Allow preventing on installation of dependancy using overrides.

[kristian-puccio]

Contribution

• I'd be willing to implement this feature (contributing guide)

Describe the user story

I'm trying to fix an audit issue and would like to prevent a sub dependency from installing the package "request".

I've tried doing things like patching the package.json of the sub dependency to remove the problem package but it runs too late and the package has already been installed.

I've tried setting in the pnpm.overrides the package version to be either null or false but that causes pnpm i to fail.
I've also tried setting the version to 0.0.0 but pnpm complains and asks me to install a valid version.

Describe the solution you'd like

Allow using false as the version of the package in overrides to skip installing that dependancy.

"pnpm": {
"overrides": {
"request": false
}
}
}```

### Describe the drawbacks of your solution

You may get yourself in trouble if that package ends up being used, but you probably shouldn't mess with overrides unless you know what you are doing.

### Describe alternatives you've considered

null instead of false could work, I don't have an opinion either way.

[zkochan]

You can remove it using a read package hook in .pnpmfile.cjs: https://pnpm.io/pnpmfile#hooksreadpackagepkg-context-pkg--promisepkg

[kristian-puccio]

Nice thanks, would be easier to just do it in overrides but this works.
Shall I close the ticket?