pnpm 10.27
pnpm 10.27 adds a new setting to ignore trust policy checks for older package versions, introduces a project registry for global virtual store pruning, and includes several bug fixes.
Незначні зміни
trustPolicyIgnoreAfter
Adding trustPolicyIgnoreAfter allows you to ignore trust policy checks for packages published more than a specified time ago #10352.
Global Virtual Store Improvements
Added project registry for global virtual store prune support.
Projects using the store are now registered via symlinks in {storeDir}/v10/projects/. This enables pnpm store prune to track which packages are still in use by active projects and safely remove unused packages from the global virtual store.
Semi-breaking. Changed the location of unscoped packages in the virtual global store. They will now be stored under a directory named @ to maintain a uniform 4-level directory depth.
Added mark-and-sweep garbage collection for global virtual store.
pnpm store prune now removes unused packages from the global virtual store's links/ directory. The algorithm:
- Scans all registered projects for symlinks pointing to the store
- Walks transitive dependencies to mark reachable packages
- Removes any package directories not marked as reachable
This includes support for workspace monorepos - all node_modules directories within a project (including those in workspace packages) are scanned.
Зміни в патчах
- Throw an error if the value of the
tokenHelperor<url>:tokenHelpersetting contains an environment variable. - Git dependencies with build scripts should respect the
dangerouslyAllowAllBuildssettings #10376. - Skip the package manager check when running with --global and a project packageManager is configured, and warn that the check is skipped.
pnpm store pruneshould not fail if the dlx cache directory has files, not only directories #10384- Fixed a bug (#9759) where
pnpm addwould incorrectly modify a catalog entry inpnpm-workspace.yamlto its exact version.