Minor Changes​

Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps. Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

Related PR: #10025.

Patch Changes​

• Retry filesystem operations on EAGAIN errors #9959.
• Outdated command respects minimumReleaseAge configuration #10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #8748.
• pnpm dlx should not fail when minimumReleaseAge is set #10037.

Minor Changes​

The minimumReleaseAgeExclude setting now supports patterns.

Minor Changes​

New setting for delayed dependency updates​

There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

Minor Changes​

New setting for catalogs​

Added the cleanupUnusedCatalogs configuration. When set to true, pnpm will remove unused catalog entries during installation #9793.

Added support for JavaScript runtime installation​

Declare Node.js, Deno, or Bun in devEngines.runtime (inside package.json) and let pnpm download and pin it automatically.

It is the end of the year. A really hard year. As you may know, I live in Ukraine, so due to Russia's war against us, it was harder to lead this project than in previous years. Nevertheless, it was a good year for pnpm. We've got a lot of new users, contributors, and we have implemented many great features.

(the above illustration was generated by Midjourney. The tiger symolizes the year of the tiger)

Yılın sonuna geldik.. Ve, pnpm için iyi bir yıl oldu. Bakalım, nasıl geçti ?

node_modules dizini oluşturmanın birçok yolu vardır. Amacınız en kurallı olanı oluşturmak olmalıdır, ancak bu mümkün değilse, serbest bir node_modules yapmak için seçenekler de vardır.

Yeni pnpm kullanıcıları sık sık bana pnpm'in yarattığı node_modules'ün garip yapısını soruyor. Neden düz yapıda değil? Tüm alt bağımlılıklar nerede?