This release adds a --all flag for the pnpm help command to print all commands.

This release adds version-scoped controls to two settings: [onlyBuiltDependencies] and [minimumReleaseAgeExclude].

Minor Changes​

Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps. Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

Related PR: #10025.

Patch Changes​

• Retry filesystem operations on EAGAIN errors #9959.
• Outdated command respects minimumReleaseAge configuration #10030.
• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.
• Don't fail with a meaningless error when scriptShell is set to false #8748.
• pnpm dlx should not fail when minimumReleaseAge is set #10037.

Minor Changes​

The minimumReleaseAgeExclude setting now supports patterns.

Minor Changes​

New setting for delayed dependency updates​

There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

Minor Changes​

New setting for catalogs​

Added the cleanupUnusedCatalogs configuration. When set to true, pnpm will remove unused catalog entries during installation #9793.

Added support for JavaScript runtime installation​

Declare Node.js, Deno, or Bun in devEngines.runtime (inside package.json) and let pnpm download and pin it automatically.

現在是年底了, 是一個艱難的一年 如你所知道的，我生活在烏克蘭，所以由於俄羅斯對我們的發起的戰爭，比起前些年使得這個項目更難被去領導。 儘管如此，對 pnpm 來說依然是一個好年頭。 我們新增了很多新用戶、貢獻者，而且我們也實現了很多很讚的功能。

(上圖由 Midjourney 生成。 老虎象徵虎年)

對pnpm來說好的一年已經到了尾聲，讓我來看一下我們的進展。

有很多方法可以創建 node_modules 目錄。 目標一定是創建最嚴格的 node_modules，但如果那不可能的話，也有選項讓您可以產生一個鬆散的 node_modules。