This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| pnpm (source) | 6.27.1
-> 7.1.0
| | | | |
Release Notes
pnpm/pnpm
Compare Source
Minor Changes
- Added support for
libc
field in package.json
#4454.
Patch Changes
pnpm setup
should update the config of the current shell, not the preferred shell.
pnpm setup
should not override the PNPM_HOME env variable, unless --force
is used.
pnpm dlx
should print messages about installation to stderr #1698.
pnpm dlx
should work with git-hosted packages. For example: pnpm dlx gengjiawen/envinfo
#4714.
pnpm run --stream
should prefix the output with directory #4702
Our Sponsors
#### What's Changed
* fix(dlx): print install output to stderr by @zkochan in https://github.com/pnpm/pnpm/pull/4696
* fix: `pnpm setup` breaks PATH with non-ascii characters by @liuxingbaoyu in https://github.com/pnpm/pnpm/pull/4699
* fix(setup): update the current shell, not the preferred one by @zkochan in https://github.com/pnpm/pnpm/pull/4701
* refactor: use @yarnpkg/extensions instead of @yarnpkg/plugin-compat by @zkochan in https://github.com/pnpm/pnpm/pull/4710
* Refactor setup by @zkochan in https://github.com/pnpm/pnpm/pull/4709
* pnpm run --stream should prefix with dir name by @kenrick95 in https://github.com/pnpm/pnpm/pull/4703
* feat: support libc field for package.json by @fireairforce in https://github.com/pnpm/pnpm/pull/4605
* fix: make `pnpm setup` free of garbled characters by @liuxingbaoyu in https://github.com/pnpm/pnpm/pull/4712
* fix(dlx): pnpm dlx should work with git-hosted pkgs by @zkochan in https://github.com/pnpm/pnpm/pull/4717
* refactor: pnpm setup by @zkochan in https://github.com/pnpm/pnpm/pull/4713
#### New Contributors
* @liuxingbaoyu made their first contribution in https://github.com/pnpm/pnpm/pull/4699
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.0.1...v7.1.0
Compare Source
Patch Changes
- Use Yarn's compatibility database to patch broken packages in the ecosystem with package extensions #4676.
pnpm dlx
should work when the bin name of the executed package isn't the same as the package name #4672.
- Throw an error if arguments are passed to the
pnpm init
command #4665.
pnpm prune
works in a workspace #4647.
- Do not report request retry warnings when loglevel is set to
error
#4669.
pnpm prune
does not remove hoisted dependencies #4647.
Our Sponsors
#### New Contributors
* @axe-me made their first contribution in https://github.com/pnpm/pnpm/pull/4654
Full Changelog: https://github.com/pnpm/pnpm/compare/v7.0.0...v7.0.1
Compare Source
Major Changes
-
Node.js 12 is not supported.
-
When using pnpm run <script>
, all command line arguments after the script name are now passed to the script's argv, even --
.
For example, the command below will now pass --hello -- world
to the echo
script's argv:
pnpm run echo --hello -- world
Previously, flagged arguments (e.g. --silent
) were interpreted as pnpm arguments unless --
came before it.
If you want to pass options to pnpm, place them before the script name. For instance:
pnpm --workspace-root --silent run echo --hello -- world
Read more details about this in our docs.
Related PR: #4290
-
The root package is excluded by default, when running pnpm -r exec|run|add
#2769.
-
Filtering by path is done by globs.
In pnpm v6, in order to pick packages under a certain directory, the following filter was used: --filter=./apps
In pnpm v7, a glob should be used: --filter=./apps/**
For easier upgrade, we have also added a setting to turn back filtering as it was in v6. Just set legacy-dir-filtering=true
in .npmrc
.
-
The NODE_PATH
env variable is not set in the command shims (the files in node_modules/.bin
). This env variable was really long and frequently caused errors on Windows.
Also, the extend-node-path
setting is removed.
Related PR: #4253
-
The embed-readme
setting is false
by default.
-
Side effects cache is turned on by default. To turn it off, use side-effects-cache=false
.
-
The npm_config_argv
env variable is not set for scripts #4153.
-
pnpx
is now just an alias of pnpm dlx
.
If you want to just execute the command of a dependency, run pnpm <cmd>
. For instance, pnpm eslint
.
If you want to install and execute, use pnpm dlx <pkg name>
.
-
pnpm install -g pkg
will add the global command only to a predefined location. pnpm will not try to add a bin to the global Node.js or npm folder. To set the global bin directory, either set the PNPM_HOME
env variable or the global-bin-dir
setting.
-
pnpm pack
should only pack a file as an executable if it's a bin or listed in the publishConfig.executableFiles
array.
-
-W
is not an alias of --ignore-workspace-root-check
anymore. Just use -w
or --workspace-root
instead, which will also allow to install dependencies in the root of the workspace.
-
Allow to execute a lifecycle script in a directory that doesn't match the package's name. Previously this was only allowed with the --unsafe-perm
CLI option #3709.
-
Local dependencies referenced through the file:
protocol are hard linked (not symlinked) #4408. If you need to symlink a dependency, use the link:
protocol instead.
-
strict-peer-dependencies
is true
by default #4427.
-
A prerelease version is always added as an exact version to package.json
. If the next
version of foo
is 1.0.0-beta.1
then running pnpm add foo@next
will add this to package.json
:
{
"dependencies": {
"foo": "1.0.0-beta.1"
}
}
PR: #4435
-
Dependencies of the root workspace project are not used to resolve peer dependencies of other workspace projects #4469.
-
Don't hoist types by default to the root of node_modules
#4459.
-
Any package with "prettier" in its name is hoisted.
-
Changed the location of the global store from ~/.pnpm-store
to <pnpm home directory>/store
On Linux, by default it will be ~/.local/share/pnpm/store
On Windows: %LOCALAPPDATA%/pnpm/store
On macOS: ~/Library/pnpm/store
Related issue: #2574
-
4bed585
: The next deprecated settings were removed:
- frozen-shrinkwrap
- prefer-frozen-shrinkwrap
- shared-workspace-shrinkwrap
- shrinkwrap-directory
- lockfile-directory
- shrinkwrap-only
- store
-
Use a base32 hash instead of a hex to encode too long dependency paths inside node_modules/.pnpm
#4552.
-
New setting added: git-shallow-hosts
. When cloning repositories from "shallow-hosts", pnpm will use shallow cloning to fetch only the needed commit, not all the history #4548.
-
Lockfile version bumped to v5.4.
-
Exit with an error when running pnpm install
in a directory that has no package.json
file in it (and in parent directories) #4609.
Our Sponsors
#### What's Changed
* feat!: breaking config changes for v7 by @zkochan in https://github.com/pnpm/pnpm/pull/4253
* feat(pack)!: limit what files are packed as executables by @zkochan in https://github.com/pnpm/pnpm/pull/4266
* feat!: pnpx is an alias of pnpm dlx by @zkochan in https://github.com/pnpm/pnpm/pull/4267
* feat: run scripts without -- by @gluxon in https://github.com/pnpm/pnpm/pull/4290
* fix: revert backwards compatible handling of -- for run by @gluxon in https://github.com/pnpm/pnpm/pull/4291
* feat!: global bins should be created only in predefined locations by @zkochan in https://github.com/pnpm/pnpm/pull/4280
* ci: use pnpm v7 by @zkochan in https://github.com/pnpm/pnpm/pull/4307
* feat!: remove -W option by @zkochan in https://github.com/pnpm/pnpm/pull/4308
* test(audit): fix for 2022-02-15 by @gluxon in https://github.com/pnpm/pnpm/pull/4340
* feat: -F is a short alias of --filter by @zkochan in https://github.com/pnpm/pnpm/pull/4342
* feat: onlyBuiltDependencies by @zkochan in https://github.com/pnpm/pnpm/pull/4014
* fix(make-dedicated-lockfile): don't re-resolve dependency versions in dedicated lockfile by @David-Collins in https://github.com/pnpm/pnpm/pull/4350
* test(audit): mock responses from audit endpoint by @zkochan in https://github.com/pnpm/pnpm/pull/4354
* fix: bad packageManager field by @Jack-Works in https://github.com/pnpm/pnpm/pull/4356
* feat: use the versions from overrides when adding deps without specs by @zkochan in https://github.com/pnpm/pnpm/pull/4355
* chore: document the interface of command packages by @illright in https://github.com/pnpm/pnpm/pull/3828
* fix: print an info message when NODE_ENV is set to production by @zkochan in https://github.com/pnpm/pnpm/pull/4362
* test: ignore override if a version is specified at install by @nikoladev in https://github.com/pnpm/pnpm/pull/4366
* fix: ignore case, when verifying package name in the store by @zkochan in https://github.com/pnpm/pnpm/pull/4368
* fix: peerDependencyRules with * as range by @zkochan in https://github.com/pnpm/pnpm/pull/4370
* feat: run scripts without --unsafe-perm by @zkochan in https://github.com/pnpm/pnpm/pull/4369
* chore(github): add welcome bot app by @BlackHole1 in https://github.com/pnpm/pnpm/pull/4373
* fix: onlyBuiltDependencies should work by @zkochan in https://github.com/pnpm/pnpm/pull/4377
* fix: pnpm i should work on virtual drives by @kazuare in https://github.com/pnpm/pnpm/pull/4386
* fix: throw a meaningful error message on broken lockfile by @zkochan in https://github.com/pnpm/pnpm/pull/4387
* fix: don't write data from the lockfile to the global store by @zkochan in https://github.com/pnpm/pnpm/pull/4395
* fix(resolve-dependencies): a sequence of injected deps via the file protocol by @zkochan in https://github.com/pnpm/pnpm/pull/4415
* feat: the file protocol should always inject the dependency by @zkochan in https://github.com/pnpm/pnpm/pull/4408
* feat: add own implementation of the init command by @zkochan in https://github.com/pnpm/pnpm/pull/4422
* feat: strict-peer-dependencies is true by default by @zkochan in https://github.com/pnpm/pnpm/pull/4427
* feat: respect the npmrc by @Spencer17x in https://github.com/pnpm/pnpm/pull/4425
* feat: a prerelease version is always saved as an exact version by @zkochan in https://github.com/pnpm/pnpm/pull/4435
* feat: prevent deep imports using exports by @zkochan in https://github.com/pnpm/pnpm/pull/4440
* fix: use `@pnpm/graph-sequencer` instead of `graph-sequencer` by @zkochan in https://github.com/pnpm/pnpm/pull/4458
* fix: fetch should allow the same options as install by @zkochan in https://github.com/pnpm/pnpm/pull/4460
* fix: typo by @HomyeeKing in https://github.com/pnpm/pnpm/pull/4462
* fix(lockfile-utils): checking dependenciesMeta by @zkochan in https://github.com/pnpm/pnpm/pull/4463
* fix: types should not be hoisted to the root of node_modules by @zkochan in https://github.com/pnpm/pnpm/pull/4459
* chore: replace deprecated String.prototype.substr() by @CommanderRoot in https://github.com/pnpm/pnpm/pull/4479
* Chore/friendly git error by @lawvs in https://github.com/pnpm/pnpm/pull/4488
* fix: handle undefined version spec by @tmkx in https://github.com/pnpm/pnpm/pull/4487
* lint: remove duplicate code by @milahu in https://github.com/pnpm/pnpm/pull/4496
* fix: typo by @HomyeeKing in https://github.com/pnpm/pnpm/pull/4499
* feat: don't resolve peer dependencies from workspace root by @zkochan in https://github.com/pnpm/pnpm/pull/4469
* chore: fix typo by @sudongyuer in https://github.com/pnpm/pnpm/pull/4516
* fix: set root by @HomyeeKing in https://github.com/pnpm/pnpm/pull/4515
* fix(cmd-shim): extend NODE_PATH with path to hidden hoisted dir by @zkochan in https://github.com/pnpm/pnpm/pull/4513
* chore: public-hoist-pattern prettier config by @fupengl in https://github.com/pnpm/pnpm/pull/3954
* feat: remove deprecated settings by @zkochan in https://github.com/pnpm/pnpm/pull/4519
* feat: the global store location should be inside the pnpm home directory by @zkochan in https://github.com/pnpm/pnpm/pull/4522
* fix: the file protocol should link all files by default by @zkochan in https://github.com/pnpm/pnpm/pull/4532
* fix: dependenciesMeta should be saved into the lockfile by @zkochan in https://github.com/pnpm/pnpm/pull/4538
* fix: resolve peers from linked in dependencies by @zkochan in https://github.com/pnpm/pnpm/pull/4541
* fix: peer dependency has workspace protocol by @zkochan in https://github.com/pnpm/pnpm/pull/4540
* feat: use a shorter hash for dep path by @zkochan in https://github.com/pnpm/pnpm/pull/4552
* feat(git-fetcher): shallow clone when fetching git resource by @kenrick95 in https://github.com/pnpm/pnpm/pull/4548
* style(*): remove duplicate declarations in TypeScript types by @dev-itsheng in https://github.com/pnpm/pnpm/pull/4570
* docs(*): fix problems with sample code in documentation by @dev-itsheng in https://github.com/pnpm/pnpm/pull/4572
* fix(exe): use the strict equality operator, and make `JSON.parse` execute correctly by @dev-itsheng in https://github.com/pnpm/pnpm/pull/4571
* Improve spnpm to use esbuild by @jondlm in https://github.com/pnpm/pnpm/pull/4574
* style(*): typo by @dev-itsheng in https://github.com/pnpm/pnpm/pull/4573
* fix(core): prevent duplication of peerDependencyRules in the lockfile by @kamsar in https://github.com/pnpm/pnpm/pull/4576
* fix: store integrity check when the lockfile is updated by @zkochan in https://github.com/pnpm/pnpm/pull/4580
* Fix `add` bug with overlapping workspace packages by @jondlm in https://github.com/pnpm/pnpm/pull/4575
* fix(exec): commands of workspace project should be in PATH by @zkochan in https://github.com/pnpm/pnpm/pull/4583
* fix(default-reporter): use loglevel to filter deprecation warnings (#4343) by @milahu in https://github.com/pnpm/pnpm/pull/4507
* fix: an edge case with peer resolutions and circular deps by @zkochan in https://github.com/pnpm/pnpm/pull/4588
* feat: shrink path to the global directory (to reduce chance of too long names on Windows) by @zkochan in https://github.com/pnpm/pnpm/pull/4591
* fix(filter-workspace-packages): filter not working if the path contains Korean characters by @WhiteKiwi in https://github.com/pnpm/pnpm/pull/4595
* chore: Set permissions for GitHub actions by @neilnaveen in https://github.com/pnpm/pnpm/pull/4607
* fix: only `pnpm install` should fail on peer dep issues by @zkochan in https://github.com/pnpm/pnpm/pull/4596
* feat: add legacy-dir-filtering by @zkochan in https://github.com/pnpm/pnpm/pull/4610
* fix(init): don't fail if a parent dir has a package.json by @zkochan in https://github.com/pnpm/pnpm/pull/4615
* fix: dlx should work without a configured global directory by @zkochan in https://github.com/pnpm/pnpm/pull/4612
* fix(install): exit with an error when no package.json is found by @zkochan in https://github.com/pnpm/pnpm/pull/4614
* fix: a file dep has a file dep by @zkochan in https://github.com/pnpm/pnpm/pull/4618
* fix: publish in workspace by @zkochan in https://github.com/pnpm/pnpm/pull/4627
* fix: don't fail when moving packages to node_modules/.ignored by @zkochan in https://github.com/pnpm/pnpm/pull/4626
* fix: global linking by @zkochan in https://github.com/pnpm/pnpm/pull/4641
* fix(exportable-manifest, types): add typesVersions field to PUBLISH_CONFIG_WHITELIST by @WhiteKiwi in https://github.com/pnpm/pnpm/pull/4637
#### New Contributors
* @Jack-Works made their first contribution in https://github.com/pnpm/pnpm/pull/4356
* @kazuare made their first contribution in https://github.com/pnpm/pnpm/pull/4386
* @Spencer17x made their first contribution in https://github.com/pnpm/pnpm/pull/4425
* @HomyeeKing made their first contribution in https://github.com/pnpm/pnpm/pull/4462
* @CommanderRoot made their first contribution in https://github.com/pnpm/pnpm/pull/4479
* @lawvs made their first contribution in https://github.com/pnpm/pnpm/pull/4488
* @tmkx made their first contribution in https://github.com/pnpm/pnpm/pull/4487
* @sudongyuer made their first contribution in https://github.com/pnpm/pnpm/pull/4516
* @fupengl made their first contribution in https://github.com/pnpm/pnpm/pull/3954
* @dev-itsheng made their first contribution in https://github.com/pnpm/pnpm/pull/4570
* @jondlm made their first contribution in https://github.com/pnpm/pnpm/pull/4574
* @kamsar made their first contribution in https://github.com/pnpm/pnpm/pull/4576
* @WhiteKiwi made their first contribution in https://github.com/pnpm/pnpm/pull/4595
* @neilnaveen made their first contribution in https://github.com/pnpm/pnpm/pull/4607
Full Changelog: https://github.com/pnpm/pnpm/compare/v6.31.0...v7.0.0
Compare Source
Patch Changes
- Use Yarn's compatibility database to patch broken packages in the ecosystem with package extensions.
pnpm dlx
should work when the bin name of the executed package isn't the same as the package name #4672.
pnpm prune
works in a workspace #4647.
pnpm prune
does not remove hoisted dependencies.
pnpm dlx
should print messages about installation to stderr #1698.
Compare Source
Patch Changes
pnpm publish
should work correctly in a workspace, when the latest npm CLI is installed #4348.
- Installation shouldn't fail when a package from node_modules is moved to the
node_modules/.ignored
subfolder and a package with that name is already present in `node_modules/.ignored' #4626.
Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.10...v6.32.11
Compare Source
Patch Changes
- It should be possible to use a chain of local file dependencies #4611.
- Filtering by directory should work with directories that have unicode chars in the name #4595.
Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.9...v6.32.10
Compare Source
Patch Changes
-
Fix an error with peer resolutions, which was happening when there was a circular dependency and another dependency that had the name of the circular dependency as a substring.
-
When pnpm exec
is running a command in a workspace project, the commands that are in the dependencies of that workspace project should be in the PATH #4481.
-
Hide "WARN deprecated" messages on loglevel error #4507
Don't show the progress bar when loglevel is set to warn or error.
Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.8...v6.32.9
Compare Source
Patch Changes
- Don't check the integrity of the store with the package version from the lockfile, when the package was updated #4580.
- Don't update a direct dependency that has the same name as a dependency in the workspace, when adding a new dependency to a workspace project #4575.
Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.7...v6.32.8
Compare Source
Patch Changes
- Setting the
auto-install-peers
to true
should work.
Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.6...v6.32.7
Compare Source
Patch Changes
- Linked in dependencies should be considered when resolving peer dependencies #4541.
- Peer dependency should be correctly resolved from the workspace, when it is declared using a workspace protocol #4529.
Full Changelog: https://github.com/pnpm/pnpm/compare/v6.32.5...v6.32.6
Compare Source
Compare Source
Patch Changes
- Show a friendly error message when it is impossible to get the current Git branch name during publish #4488.
- When checking if the lockfile is up-to-date, an empty
dependenciesMeta
field in the manifest should be satisfied by a not set field in the lockfile #4463.
- It should be possible to reference a workspace project that has no version specified in its
package.json
#4487.
Compare Source
Patch Changes
-
4941f31
: The location of an injected directory dependency should be correctly located, when there is a chain of local dependencies (declared via the file:
protocol`).
The next scenario was not working prior to the fix. There are 3 projects in the same folder: foo, bar, qar.
foo/package.json
:
{
"name": "foo",
"dependencies": {
"bar": "file:../bar"
},
"dependenciesMeta": {
"bar": {
"injected": true
}
}
}
bar/package.json
:
{
"name": "bar",
"dependencies": {
"qar": "file:../qar"
},
"dependenciesMeta": {
"qar": {
"injected": true
}
}
}
qar/package.json
:
{
"name": "qar"
}
Related PR: #4415.
Compare Source
Patch Changes
- In order to guarantee that only correct data is written to the store, data from the lockfile should not be written to the store. Only data directly from the package tarball or package metadata #4395.
- Throw a meaningful error message on
pnpm install
when the lockfile is broken and node-linker
is set to hoisted
#4387.
Compare Source
Patch Changes
onlyBuiltDependencies
should work #4377. The new onlyBuiltDependencies
feature was released with a bug in v6.32.0, so it didn't work.
Compare Source
Minor Changes
-
A new setting is supported in the pnpm
section of the package.json
file #4001. onlyBuiltDependencies
is an array of package names that are allowed to be executed during installation. If this field exists, only mentioned packages will be able to run install scripts.
{
"pnpm": {
"onlyBuiltDependencies": ["fsevents"]
}
}
-
-F
is a short alias of --filter
#3467.
-
When adding a new dependency, use the version specifier from the overrides, when present #4313.
Normally, if the latest version of foo
is 2.0.0
, then pnpm add foo
installs foo@^2.0.0
. This behavior changes if foo
is specified in an override:
{
"pnpm": {
"overrides": {
"foo": "1.0.0"
}
}
}
In this case, pnpm add foo
will add [email protected]
to the dependency. However, if a version is explicitly specifying, then the specified version will be used and the override will be ignored. So pnpm add foo@0
will install v0 and it doesn't matter what is in the overrides.
Patch Changes
- Ignore case, when verifying package name in the store #4367.
- When a peer dependency range is extended with
*
, just replace any range with *
.
- When some dependency types are skipped, let the user know via the installation summary.
Full Changelog: https://github.com/pnpm/pnpm/compare/v6.31.0...v6.32.0
Compare Source
Minor Changes
-
Added --shell-mode
/-c
option support to pnpm exec
#4328
Usage example:
pnpm -r --shell-mode exec -- echo \"\$PNPM_PACKAGE_NAME\"
pnpm -r -c exec -- echo \"\$PNPM_PACKAGE_NAME\"
{
"scripts": {
"check": " pnpm -r --shell-mode exec -- echo \"\\$PNPM_PACKAGE_NAME\""
}
}
Patch Changes
- Remove meaningless keys from
publishConfig
when the pack
or publish
commands are used #4311
- The
pnpx
, pnpm dlx
, pnpm create
, and pnpm exec
commands should set the npm_config_user_agent
env variable #3985.
What's Changed
New Contributors
Full Changelog: https://github.com/pnpm/pnpm/compare/v6.30.1...v6.31.0
Compare Source
Patch Changes
-
This fixes an issue introduced in pnpm v6.30.0.
When a package is not linked to node_modules
, no info message should be printed about it being "relinked" from the store #4314.
Compare Source
Minor Changes
- When checking that a package is linked from the store, check the existence of the package and read its stats with a single filesystem operation #4304.
Compare Source
Patch Changes
node_modules
directories inside injected dependencies should not be overwritten #4299.
Compare Source
Patch Changes
- Installation should not hang when there are broken symlinks in
node_modules
.
Compare Source
Minor Changes
- Add support of the
update-notifier
configuration option #4158.
Patch Changes
- A package should be able to be a dependency of itself.
Compare Source
Minor Changes
- New option added:
embed-readme
. When false
, pnpm publish
doesn't save the readme file's content to package.json
before publish #4265.
Patch Changes
pnpm exec
should look for the executed command in the node_modules/.bin
directory that is relative to the current working directory. Only after that should it look for the executable in the workspace root.
- Injected dependencies should work properly in projects that use the hoisted node linker #4259.
Compare Source
Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, click this checkbox.
This PR has been generated by WhiteSource Renovate. View repository job log here.