pnpm@8 8.15.7 (new formula)

[Pandoks]

Checklist:

• Have you followed the guidelines for contributing?
• Have you ensured that your commits follow the commit style guide?
• Have you checked that there aren't other open pull requests for the same formula update/change?
• Have you built your formula locally with HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>, where <formula> is the name of the formula you're submitting?
• Is your test running fine brew test <formula>, where <formula> is the name of the formula you're submitting?
• Does your build pass brew audit --strict <formula> (after doing HOMEBREW_NO_INSTALL_FROM_API=1 brew install --build-from-source <formula>)? If this is a new formula, does it pass brew audit --new <formula>?

Description:

• Adds versioning to pnpm similar to node (ie. node@20, node@18, etc)
• Adds only pnpm@8 as a keg_only formula
• Resolves Support shipping pnpm via brew with versioned installs pnpm/pnpm#6903

[github-actions]

Thanks for contributing to Homebrew! 🎉 It looks like you're having trouble with a CI failure. See our contribution guide for help. You may be most interested in the section on dealing with CI failures. You can find the CI logs in the Checks tab of your pull request.

[SMillerDev]

Please indicate how this would fill our criteria for versioned formulas (https://docs.brew.sh/Versions) and why we might want to ship an older version?

[Pandoks]

Criteria:

Versioned formulae should differ in major/minor (not patch) versions from the current stable release. This is because patch versions indicate bug or security updates, and we want to ensure you apply security updates.

The different versions of pnpm aren't just patches. They are major version releases.

Unstable versions (alpha, beta, development versions) are not acceptable for versioned (or unversioned) formulae.

These are not unstable versions.

Upstream should have a release branch for each formula version, and have an explicit policy of releasing security updates for each version when necessary.

pnpm v8 has it's own branch that is being regularly maintained. This is their security policy which also means that v7 will not be something that will be added to Homebrew.

Versioned formulae should share a codebase with the main formula. If the project is split into a different repository, we recommend creating a new formula (formula2 rather than formula@2 or formula@1).

Version 8 is a just a different branch from the main pnpm branch.

Formulae that depend on versioned formulae must not depend on the same formulae at two different versions twice in their recursive dependencies. For example, if you depend on openssl@1.0 and foo, and foo depends on openssl then you must instead use openssl.

Doesn't depend on versioned formulae

Versioned formulae should only be linkable at the same time as their non-versioned counterpart if the upstream project provides support for it.

Used keg_only :versioned_formula.

A keg_only :versioned_formula should not post_install anything in the HOMEBREW_PREFIX that conflicts with or duplicates the main counterpart (or other versioned formulae).

Doesn't have a post_install script.

Submitted versioned formulae should be expected to be used by a large number of people. If this ceases to be the case, they will be removed. We will aim not to remove those in the top 3,000 install_on_request formulae.

pnpm is currently being being downloaded by ~11.8 million on npm, and there are people still using pnpm v8 as it may be a dependency for their projects.

why we might want to ship an older version?

Lots of projects still rely on an older version of pnpm and there is no easy way to manage pnpm versions so far. The current solution is to use corepack. pnpm/pnpm#6903 does a good job explaining their use case for older versions of pnpm.

[SMillerDev]

Thanks for the explanation, is there any indication until when it is supported?

[Pandoks]

Thanks for the explanation, is there any indication until when it is supported?

when what is supported?

[SMillerDev]

when what is supported?

Until when this version of pnpm is supported

[Pandoks]

when what is supported?

Until when this version of pnpm is supported

This version of pnpm is supported (version 8). I mentioned that version 7 isn't supported because I said Will submit another pull request for pnpm@7 if pnpm@8 gets accepted in my pull request. (Removed now)

[SMillerDev]

This version of pnpm is supported (version 8). I mentioned that version 7 isn't supported because I said Will submit another pull request for pnpm@7 if pnpm@8 gets accepted in my pull request. (Removed now)

But in what term is version 8 supported? Until the inevitable heat death of the universe? Until next week?

[Pandoks]

This version of pnpm is supported (version 8). I mentioned that version 7 isn't supported because I said Will submit another pull request for pnpm@7 if pnpm@8 gets accepted in my pull request. (Removed now)

But in what term is version 8 supported? Until the inevitable heat death of the universe? Until next week?

1 year

[SMillerDev]

Could you add a disable! with a date when it stops being supported then

[Pandoks]

Got them to include the date on their policy page:
https://github.com/pnpm/pnpm/security/policy

[chenrui333]

@Pandoks, thanks for your first contribution to homebrew-core! 🎉 🥇

Without awesome contributors like you, it would be impossible to maintain Homebrew to the high level of quality users have come to expect. Thank you!!!!

[github-actions]

@chenrui333 has requested bottles to be published to this PR.