pnpm 10.0 RC 0
Pre-releaseMajor Changes
-
pnpm link
behavior updated:
Thepnpm link
command now adds overrides to the rootpackage.json
.- In a workspace: The override is added to the root of the workspace, linking the dependency to all projects in the workspace.
- Global linking: To link a package globally, run
pnpm link
from the package’s directory. Previously, you needed to usepnpm link -g
.
Related PR: #8653
-
Secure hashing with SHA256:
Various hashing algorithms have been updated to SHA256 for enhanced security and consistency:- Long paths inside
node_modules/.pnpm
are now hashed with SHA256. - Long peer dependency hashes in the lockfile now use SHA256 instead of MD5. (This affects very few users since these are only used for long keys.)
- The hash stored in the
packageExtensionsChecksum
field ofpnpm-lock.yaml
is now SHA256. - The side effects cache keys now use SHA256.
- The pnpmfile checksum in the lockfile now uses SHA256 (#8530).
- Long paths inside
-
packageManager
field support:
pnpm
now manages its own version based on thepackageManager
field inpackage.json
. To disable this behavior, setmanage-package-manager-versions
tofalse
. -
pnpm test
parameter forwarding:
pnpm test
now passes all parameters after thetest
keyword directly to the underlying script. This matches the behavior ofpnpm run test
. Previously you needed to use the--
prefix.
Related PR: #8619 -
Refined hoisting behavior:
Packages containingeslint
orprettier
in their name are no longer hoisted to the rootnode_modules
. The default value of thepublic-hoist-pattern
setting has changed.
Related Issue: #8378 -
Updated compatibility database:
Upgraded@yarnpkg/extensions
to v2.0.3. This may alter your lockfile. -
Improved store indexing:
Index files in the store now reference both the content hash and package identifier, allowing: -
More efficient side effects indexing:
The structure of index files in the store has changed. Side effects are now tracked more efficiently by listing only file differences rather than all files.
Related PR: #8636 -
Shorter default
virtual-store-dir-max-length
on Windows:
The defaultvirtual-store-dir-max-length
has been reduced to 60 characters on Windows. -
Escape
#
in virtual store directories:
The#
character is now escaped in directory names withinnode_modules/.pnpm
.
Related PR: #8557 -
Store version bump to v10:
The store layout has changed:- A new
index
directory stores package content mappings. - Previously, these files were in
files
. - The new store format includes a new structure for side-effects cache mappings.
- A new
-
Prevent global
pnpm
installation viapnpm add --global
:
Runningpnpm add --global pnpm
orpnpm add --global @pnpm/exe
now fails with an error message, directing you to usepnpm self-update
instead.
Related PR: #8728 -
URL dependencies recorded by final resolved URL:
Dependencies added via a URL now record the final resolved URL in the lockfile, ensuring that any redirects are fully captured.
Related Issue: #8833 -
pnpm deploy
restricted:
Thepnpm deploy
command now only works in workspaces that haveinject-workspace-packages=true
. -
Reduced environment variables for scripts:
During script execution, fewernpm_package_*
environment variables are set. Onlyname
,version
,bin
,engines
, andconfig
remain.
Related Issue: #8552 -
Lockfile conversion removal:
Removed conversion from lockfile v6 to v9. If you need v6-to-v9 conversion, use pnpm CLI v9. -
Install all dependencies regardless of
NODE_ENV
:
All dependencies are now installed even ifNODE_ENV=production
.
Related Issue: #8827
Minor Changes
-
New
verify-deps-before-run
setting:
This setting controls howpnpm
checksnode_modules
before running scripts:install
: Automatically runpnpm install
ifnode_modules
is outdated.warn
: Print a warning ifnode_modules
is outdated.prompt
: Prompt the user to confirm runningpnpm install
ifnode_modules
is outdated.error
: Throw an error ifnode_modules
is outdated.false
: Disable dependency checks.
Related Issue: #8585
-
New
inject-workspace-packages
setting:
Enables hard-linking all local workspace dependencies instead of symlinking them. Previously, this could be achieved usingdependenciesMeta[].injected
, which remains supported.
Related PR: #8836 -
Faster repeat installs:
On repeated installs,pnpm
performs a quick check to ensurenode_modules
is up to date.
Related PR: #8838 -
pnpm add
integrates with default workspace catalog:
When adding a dependency,pnpm add
checks the default workspace catalog. If the dependency and version requirement match the catalog,pnpm add
uses thecatalog:
protocol. Without a specified version, it matches the catalog’s version. If it doesn’t match, it falls back to standard behavior.
Related Issue: #8640
Patch Changes
-
Improved
dlx
command resolution:
pnpm dlx
now resolves packages to their exact versions and uses these exact versions for cache keys. This ensurespnpm dlx
always installs the latest requested packages.
Related PR: #8811 -
No
node_modules
validation on certain commands:
Commands that should not modifynode_modules
(e.g.,pnpm install --lockfile-only
) no longer validate or purgenode_modules
.
Related PR: #8657
Platinum Sponsors
Gold Sponsors
|
|
|
|
|
|