feat: implement catalog protocol reads (feature flagged)

[gluxon]

Changes

This implements the following items from the tracking issue #7072.

• Support the catalog: and catalog:default specifiers.
• Support catalog:<name> specifiers.
• Changing a catalog entry in pnpm-workspace.yaml causes the lock file to not be up to date.

I've organized this PR into different commits that make sense by themselves. This PR should be easier to review commit by commit rather than all files changed at once.

When should we transform the catalog protocol?

The hardest part of this PR was determining the right place for the catalog: → ^1.2.3 translation internally.

• We could model this as a read package hook, which would be similar to how pnpm.overrides and packageExtensions work. I think this is too early of a place for the protocol to be resolved since it means the pnpm-lock.yaml file won't have the original catalog: specifier that was declared in package.json.
• We could rewrite it at the @pnpm/default-resolver level, but I think that's too deep. It means the default resolver would need to understand catalogs, which leaks the catalogs abstraction and makes the resolvers more complicated.

I settled on performing the catalog: protocol replacement right before we request dependencies from the store. I think that strikes the right balance.

pnpm/pkg-manager/resolve-dependencies/src/resolveDependencies.ts

Lines 1135 to 1141 in ade62a9

	if (catalogLookup != null) {
	wantedDependency.pref = catalogLookup.entrySpecifier
	}
	if (!options.update && currentPkg.version && currentPkg.pkgId?.endsWith(`@${currentPkg.version}`)) {
	wantedDependency.pref = replaceVersionInPref(wantedDependency.pref, currentPkg.version)
	}
	pkgResponse = await ctx.storeController.requestPackage(wantedDependency, {

[gluxon]

Instead of creating a new @pnpm/catalogs.types package, we could also stuff the small definitions here into the existing @pnpm/types package. I opted for a new package for now since we're doing something similar for hooks: @pnpm/hooks.types.

[zkochan]

sounds good to me

[gluxon]

Thanks. I'll separate the new packages out to a different PR so you don't have to keep looking at these changes when re-reviewing this PR.

• feat: create new @pnpm/catalogs.types package #8026
• feat: create new @pnpm/catalogs.protocol-parser package for parsing catalog specifiers #8027

[gluxon]

At the moment, this small package gets used in:

• pkg-manager/core/src/install/index.ts
• pkg-manager/resolve-dependencies/src/getCatalogResolver.ts

Thought it was worth breaking it out into a new package. The publishing packages will likely need this utility too in a future PR.

[gluxon]

In the pnpm-lock.yaml file, this will look like:

catalogs:
  default:
    foo:
      specifier: ^1.2.3
      version: 1.2.3

This PR writes the version part. A future PR will read from it to optimize new usages of the catalog protocol. I think the logic will be similar to the existing replaceVersionInPref logic.

[zkochan]

what if there will be multiple named catalogs with the same specs? will the entries be duplicated? Like

catalogs:
  default:
    foo:
      specifier: ^1.2.3
      version: 1.2.3
  named:
    foo:
      specifier: ^1.2.3
      version: 1.2.3

[gluxon]

Yup, they'll be duplicated. I think that's okay and somewhat by design if someone duplicates a catalog entry across multiple named catalogs.

[gluxon]

Intentionally keeping around unused entries for now. Otherwise we'd wipe out catalog: dependencies in a filtered install. I think we'll want to change this logic in another PR to prevent stale references though.

[zkochan]

sounds good to me

[zkochan]

what if there will be multiple named catalogs with the same specs? will the entries be duplicated? Like

catalogs:
  default:
    foo:
      specifier: ^1.2.3
      version: 1.2.3
  named:
    foo:
      specifier: ^1.2.3
      version: 1.2.3

[zkochan]

Is there a need for a setting? It is opt-in anyway, as the new field in pnpm-workspace.yaml should be added.

[gluxon]

It's mostly to avoid bug reports that catalogs aren't working on the next version (ex: 9.1.0). I was thinking it'd be better for it to not work entirely rather than partially work.

Without the setting here, the catalog: protocol would work when defined pnpm-workspace.yaml, but we wouldn't replace it on publish. I'm working on the publish replacing part next.

Alternatively we could:

• Use an environment variable to feature flag this.
• Avoid merging any catalog PRs until it's completely finished.

I thought the temporaryuseBetaCatalogsFeat argument was the best out of those 3 options, but open to other thoughts!

[zkochan]

the workspace manifest is already read outside of @pnpm/core. The catalogs should be passed to core through options.

[gluxon]

Yeah that's a better idea.

[gluxon]

Spent some time thinking through the best way to do this. It's a bit complicated, which is why I avoided it in this PR. But I do think it's a good idea to de-duplicate pnpm-workspace.yaml reads. I was planning on doing it after this PR, but it's probably better to do it beforehand.

Here's our only usage of readWorkspaceManifest in pnpm:

pnpm/workspace/find-packages/src/index.ts

Lines 39 to 44 in 9719a42

	export async function findWorkspacePackagesNoCheck (workspaceRoot: string, opts?: { patterns?: string[] }): Promise<Project[]> {
	let patterns = opts?.patterns
	if (patterns == null) {
	const workspaceManifest = await readWorkspaceManifest(workspaceRoot)
	patterns = workspaceManifest?.packages
	}

A few approaches to refactor that:

1. We could read WorkspaceManifest higher up and pass it to findWorkspacePackages. This would involve refactoring all the installation commands: add, install, import, etc that are currently calling findWorkspacePackages in each of its handlers.
2. We could create a new readWorkspaceManifestCached option that findWorkspacePackages uses.

I prefer option 1 since 2 requires a longer lived module-level cache, but option 1 involves much more refactoring.

@zkochan I can do approach 1 in a separate PR if that sounds good?

[zkochan]

approach 1 is the right one. Maybe we can read it in @pnpm/config. We already read the root manifest there too.

[zkochan]

if the version is also present in the catalogs object, then why is it duplicated here? I guess it makes sense to duplicated it in case when is-positive has peer dependencies. Probably should have such test when the same catalog is used in two projects and has peers that resolve to different versions.

[gluxon]

Right, it's the peer dependencies part of this. Will do — I'll add a test for that.

[zkochan]

no need to use a nested function. Just use bind.

Suggested change

	export function getCatalogResolver (catalogs: Catalogs): CatalogResolver {
	return function resolveFromCatalog (wantedDependency: WantedDependency): CatalogResolution | undefined {
	export function resolveFromCatalog (catalogs: Catalogs, wantedDependency: WantedDependency): CatalogResolution | undefined {

[gluxon]

Thanks for the review. I'll move to draft while I work on the feedback.

[zkochan]

In your PR you mention several issues with filtered install. I think we need to change how filtering works as we have many issues with it now. If the lockfile is not up-to-date, when a filtered install happens, we should do a non-filtered full resolution only install first. This will be less terrible in pnpm v9 as in v9 pnpm doesn't download the package tarballs during resolution.