnpm add
command for execution.
- If making an intersection of peer dependency ranges does not succeed, install should not crash #4134.
- A new line should be between the summary about conflicting peers and non-conflicting ones.
- Always return an error message when the preparation of a package fails.
pnpm publish
should add the content of theREADME.md
file to thereadme
field of the published package'spackage.json
files #4117.pnpm publish
should work with the--otp
option #4115.
-
Peer dependency issues are grouped and rendered in a nice hierarchy view.
This is how the peer dependency issues were printed in previous versions:
This is how they are displayed in pnpm v6.24:
-
New option added for:
node-mirror:<releaseDir>
#4083. The string value of this dynamic option is used as the base URL for downloading node whenuse-node-version
is specified. The<releaseDir>
portion of this argument can be any dir inhttps://nodejs.org/download
. Which<releaseDir>
dynamic config option gets selected depends on the value ofuse-node-version
. If 'use-node-version' is a simplex.x.x
version string,<releaseDir>
becomesrelease
andnode-mirror:release
is read. Defaults tohttps://nodejs.org/download/<releaseDir>/
. -
927c4a089: A new option
--aggregate-output
forappend-only
reporter is added. It aggregates lifecycle logs output for each command that is run in parallel, and only prints command logs when command is finished.Related discussion: #4070.
-
Don't fail when the version of a package in the store is not a semver version #4077.
-
pnpm store prune
should not fail if there are unexpected subdirectories in the content-addressable store #4072. -
Don't make unnecessary retries when fetching Git-hosted packages #2731.
-
pnpm should read the auth token of a github-registry-hosted package, when the registry path contains the owner #4034.
So this should work:
@owner:registry=https://npm.pkg.github.com/owner //npm.pkg.github.com/:_authToken=<token>
-
When
strict-peer-dependencies
is used, don't fail on the first peer dependency issue. Print all the peer dependency issues and then stop the installation process #4082. -
When sorting workspace projects, don't ignore the manifests of those that don't have a version field #3933.
-
Fixes a regression introduced in pnpm v6.23.3 via #4044.
The temporary directory to which the Git-hosted package is downloaded should not be removed prematurely #4064.
pnpm audit
should work when a proxy is configured for the registry #3755.- Revert the change that was made in pnpm v6.23.2 causing a regression describe in #4052.
- Non-standard tarball URL should be correctly calculated when the registry has no traling slash in the configuration file #4052. This is a regression caused introduced in v6.23.2 caused by #4032.
pnpm import
should work with a lockfile generated by Yarn Berry #3993.- When preparation of a git-hosted package fails, do not refetch it #4044.
-
pnpm should read the auth token of a github-registry-hosted package, when the registry path contains the owner #4034.
So this should work:
@owner:registry=https://npm.pkg.github.com/owner //npm.pkg.github.com/:_authToken=<token>
-
When checking the correctness of the package data in the lockfile, don't use exact version comparison.
v1.0.0
should be considered to be the same as1.0.0
. This fixes some edge cases when a package is published with a non-normalized version specifier in itspackage.json
#4036.
pnpm setup
should create shell rc files for pnpm path configuration if no such file exists prior #4027.- The postinstall scripts of dependencies should be executed after the root dependencies of the project are symlinked #4018.
pnpm dlx
will now support version specifiers for packages. E.g.pnpm dlx create-svelte@next
#4023.
-
New setting added:
scripts-prepend-node-path
. This setting can betrue
,false
, orwarn-only
.When
true
, the path to thenode
executable with which pnpm executed is prepended to thePATH
of the scripts.When
warn-only
, pnpm will print a warning if the scripts run with anode
binary that differs from thenode
binary executing the pnpm CLI.
- The path to the
node
executable that executes pnpm should not be added to thePATH
, when running scripts. pnpm env use
should download the right Node.js tarball on Raspberry Pi #4007.- HTTP requests should be retried when the server responds with on of 408, 409, 420, 429 status codes.
pnpm exec
should exit with the exit code of the child process. This fixes a regression introduced in pnpm v6.20.4 via #3951.node-gyp
from the dependencies should be preferred over thenode-gyp
that is bundled with pnpm, when running scripts #2135.pnpm dlx pnpm
should not break the globally installed pnpm CLI.
-
Downgrading
p-memoize
to v4.0.1. pnpm v6.22.0 started to print the next warning #3989:(node:132923) TimeoutOverflowWarning: Infinity does not fit into a 32-bit signed integer.
-
Added
--reverse
option support topnpm exec
#3984.Usage example:
pnpm --reverse -r exec pwd
peerDependencies
ranges should be compared loosely #3753.- Don't fail if a linked directory is not found. Just print a warning about it #3746.
- When the store location is a relative location, pick the store location relative to the workspace root directory location #3976.
- Don't crash if a bin file cannot be created because the source files could not be found.
- Use the system default Node.js version to check package compatibility #3785.
- Support async hooks #3955.
- Added support for a new lifecycle script:
pnpm:devPreinstall
. This script works only in the rootpackage.json
file, only during local development, and runs before installation happens #3968.
- Installing a workspace project with an injected dependency from a non-root directory should not fail #3970.
- Escape the arguments that are passed to the scripts #3907.
- Do not index the project directory if it should not be hard linked to any other project #3949.
- The CLI should not exit before all the output is printed #3526.
- All the
dependenciesMeta
fields should be duplicated to the lockfile.
pnpm import
should be able to import a workspace lockfile #3908.- Don't run pre/post scripts by default with recursive run commands #3903.
pnpm env use
should use the network/proxy settings to make HTTP requests #3942.- It should be possible to install a git-hosted package that has a port in its URL #3944.
pnpm create
andpnpm dlx
should work with scoped packages #3916.
-
Fix broken artifacts of
@pnpm/exe
. This doesn't affect thepnpm
package.
-
New property supported via the
dependenciesMeta
field ofpackage.json
:injected
. Wheninjected
is set totrue
, the package will be hard linked tonode_modules
, not symlinked #3915.For instance, the following
package.json
in a workspace will create a symlink tobar
in thenode_modules
directory offoo
:{ "name": "foo", "dependencies": { "bar": "workspace:1.0.0" } }
But what if
bar
hasreact
in its peer dependencies? If all projects in the monorepo use the same version ofreact
, then no problem. But what ifbar
is required byfoo
that usesreact
16 andqar
withreact
17? In the past, you'd have to choose a single version of react and install it as dev dependency ofbar
. But now with theinjected
field you can injectbar
to a package, andbar
will be installed with thereact
version of that package.So this will be the
package.json
offoo
:{ "name": "foo", "dependencies": { "bar": "workspace:1.0.0", "react": "16" }, "dependenciesMeta": { "bar": { "injected": true } } }
bar
will be hard linked into the dependencies offoo
, andreact
16 will be linked to the dependencies offoo/node_modules/bar
.And this will be the
package.json
ofqar
:{ "name": "qar", "dependencies": { "bar": "workspace:1.0.0", "react": "17" }, "dependenciesMeta": { "bar": { "injected": true } } }
bar
will be hard linked into the dependencies ofqar
, andreact
17 will be linked to the dependencies ofqar/node_modules/bar
.
- Buffer warnings fixed #3932.
- Proxy URLs with special characters in credentials should work #3925.
- Don't print info message about conflicting command names #3912.
-
Package scope is optional when filtering by package name #3485.
So the next two commands will both find
@pnpm/core
:pnpm test --filter core pnpm test --filter @pnpm/core
However, if the workspace contains
@types/core
and@pnpm/core
,--filter=core
will not work. -
Allow a system's package manager to override pnpm's default settings
pnpm install --global
should link global packages to specific Node.js versions only if Node.js was installed by pnpm #3910.- It should be possible to alias a workspace package that has a name with a scope #3899.
pnpm store path
added to the output ofpnpm store
.
pnpm env use
:maxsockets
: a new setting to configure the maximum number of connections to use per origin (protocol/host/post combination) #3889.
- Installing Git-hosted dependencies should work using URLs with colon. For instance,
pnpm add ssh://git@example.com:foo/bar.git
#3882. - Autofix command files with Windows line endings on the shebang line #3887.
- Dedupe dependencies when adding new ones or updating existing ones #2222.
- Only check for CLI updates when
pnpm install
orpnpm add
is executed #3874. - Use a single global config file (at
~/.config/pnpm/npmrc
) for all npm versions, when npm is installed viapnpm env use
#3873. - Add information about the
--force
option intopnpm install --help
#3878. - Allow to pass the
--cache-dir
and--save-prefix
CLI options.
pnpm env use
should create a symlink to the Node.js executable, not a command shim #3869.- Attach the globally installed packages to the system default Node.js executable #3870.
- The
.pnpm-debug.log
file is not written when pnpm CLI exits with an expected non-zero exit code. For instance, when vulnerabilities are found by thepnpm audit
command #3832. - Suggest
pnpm install --force
to refetch modified packages #3867.
- New hook supported for filtering out info and warning logs:
filterLog(log) => boolean
#3802. - New command added:
pnpm create
is similar toyarn create
#3829. pnpm dlx
supports the--silent
option #3839.
- Add link to the docs to the help output of the dlx, exec, root, and bin commands #3838.
- Don't print anything except the JSON output, when the
--json
option is used #3844.
- Installation should not fail if the installed package has no
package.json
#3782. - Hoisting should work when the dependencies of only a subset of workspace projects are installed #3806.
- Upgraded ansi-regex to v5.0.1 in order to fix a security vulnerability CVE-2021-3807.
- New setting added:
changed-files-ignore-pattern
. It allows to ignore changed files by glob patterns when filtering for changed projects since the specified commit/branch #3797. - New setting added:
extend-node-path
. When it is set tofalse
, pnpm does not set theNODE_PATH
environment variable in the command shims #3799.
- Pick the right extension for command files. It is important to write files with .CMD extension on case sensitive Windows drives #3804.
pnpm add --global <pkg>
should use an exact path to the Node.js executable to create the command shim. This way, the globally install package will work even if the system-wide Node.js is switched to another version #3780.pnpm install --fix-lockfile
should not ignore thedependencies
field in the existing lockfile #3774.- When
use-beta-cli
istrue
, the global packages directory is inside the pnpm home directory #3781. pnpm install --frozen-lockfile
should not fail if a project has a local directory dependency that has no manifest (package.json
file) #3793.- Don't override the bin files of direct dependencies with the bin files of hoisted dependencies #3795.
- A security vulnerabity fixed. When commands are executed on Windows, they should not be searched for in the current working directory.
pnpm import
should never run scripts #3750.
pnpm install --fix-lockfile
allows to fix a broken lockfile #3729.- New setting supported:
global-bin-dir
.global-bin-dir
allows to set the target directory for the bin files of globally installed packages #3762.
- The pnpm CLI should not silently exit on bad HTTPS requests #3768.
- Use correct GitLab tarball URL #3643.
- Accept gzip and deflate encoding from the registry #3745.
- Print error codes in error messages #3748.
- Allow the $ sign to be a command name #3679.
pnpm setup
should add pnpm to the PATH on Windows #3734.pnpm env
should not create PowerShell command shims to fix issues on Windows #3711.overrides
should work with selectors that specify the parent package with a version range #3732.
- A broken
package.json
should not make pnpm exit without any message #3705. pnpm dlx
should allow to pass multiple packages for installation #3710.- The pnpm home directory should be always prefered when searching for a global bin directory #3723.
pnpm setup
should not remove the pnpm CLI executable, just copy it to the pnpm home directory #3724.- It should be possible to set
cache-dir
andstate-dir
through config files #3727.
- Downgrade
@yarnpkg/parsers
to v2.3.0 from v2.4.0 to fix a regression in script running, whenshell-emulator
istrue
#3700.
pnpm setup
prints an info message that suggests to open a new terminal #3698.pnpm env use -g <version>
linksnpm
as well, when installing Node.js #3696.
- Don't crash on unsupported packages that are only dependencies of skipped optional dependencies #3640.
- Allow to symlink a directory that has no
package.json
#3691.
pnpm import
can convert ayarn.lock
to apnpm-lock.yaml
#3655.- Backward-compatible change to the lockfile format. Optional dependencies will always have the
requiresBuild
field set totrue
. This change is needed to allow skipping optional dependency downloads, when the optional dependency is not compatible with the target system #2038
- Those optional dependencies that don't support the target system should not be downloaded from the registry #2038.
- New command added for running packages in a tempory environment:
pnpm dlx <command> ...
#3652.
- Link the package's own binaries before running its lifecycle scripts #3662.
- Resolve peer dependencies from the root of the workspace when adding a new dependency or updating #3667.
- Ignore empty shasum in entries in package metadata #3666.
- Throw a meaningful error if a package has invalid shasum in its metadata #3666.
- Add
run
to NO_SCRIPT error example #3660.
- Fix a regression introduced in v6.12.0:
--workspace-root
optional should not be ignored.
-
A new command added for installing Node.js:
pnpm env use --global <version>
.You may install Node.js using an exact version, version range, LTS, or LTS name (e.g.
argon
).Examples:
pnpm env use --global 16.5.0 pnpm env use --global 16 pnpm env use --global lts pnpm env use --global argon
Related PR: #3620.
-
Exclude the root package, when running
pnpm exec|run|add
. This change is only active whenuse-beta-cli
is set totrue
#3647. -
When
--workspace-root
is used, the workspace root package is selected even if the command is executed with filters #3647.For example:
pnpm --workspace-root --filter=foo run lint
- Avoid too many open files error #3637.
pnpm audit --fix
should not add overrides for packages with vulnerabilities that do not have fixes #3649.- When a peer dependency issue happens, the warning should contain the path to the project with the issue #3650.
-
New
package.json
setting added:publishConfig.executableFiles
. By default, for portability reasons, no files except those listed in the bin field will be marked as executable in the resulting package archive. TheexecutableFiles
field lets you declare additional fields that must have the executable flag (+x) set even if they aren't directly accessible through the bin field.{ ... "publishConfig": { "executableFiles": [ "./dist/shim.js", ] } }
- Fix a regression introduced in v6.11.0 #3627.
- Print a warning when a lifecycle script is skipped #3619.
- New command added:
pnpm audit --fix
. This command adds overrides topackage.json
that force versions of packages that do not have the vulnerabilities #3598. - Own implementation of
pnpm pack
is added. It is not passed through tonpm pack
anymore #3608. - When
pnpm add pkg
is executed in a workspace andpkg
is already in the dependencies of one of the workspace projects, pnpm uses that already present version range to add the new dependency #3614.
- Don't collapse warnings when
--reporter append-only
is used.
- Overriding packages by parent package and no range. Fixes a regression introduced in v6.10.2
pnpm exec
should work outside of Node.js projects #3597.- Overriding should work when the range selector contains
>
.
- A trailing newline should always be added to the output #3565.
pnpm link --global
should not break global dependencies #3462.
- New command added:
pnpm store path
#3571. - New setting added:
cache-dir
.cache-dir
is the location of the package metadata cache. Previously this cache was stored in the store directory. By default, the cache directory is created in theXDG_CACHE_HOME
directory #3578. - New setting added:
state-dir
.state-dir
is the directory where pnpm creates thepnpm-state.json
file that is currently used only by the update checker. By default, the state directory is created in theXDG_STATE_HOME
directory #3580. workspace-concurrency
is based on CPU cores amount, when set to 0 or a negative number. The concurrency limit is set asmax((amount of cores) - abs(workspace-concurrency), 1)
#3574.
- Never do full resolution when package manifest is ignored #3576.
- An error is thrown if
pnpm link
is executed.pnpm link
needs at least one argument or option #3590.
- Dependencies from the root workspace package should be used to resolve peer dependencies of any projects in the workspace.
-
A new optional field added to the
pnpm
section ofpackage.json
:packageExtensions
. ThepackageExtensions
fields offer a way to extend the existing package definitions with additional information. For example, ifreact-redux
should havereact-dom
in itspeerDependencies
but it has not, it is possible to patchreact-redux
usingpackageExtensions
:{ "pnpm": { "packageExtensions": { "react-redux": { "peerDependencies": { "react-dom": "*" } } } } }
The keys in
packageExtensions
are package names or package names and semver ranges, to it is possible to patch only some versions of a package:{ "pnpm": { "packageExtensions": { "react-redux@1": { "peerDependencies": { "react-dom": "*" } } } } }
The following fields may be extended using
packageExtensions
:dependencies
,optionalDependencies
,peerDependencies
, andpeerDependenciesMeta
.A bigger example:
{ "pnpm": { "packageExtensions": { "express@1": { "optionalDependencies": { "typescript": "2" } }, "fork-ts-checker-webpack-plugin": { "dependencies": { "@babel/core": "1" }, "peerDependencies": { "eslint": ">= 6" }, "peerDependenciesMeta": { "eslint": { "optional": true } } } } } }
- When
use-beta-cli
istrue
, filtering by directories supports globs #3521.
- The
pnpm remove
andpnpm update
commands do not fail when thedev
,production
, oroptional
settings are set. - Use the real package names of the peer dependencies when creating the paths in the virtual store #3545.
- The lockfile should not break on peer dependencies that have underscores in their name #3546.
- Resolve peer dependencies from the dependencies of the root project of the workspace #3549.
- Generate a correct command shim on Windows if pnpm is installed to a directory with spaces in its name #3519.
pnpm exec
should run the command in the right directory, when executed inside a workspace #3514.
- When publishing in a workspace, pass the
.npmrc
file from the root of the workspace to npm #3511.
- It should be possible to install a Git-hosted package that uses a default branch other than "master" #3506.
- It should be possible to install a Git-hosted package by using only part of the Git commit hash #3507.
- Support the
publishConfig.directory
field inpackage.json
#3490. - There is no need to escape the command shell with
--
, when using the exec command. So justpnpm exec rm -rf dir
instead ofpnpm exec -- rm -rf dir
#3492. pnpm audit
supports a new option:--ignore-registry-errors
.pnpm audit --ignore-registry-errors
exits with exit code 0, when the registry responds with a non-200 status code #3472.
- Mention
pnpm exec
in the generic help. pnpm outdated
should read the value of thestrict-ssl
setting #3493.- New lines in engine field should not break the lockfile #3491.
- a1a03d145: Import only the required functions from ramda.
- When pnpm is executed with an unknown command, it is considered a shell command that needs to be executed in the context of the project. So you can do things like
pnpm eslint
, when eslint is in the dependencies. It is kind of similar topnpx eslint
but unlinkpnpx
,pnpm eslint
will not install eslint, when not present #3478.
- New setting added:
use-node-version
. When set, pnpm will install the specified version of Node.js and use it for running any lifecycle scripts #3459. - New experimental command added:
pnpm setup
. This command adds the path to the pnpm bin to the active shell of the user. So it modifies the bash, zsh, or fish config file #3456. pnpm publish -r
supports a new option:--report-summary
. When it is used,pnpm publish -r --report-summary
will save the summary of published packages topnpm-publish-summary.json
#3461.- New CLI option added:
--use-stderr
. When set, all the output is written to stderr #3463. - pnpm now reads the value of the
NPM_CONFIG_WORKSPACE_DIR
env variable to find the directory that contains the workspace manifest file. By default pnpm will look in all parent directories for this file #3464.
- Do not retry requests, when checking for new versions of pnpm #3465.
- Added support for
type
andimports
inpublishConfig
field of thepackage.json
manifest #3315.
- Do not print a warning if a skipped optional dependency cannot be hoisted #3454.
- The second argument to readPackage hook should always be the context object #3455.
pnpm list -r --json
returns the locations of workspace projects via thepath
field #3432.
save-prefix
should be respected, when it is set to empty #3414.- skip resolution, when lockfile is up-to-date, even if some packages in the workspace are referenced through relative path #3422.
pnpm why
: do not incorrectly include linked deps in search results #3428.
- Do not crash when linking two dependencies with the same name #3308.
- The temp pnpx directory should be created inside the pnpm store.
- pnpm should not fail with an
EMFILE
error on a big workspace with many projects #3381.
- Fixing a regression introduced in v6.2.2 #3407.
- The
child-concurrency
setting should not be ignored when installing in a project with up-to-date lockfile #3399.
pnpm audit
should not receive a 502 error from the registry #2848.- When installing Git-hosted dependencies that have a
prepare
script, pnpm should install theirdevDependencies
for a successfull build #855. preinstall
scripts should run after installing the dependencies #3395.- Sorting workspace projects should work correctly when the workspace dependencies use
workspace:~
orworkspace:^
#3400
- New CLI option:
--filter-prod
.--filter-prod
acts the same as--filter
, but it omitsdevDependencies
when selecting dependency projects from the workspace #3372. - New types of workspace ranges added #3116:
workspace:~
means that the version of the workspace project should be added using the~
prefix. For instance:~1.0.0
(if the version of the referenced project is1.0.0
in the workspace).workspace:^
means that the version of the workspace project should be added using the^
prefix. For instance:^1.0.0
.
- New setting:
fetch-timeout
. Sets the maximum amount of time to wait for HTTP requests to complete. By default, the value is 60000 (1 minute) #3390.
- Don't skip lifecycle scripts of projects when doing a filtered installation #3251.
- No deprecation warning about
rmdir()
usage should appear when running pnpm on Node.js 16. - Link overrides should work on non-root workspace projects #3388.
- pnpm should not fail with an
EMFILE
error on a big workspace with many projects #3381.
- New option added:
enable-pre-post-scripts
. When it is set totrue
, lifecycle scripts with pre/post prefixes are automatically executed by pnpm #3348.
pnpm publish
: lifecycle scripts should not be executed twice when the globally installed npm version is 7 #3340.pnpm list
: hoisted dependencies are not listed as unsaved dependencies #3339.pnpm.overrides
should override direct dev dependencies #3327.- Commands from the root of the workspace should be in the PATH even when there is no lockfile in the workspace root #2086.
- Use
+
instead of#
in directory names inside the virtual store directory (node_modules/.pnpm
).#
causes issues with Webpack and Vite #3314.
-
Node.js v10 support is dropped. At least Node.js v12.17 is required for the package to work.
-
Arbitrary pre/post hooks for user-defined scripts (such as
prestart
) are not executed automatically. -
The lockfile version is bumped to v5.3. Changes in the new format:
- Blank lines added between package/project entries to improve readability and decrease merge issues.
- The
resolution
,engines
,os
, andcpu
fields are now always written in a single lines, as the first keys of the package objects. - A new field is added to the package objects:
transitivePeerDependencies
.
-
The layout of the virtual store directory has changed (
node_modules/.pnpm
) to allow keeping cache in it:- All packages inside the virtual store directory are on the same depth. Instead of subdirectories, one directory is used with
#
instead of slashes. - New setting added:
modules-cache-max-age
. The default value of the setting is 10080 (7 days in minutes).modules-cache-max-age
is the time in minutes after which pnpm should remove the orphan packages fromnode_modules
.
- All packages inside the virtual store directory are on the same depth. Instead of subdirectories, one directory is used with
-
pnpx does not automatically install packages. A prompt asks the user if a package should be installed, if it is not present.
pnpx --yes
tells pnpx to install any missing package.pnpx --no
makes pnpx fail if the called packages is not installed. -
pnpmfile.js
renamed to.pnpmfile.cjs
in order to force CommonJS. -
.pnp.js
renamed to.pnp.cjs
in order to force CommonJS. -
The
pnpm-prefix
setting is removed. Useglobal-dir
to specify a custom location for the globally installed packages. -
The default depth of an update is
Infinity
, not0
. -
The
--global
option should be used when linking from/to the global modules directory.Linking a package to the global directory:
- pnpm v5:
pnpm link
- pnpm v6:
pnpm link --global
Linking a package from the global directory:
- pnpm v5:
pnpm link foo
- pnpm v6:
pnpm link --global foo
- pnpm v5:
-
pnpm's command file's extension changed to
.cjs
(bin/pnpm.js
=>bin/pnpm.cjs
). -
node-gyp updated to v8.
-
prepublish
is not executed on a localpnpm install
. Useprepare
instead.
-
A new command added: pnpm fetch.
Fetch packages from a lockfile into virtual store, package manifest is ignored. This command is specifically designed to boost building a docker image.
-
Overrides match dependencies by checking if the target range is a subset of the specified range, instead of making an exact match.
For example, the following override will replace any version of
foo
that has a subrange on v2:"pnpm": { "overrides": { "foo@2": "2.1.0" } }
This will override
foo@2.2.0
andfoo@^2.3.0
tofoo@2.1.0
as both2.2.0
and^2.3.0
are subranges of2
.
pnpm store status
should look for theintegrity.json
file at the right place (#2597).- Allow
--https-proxy
,--proxy
, and--noproxy
CLI options with theinstall
,add
,update
commands (#3274).
- Installation of packages that have bin directories with subdirectories should not fail (#3263).
- The value of the
noproxy
setting should be read (#3258). - An empty
node_modules
directory should not be created just to save a.pnpm-debug.log
file to it.
- Proxying through
socks://
should work (#3241). - Non-directories should not be added to
NODE_PATH
in command shims (#3156).
- Escape invalid charachters in file names, when linking packages from the store (#3232).
- Link to the compatibility page fixed.
- Verify the name and version of the package before linking it from the store (PR #3224, issue #3188).
- The lockfile should be autofixed if it contains broken integrity checksums (PR #3228, issue #3137).
- Links to docs updated. The docs now lead to the versioned
5.x
docs, not the current ones. - The command prompts should work when selecting shell target in
pnpm install-completion
#3221.
- Broken lockfiles are ignore unless
pnpm install --frozen-lockfile
is used #1395. - Fixed occasional "Too many open file" error on
pnpm store status
#3185.
pnpm audit
should work with the--no-optional
,--dev
, and--prod
options #3152.
- The ID of a tarball dependency should not contain colons, when the URL has a port. The colon should be escaped with a plus sign#3182.
pnpm publish -r --force
should try to publish packages even if their current version is already in the registry.
- Turn off warnings about settings.
- The
-P/-D
shorthand options should work with thepnpm why
command. pnpm add --global pnpm
does not create PowerShell command shims for the pnpm CLI.
- Only display unknown settings warning, when
pnpm install
is executed #3130. - Update help for the filter option. Some of the filtering patterns should be escaped in Zsh.
- Audit output should always have a new line at the end #3134.
- Return the correct registry for an aliased scoped dependency #3103.
- New '--reverse' CLI option added for reversing the order of package executions during
pnpm -r run
#2985.
- Remove redundant empty lines when run
pnpm why --parseable
#3101. pnpm publish --publish-branch=<branch>
does not fail #2996.- Don't print warnings when
.npmrc
contains empty lines with whitespaces #3105.
-
Allow to ignore the builds of specific dependencies #3080.
The list of dependencies that should never be built, is specified through the
pnpm.neverBuiltDependencies
ofpackage.json
. For instance:{ "pnpm": { "neverBuiltDependencies": ["fsevents", "level"] } }
-
Print warnings if unknown settings are found in
.npmrc
#3074. -
pnpm can now be executed using its single bundled CLI file #3096.
-
When pnpm crashes because the Node.js version is unsupported, the error message will now contain a link to the compatibility page of the pnpm documentation website.
-
pnpm pubish -r
prints an info message if there are no pending packages to be published.
- A failing optional dependency should not cause a crash of headless installation #3090.
npx pnpm install --global pnpm
should not install pnpm to the temporary directory of npx #2873.
- The lockfile's content should not "flicker" if some dependency's version is specified with build metadata #2928.
- If
pnpm.overrides
were modified, the resolution stage may never be skipped #3079. - The
pnpm
section of options is not included in the published version of apackage.json
#3081. - Fix the error message that happens when trying to add a new dependency to the root of a workspace #3082.
-
Finding the global directory location should not fail when one of the possible locations is in a read-only filesystem #2794.
-
Don't ask for confirmation, when publishing happens on a branch name
"main"
#2995. -
Highlight the project names in the output of the
pnpm list
command #3024. -
It should be possible to use the workspace protocol with version specs inside
pnpm.overrides
#3029.For instance:
{ "pnpm": { "overrides": { "foo": "workspace:*" } } }
- Allow to specify the shell target when configuring autocompletion with
pnpm install-completion
. For instance:pnpm install-completion zsh
. - New option added:
enable-modules-dir
. Whenfalse
, pnpm will not write any files to the modules directory (node_modules). This is useful for when the modules directory is mounted with filesystem in userspace (FUSE). There is an experimental CLI that allows to mount a modules directory with FUSE: @pnpm/mount-modules.
-
Fixed a performance regression that was caused by #3032 and shipped in pnpm v5.13.7
The performance of repeat
pnpm install
execution was in some cases significantly slower. -
Don't create broken symlinks to skipped optional dependencies, when hoisting. This issue was already fixed in pnpm v5.13.7 for the case when the lockfile is up-to-date. This fixes the same issue for cases when the lockfile needs updates. For instance, when adding a new package.
- Fixed an issue with installing peer dependencies. In some rare cases, when installing a new peer dependency, the other existing dependencies were removed #3057
- Linking dependencies by absolute path should work. For instance:
pnpm link C:\src\foo
#3025
-
New option added:
test-pattern
.test-pattern
allows to detect whether the modified files are related to tests. If they are, the dependent packages of such modified packages are not included.This option is useful with the "changed since" filter. For instance, the next command will run tests in all changed packages, and if the changes are in source code of the package, tests will run in the dependent packages as well:
pnpm --filter=...[origin/master] --test-pattern=test/* test
-
An exception is thrown if the workspace manifest is created with the wrong extension:
pnpm-workspace.yml
instead ofpnpm-workspace.yaml
.
--no-bail
should work with non-recursive commands #3036.
- Broken symlinks are not created to skipped optional dependencies, when hoisting.
- Regression in
pnpm install-completion
fixed. - Throw a meaningful error on malformed registry metadata.
- Include dependencies of dependents, when using
--filter ...pkg...
#2917. - Fix hanging requests issue. The number of max open sockets increased #2998.
- Issue with Homebrew fixed [#2993]#2993).
- Fix regression with node-gyp that was introduced in v5.13.2 #2988.
- The pnpm CLI is bundled for faster startup.
- pnpm should not leave empty temporary directories in the root of the partition #2749.
-
New setting added:
prefer-workspace-packages
#2136.When
prefer-workspace-packages
is set totrue
, local packages from the workspace are preferred over packages from the registry, even if there is a newer version of that package in the registry.This setting is only useful if the workspace doesn't use
save-workspace-protocol=true
.
-
Workspace packages now can be referenced through aliases #2970.
For instance, the package in the workspace may be named
foo
. Usually, you would reference it as{ "foo": "workspace:*" }
. If you want to use a different alias, the next syntax will work now:{ "bar": "workspace:foo@*" }
.Before publish, aliases are converted to regular aliased dependencies. The above example will become:
{ "bar": "npm:foo@1.0.0" }
. -
Workspace packages now can be referenced through relative path #2959.
For example, in a workspace with 2 packages:
+ packages + foo + bar
bar
may havefoo
in its dependencies declared as{ "foo": "workspace:../foo" }
. Before publish, these specs are converted to regular version specs supported by all package managers. -
For better compatibility with prettier, two new default patterns added to
public-hoist-pattern
:@prettier/plugin-*
*prettier-plugin-*
- Retry metadata download if the received JSON is broken #2949.
- Conflicts in
pnpm-lock.yaml
are automatically fixed bypnpm install
#2965.
- Don't ignore the
overrides
field of the root project, when the scope of the command doesn't include the root project.
- When extracting packages to the store, file duplicates are skipped.
- When creating a hard link fails, fall back to copying only if the target file does not exist.
-
A
"pnpm"."overrides"
field may be used to override version ranges of dependencies. The overrides field can be specified only in the root project'spackage.json
.An example of the
"pnpm"."overrides"
field:{ "pnpm": { "overrides": { "foo": "^1.0.0", "bar@^2.1.0": "3.0.0", "qar@1>zoo": "2" } } }
You may specify the package to which the overriden dependency belongs by separating the package selector from the dependency selector with a ">", for example
qar@1>zoo
will only override thezoo
dependency of anyqar@1
dependency. -
A new setting added for specifying the shell to use, when running scripts: script-shell #2942
-
When some of the dependencies of a package have the package as a peer depenendency, don't make the dependency a peer depenendency of itself.
-
Lockfile version bumped to 5.2
- Fixes a regression with CLI commands inside a workspace introduced in v5.9.0 #2925
- Fixed multiple issues with inconsistent lockfile generation #2919
-
Plug'n'Play support added #2902
To use Plug'n'Play in a project, create a
.npmrc
file in its root with the following content:node-linker=pnp ; Setting symlink to false is optional. symlink=false
All the commands will work, when executed through
pnpm run
. However, directly executing a.js
file with Node.js will fail. Node's resolver should be patched with.pnp.js
. So instead ofnode index.js
, you should run:node --require=./.pnp.js index.js
-
New setting:
symlink
#2900When
symlink
is set tofalse
, pnpm creates a virtual store directory (node_modules/.pnpm
) without any symlinks.
- Fixed some edge cases with resolving peer dependencies #2919.
- Installation should fail if there are references to a project that has been removed from the workspace #2905.
- pnpm should not suggest to update pnpm to a newer version, when the installed version is bigger than latest.
-
New setting:
shell-emulator
#2621When
shell-emulator
istrue
, pnpm will use a shell emulator to execute scripts. So things likeFOO=1 pnpm run foo
and other simple bash syntax will work on Windows.pnpm uses the shell emulator that was developed for Yarn v2: @yarnpkg/shell.
-
Exluding projects using
--filter=!<selector>
#2804Packages may be excluded from a command's scope, using "!" at the beginning of the selector.
For instance, this will run tests in all projects except
foo
:pnpm --filter=!foo test
And this one will run tests in all projects that are not under the
lib
directory:pnpm --filter=!./lib test
- When searching for a global bin directory, also look for symlinked commands #2888.
- Donβt remove nonβpnpm
.dot_files
fromnode_modules
#2833. - During publish, check the active branch name after checking if the branch is clean.
- The
INIT_CWD
env variable is always set to the lockfile directory for scripts of dependencies #2897. - When a package is both a dev dependency and a prod dependency, the package should be linked when installing prod dependencies only. This was an issue only when a lockfile was not present during installation #2882.
- Performance improvements:
- Fixing a regression introduced in v5.5.13. Installation should never fail during automatic importing method selection (#2869).
-
--workspace-root
,-w
: a new option that allows to focus on the root workspace project.E.g., the following command runs the
lint
script of the rootpackage.json
from anywhere in the monorepo:pnpm -w lint
PR #2866
-
The progress indicator also shows the number of dependencies that are being added to the modules direcotory (#2832).
-
Don't report scope, when only one workspace package is selected (#2855).
-
If a script is not found in the current project but is present in the root project of the workspace, notify the user about it in the hint of the error (#2859).
-
Publicly hoist anything that has "types" in the name. Packages like
@babel/types
are publicly hoisted by default (#2865).
- When no matching version is found, report the actually specified version spec in the error message (not the normalized one) (#1314).
- When
package-import-method
is set toauto
, cloning is only tried once. If it fails, it is not retried for other packages. - More information added to the Git check errors and prompt.
- Report an info log instead of a warning when some binaries cannot be linked.
- In some rare cases,
pnpm install --no-prefer-frozen-lockfile
didn't link the direct dependencies to the rootnode_modules
. This was happening when the direct dependency was also resolving some peer dependencies.
- Sometimes, when installing new dependencies that rely on many peer dependencies, or when running installation on a huge monorepo, there will be hundreds or thousands of warnings. Printing many messages to the terminal is expensive and reduces speed, so pnpm will only print a few warnings and report the total number of the unprinted warnings.
pnpm outdated --long
should print details about the outdated commands.
- Fixing a regression that was shipped with pnpm v5.5.6. Cyclic dependencies that have peer dependencies were not symlinked to the root of
node_modules
, when they were direct dependencies.
- Always try to resolve optional peer dependencies. Fixes a regression introduced in pnpm v5.5.8
- "Heap out of memory" error fixed, which happened on some huge projects with big amount of peer dependencies, since pnpm v3.4.0 (#2339).
- Ignore non-array bundle[d]Dependencies fields. Fixes a regression caused by https://github.com/pnpm/pnpm/commit/5322cf9b39f637536aa4775aa64dd4e9a4156d8a
- "Heap out of memory" error fixed, which happened on some huge projects with big amount of peer dependencies, since pnpm v3.4.0 (#2339).
pnpm add --global <pkg>
should not break the global package, when thesave
setting is set tofalse
(#2261).pnpm test|start|stop
should allow the same options aspnpm run test|start|stop
(#2814).- Improve the error message on 404 errors. Include authorization details (#2818).
- Generate a valid lockfile, when the same dependency is specified both in
devDependencies
andoptionalDependencies
(#2807). - It should be possible to set the fetch related options through CLI options (#2810).
- Fix a regression introduced to
pnpm run --parallel <script>
in pnpm v5.5.4.
-
Any ESLint related dependencies are publicly hoisted by default (#2799).
-
pnpm install -r
should recreate the modules directory if the hoisting patterns were updated in a local config file. The hoisting patterns are configured via thehoist-pattern
andpublic-hoist-pattern
settings (#2802). -
The same code should run when running some command inside a project directory, or when using
--filter
to select a specific workspace project (#2805).This fixes an issue that was happening when running
pnpm add pkg
inside a workspace. The issue was not reproducible when runningpnpm add pkg --filter project
(#2798).
- pnpm should not always suggest to reinstall the modules directory, when
public-hoist-pattern
is set to nothing (#2783). - When searching for a suitable directory for the global executables, search for node, npm, pnpm files only, not directories (#2793).
pnpm publish -r
does not publish packages with the temporarypnpm-temp
distribution tag (#2686).- Print the authorization settings (with hidden private info), when an authorization error happens during fetch (#2774).
- Stop looking for project root not only when
package.json
ornode_modules
is found but also onpackage.json5
andpackage.yaml
.
-
Allow unknown options that are prefixed with
config.
pnpm install --foo
would fail with an unknown option error.pnpm install --config.foo
will work fine, setting thenpm_config_foo
environment variable for child lifecycle events.
- Don't leave empty temp directories in home directory (#2749).
- Reunpack the contents of a modified tarball dependency (#2747).
pnpm list -r
should print the legend only once.- Don't read the
.npmrc
file that is outside the workspace. - Hoisting should work in a workspace that has no root project.
- Fixing regression of v5.4.5: the
pnpm update
command should update the direct dependencies of the project.
- Fixing regression of v5.4.10: a warning during
package.json
save.
- Don't add a trailing new line to
package.json
if no trailing new line was present in it (#2716). - Installing a new dependency with a trailing
@
(#2737). - Ignore files in the modules directory (#2730).
- Get the right package name of a package resolved from GitHub registry (#2734).
- Registry set in lockfile resolution should not be ignored (#2733).
- Workspace range prefix should be removed from
peerDependencies
before publish (#2467). - Use the same versions of dependencies across the pnpm monorepo.
- Fix lockfile not updated when remove dependency in project with readPackage hook (#2726).
pnpm audit --audit-level high
should not error if the found vulnerabilities are low and/or moderate (#2721).- When purging an incompatible modules directory, don't remove the actual directory, just the contents of it (#2720).
pnpm outdated
should exit with exit code 1, when there are outdated dependencies.pnpm audit
should exit with exit code 1, when vulnerabilities are found.pnpm install --prod --frozen-lockfile
should not fail if there are dev dependencies used as peer dependencies of prod dependencies (#2711).
pnpm root -g
should not fail if pnpm has no write access to the global bin directory (#2700).
pnpm update dep --depth Infinity
should only updatedep
.pnpm publish -r --dry-run
should not publish anything to the registry.
pnpm root -g
should not fail if pnpm has no write access to the global bin directory (#2700).- Suggest to use pnpm to update pnpm.
- Should not print colored output when
color
is set tonever
. This was an issue in commands that don't use@pnpm/default-reporter
. Commands likepnpm list
,pnpm outdated
. - Changes that are made by the
readPackage
hook are not saved to thepackage.json
files of projects. - Allow the
--registry
option with thepnpm audit
command. - Allow the
--save-workspace-protocol
option. - Don't use inversed colors to highlight search results in
pnpm list
,pnpm why
.
pnpm install
should work aspnpm install --filter {.}...
, whenrecursive-install
isfalse
.- On first install, print an info message about the package importing (hard linking, cloning, or copying) method and the location of the virtual store and the content-addressable store.
-
Installation of private Git-hosted repositories via HTTPS using an auth token.
pnpm add git+https://{token}:x-oauth-basic@github.com/SOME_ORG/SOME_PRIVATE_REPO.git
-
A new setting called
recursive-install
was added. When it is set tofalse
,pnpm install
will only install dependencies in current project, even when executed inside a monorepo.If
recursive-install
isfalse
, you should explicitly runpnpm install -r
in order to install all dependencies in all workspace projects. -
Projects that don't have a
"version"
field may be installed as dependencies of other projects in the workspace, using the"workspace:0.0.0"
specifier.So if there's
foo
in the repository that has no version field,bar
may have it as a dependency:"dependencies": { "foo": "workspace:0.0.0" }
-
By default, all ESLint plugin are hoisted to the root of
node_modules
.eslint-plugin-*
added as one of the default patterns ofpublic-hoist-pattern
. -
Improved error message on workspace range resolution error.
Now the path to the project is printed, where the error originated.
pnpm prune
should accept the--no-optional
and--no-dev
options.
- Any unknown command is assumed to be a script. So
pnpm foo
becomespnpm run foo
.
- Fix installation of packages via repository URL. E.g.,
pnpm add https://github.com/foo/bar
.
run --silent <cmd>
should only print output of the command and nothing from pnpm (#2660).- installing a new optional dependency that has an option dependency should not fail (#2663).
- Fixing some issues with finding the target directory for command files during global installation.
- Fixing some issues with finding the target directory for command files during global installation.
- Use the proxy settings not only during resolution but also when fetching tarballs.
- Fixing some regressions with global bin directory caused by v5.2.4.
- Find the proper directory for linking executables during global installation.
- Fix
pnpm list --long
. This was a regression in pnpm v5.0.0.
- Own implementation of the
pnpm bin
command added (previously it was passed through tonpm bin
). - Read the correct PATH env variable on all systems, when running pnpx. One Windows the correct path name might be Path or other.
- Install the pnpm bin executable to the directory of the globally installed pnpm executable, when running
pnpm add -g pnpm
. pnpm store prune
should not fail when the store has some foreign files.pnpm unlink --global
should unlink bin files from the global executables directory.
- Don't remove skipped optional dependencies from the current lockfile on partial installation.
- Hoisting should not fail if some of the aliases cannot be hoisted due to issues with the lockfile.
-
Added a new setting:
public-hoist-pattern
. This setting can be overwritten byshamefully-hoist
. The default value ofpublic-hoist-pattern
istypes/*
.If
shamefully-hoist
istrue
,public-hoist-pattern
is set to*
.If
shamefully-hoist
isfalse
,public-hoist-pattern
is set to nothing.public-hoist-pattern
example configuration (through a.npmrc
file):public-hoist-pattern[]=@types/* public-hoist-pattern[]=@angular/*
Related PR: #2631
-
Don't request the full metadata of package when running
pnpm outdated
orpnpm publish -r
(#2633)
- Don't fail when the installed package's manifest (
package.json
) starts with a byte order mark (BOM). This is a fix for a regression that appeared in v5.0.0 (#2629).
- When
link-workspace-packages
isfalse
, filtering by dependencies/dependents should ignore any packages that are not specified viaworkspace:
ranges (#2625). - Print a "Did you mean" line under the unknown option error with any option that look similar to the typed one (#2603).
-
It should be possible to install a tarball through a non-standard URL endpoint served via the registry domain.
For instance, the configured registry is
https://registry.npm.taobao.org/
. It should be possible to runpnpm add https://registry.npm.taobao.org/vue/download/vue-2.0.0.tgz
Related issue: #2549
- Print a warning when an HTTP request fails (#2615).
- Perform headless installation when dependencies should not be linked from the workspace, and they are not indeed linked from the workspace (#2619).
- Fix too long file name issue during write to the content-addressable store (#2605).
- Don't remove authorization headers when redirecting requests to the same host (#2602).
- fix an issue with node-gyp failure. Downgrade uuid.
- 86d21759d: Print a meaningful error when pnpm is executed with Node.js v13.0-v13.6
-
ffddf34a8: Add new global option called
--stream
. (#2595)When used, the output from child processes is streamed to the console immediately, prefixed with the originating package directory. This allows output from different packages to be interleaved.
-
The
run
andexec
commands may use the--parallel
option.--parallel
completely disregards concurrency and topological sorting, running a given script immediately in all matching packages with prefixed streaming output. This is the preferred flag for long-running processes such as watch run over many packages.For example:
pnpm run --parallel watch
PR #2599
-
Color the child output prefixes (#2598)
- A recursive run should not rerun the same package script which started the lifecycle event (#2528).
- Fixing a regression on Windows. Fall back to copying if linking fails (429c5a560b7a32b0261e471ece349ec136ab7f4d)
- 2f9c7ca85: Fix a regression introduced in pnpm v5.0.0. Create correct lockfile when the package tarball is hosted not under the registry domain.
- 160975d62: This fixes a regression introduced in pnpm v5.0.0. Direct local tarball dependencies should always be reanalized on install.
- 81b537003: The usage of deprecated options should not crash the CLI. When a deprecated option is used (like
pnpm install --no-lock
), just print a warning. - 187615f87: Fix installation of git-hosted packages. This was a regression in v5.
-
π 33% faster installation times vs pnpm v4.
In some cases, 2 times faster than Yarn v1! (performance diff of pnpm v4 vs v5)
action cache lockfile node_modules npm pnpm Yarn Yarn PnP install 43.3s 17.5s 36.7s 28.6s install β β β 7s 1.5s 735ms n/a install β β 18.3s 7.8s 10.5s 1.8s install β 24.8s 10.9s 22.2s 12.1s install β 23.2s 15.2s 22.4s 13.4s install β β 6.4s 1.8s 17.1s n/a install β β 7.3s 1.5s 735ms n/a install β 6.4s 3.1s 33.2s n/a update n/a n/a n/a 7s 14.5s 42.6s 27.6s All the benchmarks are here.
-
A content-addressable filesystem is used to store packages on the disk.
pnpm v5 uses a content-addressable filesystem to store all files from all module directories on a disk. If you depend on different versions of lodash, only the files that differ are added to the store. If lodash has 100 files, and a new version has a change only in one of those files, pnpm update will only add 1 new file to the storage.
For more info about the structure of this new store, you can check the GitHub issue about it.
This change was inspired by dupe-krill and the content-addressable storage of Git.
-
Reduced directory nesting in the virtual store directory.
In pnpm v4, if you installed
foo@1.0.0
, it was hard-linked intonode_modules/.pnpm/registry.npmjs.org/foo/1.0.0/
.In pnpm v5, it will be hard-linked into
node_modules/.pnpm/foo@1.0.0/
. This new structure of the virtual store directory drastically reduces the number of directories pnpm has to create. Hence, there are fewer filesystem operations, which improves speed. -
pnpm store usages
removed.This command was using information from the
store.json
files, which is not present in the new content-addressable storage anymore. -
The
independent-leaves
setting has been removed.When hoisting was off, it was possible to set the
independent-leaves
setting totrue
. Whentrue
, leaf dependencies were symlinked directly from the global store. However, we turned hoisting on by default for pnpm v4, so this feature has no future at the moment. -
The
resolution-strategy
setting has been removed.By default, the
fewer-dependencies
resolution strategy is used. It was possible to select afast
resolution strategy. This setting is deprecated to simplify future improvements to the resolution algorithm. -
The store and the modules directory are not locked.
We are not using directory locks anymore. So the
--no-lock
option will throw an error. Some users had issues with locking. We have confidence that pnpm will never leave either node_modules or the store in a broken state, so we removed locking. -
git-checks
istrue
by default.By default,
pnpm publish
will make some checks before actually publishing a new version of your package.The next checks will happen:
- The current branch is your publish branch. The publish branch is
master
by default. This is configurable through thepublish-branch
setting. - Your working directory is clean (there are no uncommitted changes).
- The branch is up-to-date.
If you don't want this checks, run
pnpm publish --no-git-checks
or set this setting tofalse
via a.npmrc
file. - The current branch is your publish branch. The publish branch is
-
In case of a crash, the debug file will be written to
node_modules/.pnpm-debug.log
(not topnpm-debug.log
as in v4 and earlier).
-
The
link-workspace-packages
setting may now be set todeep
.When
link-workspace-packages
is set todeep
, packages from the workspace will be linked even to subdependencies.