pnpm 10.23

Added --lockfile-only option to pnpm list and various improvements to pnpm self-update.

Minor Changes

pnpm list --lockfile-only

Added --lockfile-only option to pnpm list #10020.

When specified, pnpm list will read package information from the lockfile instead of checking the actual node_modules directory. This is useful for quickly inspecting what would be installed without requiring a full installation.

Patch Changes

• pnpm self-update should download pnpm from the configured npm registry #10205.
• pnpm self-update should always install the non-executable pnpm package (pnpm in the registry) and never the @pnpm/exe package, when installing v11 or newer. We currently cannot ship @pnpm/exe as pkg doesn't work with ESM #10190.
• Node.js runtime is not added to "dependencies" on pnpm add, if there's a engines.runtime setting declared in package.json #10209.
• The installation should fail if an optional dependency cannot be installed due to a trust policy check failure #10208.
• pnpm list and pnpm why now display npm: protocol for aliased packages (e.g., foo npm:is-odd@3.0.1) #8660.
• Don't add an extra slash to the Node.js mirror URL #10204.
• pnpm store prune should not fail if the store contains Node.js packages #10131.