fix(manager/npm): use --config.ignore-scripts=true
for pnpm dedupe
#25210
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
pnpm dedupe
command to use--config.ignore-scripts=true
to circumvent potential issues brought about by having to determine thepnpm
version.Context
The initial strategy was to employ
semver.coerce
to manage version ranges when verifying thepnpm
version. The goal was to applypnpm dedupe --ignore-scripts
only forpnpm
versions8.8.0
and above, as lower versions would throw an error.However, a new approach was discovered which allows for script ignoring during deduplication in all
pnpm
versions by using the--config.ignore-scripts=true
flag with thepnpm dedupe
command.Not only does this prevent the aforementioned error in versions lower than
8.8.0
, but it also ensures consistent behavior across differentpnpm
versions regarding script execution during thepnpm dedupe
process.This approach eliminates the need for additional checks to determine the
pnpm
version, reducing the potential for other issues that might arise from unhandled special cases. The inspiration for this solution came from a comment on a relatedpnpm
GitHub issue.Relevant Issues:
I have tested the changes in a separate repository to ensure the fix works as expected. The test repository can be found here: Test Repository.
Please let me know if there are any additional changes needed or if there's anything else I can do to assist.
Documentation (please check one with an [x])
How I've tested my work (please select one)
I have verified these changes via: