Added support for excluding packages from trust policy and overriding the engines field on publish.

Added support for Node.js runtime installation for dependencies and a setting for configuring trust policy.

This release adds a --all flag for the pnpm help command to print all commands.

This release adds version-scoped controls to two settings: [onlyBuiltDependencies] and [minimumReleaseAgeExclude].

Minor Changes​

Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps. Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

Related PR: #10025.

Patch Changes​

• Retry filesystem operations on EAGAIN errors #9959.
• Outdated command respects minimumReleaseAge configuration #10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #8748.
• pnpm dlx should not fail when minimumReleaseAge is set #10037.

Minor Changes​

The minimumReleaseAgeExclude setting now supports patterns.

Minor Changes​

New setting for delayed dependency updates​

There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

Minor Changes​

New setting for catalogs​

Added the cleanupUnusedCatalogs configuration. When set to true, pnpm will remove unused catalog entries during installation #9793.

Added support for JavaScript runtime installation​

Declare Node.js, Deno, or Bun in devEngines.runtime (inside package.json) and let pnpm download and pin it automatically.

연말이네요. 힘든 한 해였습니다. 아실지 모르겠지만 저는 우크라이나에 살고 있고 러시아와의 전쟁 때문에 예전보다 프로젝트의 진행이 어려웠습니다. 하지만 pnpm에게는 좋은 한 해였습니다. 신규 유저와 기여자가 많이 생겼고 훌륭한 기능들을 많이 구현할 수 있었습니다.

(위 이미지는 Midjourney에 의해 생성되었습니다. 호랑이는 호랑이의 해를 의미합니다)