Added support for JavaScript runtime installation​

Declare Node.js, Deno, or Bun in devEngines.runtime (inside package.json) and let pnpm download and pin it automatically.

使用範例：

{
  "devEngines": {
    "runtime": {
      "name": "node",
      "version": "^24.4.0",
      "onFail": "download" // we only support the "download" value for now
    }
  }
}

How it works:

1. pnpm install resolves your specified range to the latest matching runtime version.
2. The exact version (and checksum) is saved in the lockfile.
3. Scripts use the local runtime, ensuring consistency across environments.

Why this is better:

1. This new setting supports also Deno and Bun (vs. our Node-only settings useNodeVersion and executionEnv.nodeVersion)
2. Supports version ranges (not just a fixed version).
3. The resolved version is stored in the pnpm lockfile, along with an integrity checksum for future validation of the Node.js content's validity.
4. It can be used on any workspace project (like executionEnv.nodeVersion). So, different projects in a workspace can use different runtimes.
5. For now devEngines.runtime setting will install the runtime locally, which we will improve in future versions of pnpm by using a shared location on the computer.

Related PR: #9755.

Other new features​

• Added --cpu, --libc, and --os to pnpm install, pnpm add, and pnpm dlx to customize supportedArchitectures via the CLI #7510.

Bug Fixes​

• Fix a bug in which pnpm add downloads packages whose libc differ from pnpm.supportedArchitectures.libc.
• The integrities of the downloaded Node.js artifacts are verified #9750.
• Allow dlx to parse CLI flags and options between the dlx command and the command to run or between the dlx command and -- #9719.
• pnpm install --prod should removing hoisted dev dependencies #9782.
• Fix an edge case bug causing local tarballs to not re-link into the virtual store. This bug would happen when changing the contents of the tarball without renaming the file and running a filtered install.
• Fix a bug causing pnpm install to incorrectly assume the lockfile is up to date after changing a local tarball that has peers dependencies.

It is the end of the year. 是一個艱難的一年 如你所知道的，我生活在烏克蘭，所以由於俄羅斯對我們的發起的戰爭，比起前些年使得這個項目更難被去領導。 儘管如此，對 pnpm 來說依然是一個好年頭。 我們新增了很多新用戶、貢獻者，而且我們也實現了很多很讚的功能。

(the above illustration was generated by Midjourney. The tiger symolizes the year of the tiger)

對pnpm來說好的一年已經到了尾聲，讓我來看一下我們的進展。

有很多方法可以創建 node_modules 目錄。 目標一定是創建最嚴格的 node_modules，但如果那不可能的話，也有選項讓您可以產生一個鬆散的 node_modules。

新使用者經常問我關於 pnpm 生成出來的奇怪 node_modules 資料夾結構。 為什麼它不是扁平化的？ 而且全部的子依賴套件跑去哪了？