Fast, disk space efficient package manager
MIT License
Bot releases are hidden (Show)
dedupe-injected-deps
setting is true
by default.link-workspace-packages
setting changed from true
to false
. This means that by default, dependencies will be linked from workspace packages only when they are specified using the workspace protocol.~/Library
on macOS #7321.true
.Published by zkochan over 2 years ago
The root package is excluded by default, when running pnpm -r exec|run|add
#2769.
Filtering by path is done by globs.
In pnpm v6, in order to pick packages under a certain directory, the following filter was used: --filter=./apps
In pnpm v7, a glob should be used: --filter=./apps/**
The NODE_PATH
env variable is not set in the command shims (the files in node_modules/.bin
). This env variable was really long and frequently caused errors on Windows.
Also, the extend-node-path
setting is removed.
Related PR: #4253
The embed-readme
setting is false
by default.
When using pnpm run <script>
, all command line arguments after the script name are now passed to the script's argv, even --
. For example, pnpm run echo --hello -- world
will now pass --hello -- world
to the echo
script's argv. Previously flagged arguments (e.g. --silent
) were intepreted as pnpm arguments unless --
came before it.
Side effects cache is turned on by default. To turn it off, use side-effects-cache=false
.
The npm_config_argv
env variable is not set for scripts #4153.
pnpx
is now just an alias of pnpm dlx
.
If you want to just execute the command of a dependency, run pnpm <cmd>
. For instance, pnpm eslint
.
If you want to install and execute, use pnpm dlx <pkg name>
.
pnpm install -g pkg
will add the global command only to a predefined location. pnpm will not try to add a bin to the global Node.js or npm folder. To set the global bin directory, either set the PNPM_HOME
env variable or the global-bin-dir
setting.
pnpm pack
should only pack a file as an executable if it's a bin or listed in the publishConfig.executableFiles
array.
-W
is not an alias of --ignore-workspace-root-check
anymore. Just use -w
or --workspace-root
instead, which will also allow to install dependencies in the root of the workspace.
Full Changelog: https://github.com/pnpm/pnpm/compare/v6.31.0...v7.0.0-alpha.1
New command added: pnpm audit --fix
. This command adds overrides to package.json
that force versions of packages that do not have the vulnerabilities #3598.
Own implementation of pnpm pack
is added. It is not passed through to npm pack
anymore #3608.
When pnpm add pkg
is executed in a workspace and pkg
is already in the dependencies of one of the workspace projects, pnpm uses that already present version range to add the new dependency #3614.
New package.json
setting added: publishConfig.executableFiles
. By default, for portability reasons, no files except those listed in the bin field will be marked as executable in the resulting package archive. The executableFiles
field lets you declare additional fields that must have the executable flag (+x) set even if they aren't directly accessible through the bin field.
{
"publishConfig": {
"executableFiles": [
"./dist/shim.js",
]
}
}
--reporter append-only
is used.pnpm audit --fix
. This command adds overrides to package.json
that force versions of packages that do not have the vulnerabilities #3598.pnpm pack
is added. It is not passed through to npm pack
anymore #3608.pnpm add pkg
is executed in a workspace and pkg
is already in the dependencies of one of the workspace projects, pnpm uses that already present version range to add the new dependency #3614.--reporter append-only
is used.pnpm audit --fix
. This command adds overrides to package.json
that force versions of packages that do not have the vulnerabilities #3598.pnpm pack
is added. It is not passed through to npm pack
anymore #3608.pnpm add pkg
is executed in a workspace and pkg
is already in the dependencies of one of the workspace projects, pnpm uses that already present version range to add the new dependency #3614.--reporter append-only
is used.pnpm audit --fix
. This command adds overrides to package.json
that force versions of packages that do not have the vulnerabilities #3598.pnpm pack
is added. It is not passed through to npm pack
anymore #3608.pnpm add pkg
is executed in a workspace and pkg
is already in the dependencies of one of the workspace projects, pnpm uses that already present version range to add the new dependency #3614.--reporter append-only
is used.pnpm audit --fix
. This command adds overrides to package.json
that force versions of packages that do not have the vulnerabilities #3598.pnpm pack
is added. It is not passed through to npm pack
anymore #3608.pnpm add pkg
is executed in a workspace and pkg
is already in the dependencies of one of the workspace projects, pnpm uses that already present version range to add the new dependency #3614.--reporter append-only
is used.pnpm exec
should work outside of Node.js projects #3597.>
.pnpm store path
#3571.cache-dir
. cache-dir
is the location of the package metadata cache. Previously this cache was stored in the store directory. By default, the cache directory is created in the XDG_CACHE_HOME
directory #3578.state-dir
. state-dir
is the directory where pnpm creates the pnpm-state.json
file that is currently used only by the update checker. By default, the state directory is created in the XDG_STATE_HOME
directory #3580.workspace-concurrency
is based on CPU cores amount, when set to 0 or a negative number. The concurrency limit is set as max((amount of cores) - abs(workspace-concurrency), 1)
#3574.A new optional field added to the pnpm
section of package.json
: packageExtensions
. The packageExtensions
fields offer a way to extend the existing package definitions with additional information. For example, if react-redux
should have react-dom
in its peerDependencies
but it has not, it is possible to patch react-redux
using packageExtensions
:
{
"pnpm": {
"packageExtensions": {
"react-redux": {
"peerDependencies": {
"react-dom": "*"
}
}
}
}
}
The keys in packageExtensions
are package names or package names and semver ranges, to it is possible to patch only some versions of a package:
{
"pnpm": {
"packageExtensions": {
"react-redux@1": {
"peerDependencies": {
"react-dom": "*"
}
}
}
}
}
The following fields may be extended using packageExtensions
: dependencies
, optionalDependencies
, peerDependencies
, and peerDependenciesMeta
.
A bigger example:
{
"pnpm": {
"packageExtensions": {
"express@1": {
"optionalDependencies": {
"typescript": "2"
}
},
"fork-ts-checker-webpack-plugin": {
"dependencies": {
"@babel/core": "1"
},
"peerDependencies": {
"eslint": ">= 6"
},
"peerDependenciesMeta": {
"eslint": {
"optional": true
}
}
}
}
}
}
use-beta-cli
is true
, filtering by directories supports globs #3521.pnpm remove
and pnpm update
commands do not fail when the dev
, production
, or optional
settings are set.pnpm exec
should run the command in the right directory, when executed inside a workspace #3514..npmrc
file from the root of the workspace to npm #3511.publishConfig.directory
field in package.json
#3490.--
, when using the exec command. So just pnpm exec rm -rf dir
instead of pnpm exec -- rm -rf dir
#3492.pnpm audit
supports a new option: --ignore-registry-errors
. pnpm audit --ignore-registry-errors
exits with exit code 0, when the registry responds with a non-200 status code #3472.