Added support for JavaScript runtime installation​

Declare Node.js, Deno, or Bun in devEngines.runtime (inside package.json) and let pnpm download and pin it automatically.

用法示例：

{
  "devEngines": {
    "runtime": {
      "name": "node",
      "version": "^24.4.0",
      "onFail": "download" // we only support the "download" value for now
    }
  }
}

How it works:

1. pnpm install resolves your specified range to the latest matching runtime version.
2. The exact version (and checksum) is saved in the lockfile.
3. Scripts use the local runtime, ensuring consistency across environments.

Why this is better:

1. This new setting supports also Deno and Bun (vs. our Node-only settings useNodeVersion and executionEnv.nodeVersion)
2. Supports version ranges (not just a fixed version).
3. The resolved version is stored in the pnpm lockfile, along with an integrity checksum for future validation of the Node.js content's validity.
4. It can be used on any workspace project (like executionEnv.nodeVersion). So, different projects in a workspace can use different runtimes.
5. For now devEngines.runtime setting will install the runtime locally, which we will improve in future versions of pnpm by using a shared location on the computer.

Related PR: #9755.

Other new features​

• Added --cpu, --libc, and --os to pnpm install, pnpm add, and pnpm dlx to customize supportedArchitectures via the CLI #7510.

Bug Fixes​

• Fix a bug in which pnpm add downloads packages whose libc differ from pnpm.supportedArchitectures.libc.
• The integrities of the downloaded Node.js artifacts are verified #9750.
• Allow dlx to parse CLI flags and options between the dlx command and the command to run or between the dlx command and -- #9719.
• pnpm install --prod should removing hoisted dev dependencies #9782.
• Fix an edge case bug causing local tarballs to not re-link into the virtual store. This bug would happen when changing the contents of the tarball without renaming the file and running a filtered install.
• Fix a bug causing pnpm install to incorrectly assume the lockfile is up to date after changing a local tarball that has peers dependencies.

又是一年年底。 真是艰难的一年。 你们应该知道，我住在乌克兰，由于俄罗斯对我们发动战争，指挥这个项目比往年都难。 尽管如此，今年对pnpm来说是很好的一年。 我们有了很多新用户、贡献者，并且我们实现了许多很棒的功能。

（上图由 Midjourney 生成。 这只老虎象征虎年）

现在是年底，对 pnpm 来说是个好年头，所以让我们看看它的进展情况。

创建node_modules目录结构有多种方式。 你一定想要创建最严格的结构，当然如果你当前的项目尚无法支持，你可以配置为不严格的。

Pnpm 的新用户们经常会问我关于 pnpm 创建的奇怪的 node_modules 结构。 为什么不是平铺的？ 次级依赖去哪了？