pnpm

This major release enforces Node.js 22+ compatibility, transitions pnpm to pure ESM, and significantly enhances security by enabling supply-chain protection defaults. It also overhauls configuration handling, moving most settings out of .npmrc, and introduces a new SQLite-backed store index for faster installations.

This release introduces major architectural changes, including migrating the package index store to SQLite and isolating global package installations for better stability. Configuration handling has been significantly updated, moving most settings away from .npmrc files to pnpm-workspace.yaml and standardizing CLI output formats.

This release introduces major architectural changes focused on performance and security, including migrating the store index to SQLite, isolating global packages, and hardening configuration loading by deprecating reliance on `.npmrc` for non-auth settings. CLI output has also been cleaned up.

This release introduces significant performance improvements via a new SQLite-backed store index and isolated global package installations. It also cleans up CLI output, updates configuration handling (especially around build dependencies and workspace configs), and drops support for older Node.js versions.

This release introduces major architectural changes, including migrating the content-addressable store index to SQLite (Store v11) and isolating global package installations for better stability. Configuration handling has been significantly overhauled, moving project-specific settings from `.npmrc` to `pnpm-workspace.yaml` and changing CLI output formats.

This release introduces significant internal changes, including a new SQLite-based store index format (Store v11) and isolated global package installations for better stability. Configuration handling has been overhauled, moving away from rc files and standardizing CLI output formats to

This major release introduces significant architectural changes to the content-addressable store using SQLite and optimizes metadata storage, alongside isolating global package installations for better stability. Configuration handling has been overhauled, moving away from rc files and project-specific .npmrcs in favor of centralized workspace configuration.

This release introduces the `dedupePeers` setting to significantly reduce peer dependency duplication and includes numerous fixes for concurrent operations, Windows command execution, and lockfile handling.

This major release introduces significant architectural changes to the content-addressable store using SQLite and optimizes metadata storage, alongside isolating global package installations for better stability. Many deprecated configuration options and commands have been removed, and pnpm is now pure ESM.

This major release introduces significant architectural changes to the content-addressable store using SQLite and optimizes metadata storage, while isolating global package installations for better stability. Configuration handling has been overhauled, moving project-specific settings out of `.npmrc` and standardizing CLI output formats.

This major release introduces significant performance improvements via a new SQLite-backed content-addressable store index and isolates global package installations. Configuration handling has been overhauled, moving project-specific settings from `.npmrc` to `pnpm-workspace.yaml` and standardizing CLI output formats.

This release introduces major architectural changes to the pnpm store, moving to SQLite for metadata indexing and isolating global package installations for better stability. Configuration commands and build dependency handling have also been significantly overhauled, and support for older Node.js versions has been dropped.

This release introduces major architectural changes to the pnpm store, moving to SQLite for indexing and isolating global packages for better stability. Configuration handling has been significantly overhauled, moving away from rc files and standardizing output formats.

This patch release fixes a regression related to how pnpm handles `pnpm-workspace.yaml` files that omit the `packages` field, ensuring configuration-only files do not incorrectly define workspace roots.

This release introduces major architectural changes to the content-addressable store using SQLite and optimizes metadata storage, alongside isolating global package installations for better stability. Configuration handling has been significantly overhauled, moving settings out of rc files and standardizing output formats.

This release introduces the --all flag for approving builds non-interactively and reverts two recent changes that caused regressions, including one related to npm config file path setting and another concerning lockfile-include-tarball-url.

This patch release improves configuration preservation in pnpm-workspace.yaml, fixes several critical bugs related to linking, race conditions during store imports, and patch operations, and adds a short alias for the --filter option.

This release introduces major architectural changes to the pnpm store, moving to SQLite for metadata indexing and isolating global package installations for improved stability. Configuration handling has been significantly overhauled, favoring JSON output and consolidating workspace settings into `pnpm-workspace.yaml`.

This release introduces major architectural changes focused on performance and isolation, including switching internal store formats to MessagePack, isolating global packages, and updating configuration handling. Several deprecated features and configuration options related to build dependencies and linking have been removed.

This patch release fixes an issue where version switching failed when pnpm was installed as a standalone executable without a system Node.js environment.

This release introduces major performance improvements across the store by switching to MessagePack and optimizing index formats, alongside significant changes to configuration loading, moving away from INI/rc files towards YAML for pnpm-specific settings. Many deprecated configuration options and commands have been removed, and the package is now pure ESM.

This patch release fixes an issue where auto-installed peer dependencies ignored overrides and resolves an input line length error on Windows when using the global virtual store. It also includes a dependency update to patch a moderate vulnerability.

This release introduces major performance improvements by switching internal store formats to MessagePack and optimizing index storage. Configuration handling has been significantly overhauled, moving away from rc files and standardizing on YAML for pnpm-specific settings, alongside dropping support for older Node.js versions.

This patch release updates the primary endpoint used for fetching security audits to improve reliability.

This release updates pnpm why to display a reverse dependency tree for better readability and reverts a dependency pruning change in pnpm why to ensure correctness. Performance for pnpm why and pnpm list in large workspaces has also been improved.

This major release introduces significant performance improvements by switching internal store formats to MessagePack and optimizing index storage. It also brings substantial changes to configuration handling, replacing INI formats with JSON for config commands and standardizing workspace configuration via `pnpm-workspace.yaml`.

This major release introduces significant performance improvements by switching internal store formats to MessagePack and optimizing index storage. Configuration handling has been overhauled, moving project-specific settings out of .npmrc files into pnpm-workspace.yaml and changing CLI output formats.

This patch release resolves several bugs, including an out-of-memory error in dependency listing commands and issues with configuration settings in `.pnpmfile.cjs` and `pnpm dlx`. Additionally, `pnpm deploy` behavior is corrected regarding the global virtual store setting.

This patch release reverts a previous fix (from v10.29.1) that was causing issues, restoring functionality for 'pnpm run -r' when an empty workspace file is present.

This release introduces support for the `catalog:` protocol in `pnpx` and allows configuring `auditLevel` in `pnpm-workspace.yaml`. Numerous bug fixes address issues related to JSON output, store path resolution, audit command behavior, and dependency handling.

This release introduces support for the `catalog:` protocol in `pnpx` and allows configuring `auditLevel` in `pnpm-workspace.yaml`. Numerous bugs were fixed, including issues related to JSON output, store path resolution, audit command behavior, and dependency hoisting configuration.

This patch release focuses on security improvements by preventing path traversal in `directories.bin` and securing symlink handling for local dependencies. It also fixes an issue related to optional dependency metadata fetching for platform checks.

This patch release focuses heavily on security by fixing multiple path traversal vulnerabilities in ZIP and binary fetching, and improves dependency resolution by supporting plain HTTP/HTTPS git URLs. It also adjusts the exit code behavior for filtered script execution.

This release introduces significant configuration restructuring, replacing project-specific .npmrc files with packageConfigs in pnpm-workspace.yaml and restricting configuration loading from rc files. It also updates default behaviors, removes deprecated build dependency settings, and shifts the runtime environment to a bundled Node.js version.

This release adds trust‑policy ignore options, project registry and mark‑and‑sweep pruning for the global virtual store, and includes several bug fixes, with a semi‑breaking change to unscoped package storage layout.

This patch release improves error messages, fixes Git annotated‑tag handling, writes runtime binaries earlier in the install lifecycle, and reduces network calls when `preferOffline` is used.

Patch release fixing pnpm add behavior with blockExoticSubdeps and improving git reference resolution to full commits.

pnpm 9.x introduces pure ESM packaging, a bundled Node runtime, JSON‑based config output, camelCase keys, and V8‑binary store, while dropping Node 18/19 support and changing several CLI behaviours.

This release adds supply‑chain security features like `blockExoticSubdeps` and integrity hashing, introduces the unified `allowBuilds` config, and brings several usability improvements such as `--dry‑run` for `pack` and better deprecation displays.

This release adds certificate loading via `cert`, `ca`, and `key` fields and a `--bare` flag for `pnpm init`, plus several bug fixes around script reporting, build handling, forced publishing, and trust‑policy time errors.

This release adds automatic network concurrency scaling for high‑core systems and includes several bug fixes around trust policies, file linking, self‑update behavior, package detection, and auth token handling.

This release adds a new `--lockfile-only` flag to `pnpm list`, improves self‑update handling, displays npm protocols for aliased packages, and includes several bug fixes and stricter trust‑policy enforcement.

pnpm 9 introduces pure ESM, JSON‑based config output, V8‑serialized store files, and drops Node.js v18/v19 support, requiring migration of config files, imports, and runtime versions.

This release introduces `trustPolicyExclude` and `publishConfig.engines` support, and fixes a hardlinking crash.

This release adds automatic Node.js runtime installation for dependencies, introduces a new \"trustPolicy\" setting, and adds a command to retrieve the global config path, while fixing several bugs around update behavior, hardlinking, and workspace configuration.

This release adds the `--all` option to `pnpm --help` and includes several bug fixes related to version selection, the `create` command, and package manager version handling.

This release introduces version‑specific controls for postinstall scripts and release‑age exclusions, enhancing security and flexibility in dependency management.

This patch release fixes several bugs related to configuration handling, publishing, bin linking, and workspace behavior, improving the stability of pnpm commands.

This patch release fixes several command issues, reduces the CLI bundle size by swapping ndjson for split2, and improves metadata handling for pnpm dlx.

This patch release silences an unnecessary warning for `--lockfile-only`, adds a Windows shim for `pnpm setup` to support self‑updates, and corrects catalog warning behavior.

This release adds network performance monitoring with configurable thresholds and includes several bug fixes such as retrying EAGAIN filesystem errors and respecting `minimumReleaseAge` in various commands.

This patch release fixes error messaging, workspace state file creation, and improves handling of `minimumReleaseAge` for selecting the latest version.

This release adds pattern support to the `minimumReleaseAgeExclude` configuration and fixes two bugs related to minimumReleaseAge handling and prerelease downgrades.

This patch release resolves a metadata cache bug and ensures patch diffs are generated without ANSI color codes.

This release adds a `minimumReleaseAge` safety setting and custom finder support, while fixing several bugs such as Node.js 24 deprecation warnings and improving error handling for `nodeVersion`.

This patch release fixes a crash in `.pnp.cjs` and improves peer dependency resolution in workspaces.

This release adds several new configuration capabilities, improves config handling, restores glibc 2.26 support, and includes a semi‑breaking change to peer‑dependency resolution.

This release adds JavaScript runtime installation support and new CLI flags for architecture selection, plus several bug fixes and integrity improvements.

This release adds new CLI flags for architecture selection, introduces devEngines‑based Node.js runtime resolution, improves dlx flag parsing, and fixes several bugs around package downloading and production installs.

This patch updates pnpm to run user‑defined pnpmfiles after plugin pnpmfiles.

This release adds support for multiple pnpmfiles and automatic loading of pnpmfile.cjs from config dependencies, while fixing several configuration conflicts, sorting behavior, rebuild handling, and command quoting.

This patch release resolves several bugs: the `pnpm licenses` command for local dependencies, incorrect JSON output for non‑existent filters, a peer‑dependency deadlock, and restores proper hoisting after `pnpm fetch`.

This patch restores the hoisting of optional peer dependencies when using an outdated lockfile, fixing a regression introduced in v10.12.2.

This patch release fixes several CLI bugs, including hoisting with `enableGlobalVirtualStore`, help flag handling for `pnpm create`, incorrect license list paths, and a deployment failure caused by outdated lockfiles.

This release introduces experimental global virtual stores, catalog enhancements, new CLI options, and a new CI flag, while changing side‑effects cache keys (requiring cache cleanup) and fixing several regressions.

This patch release resolves multiple regressions and bugs affecting pnpm deploy, URL‑based dependencies, strict peer dependency handling, environment variable naming, lockfile generation, overrides handling, URL parsing, and silent run output.

This release adds several new features such as module‑type init, Nushell support, audit ignore flags, recursive packing, and improves workspace behavior, while also fixing bugs related to peer dependencies, configuration loading, Node.js 24 warnings, and script execution.

This release adds support for loading preResolution, importPackage, and fetchers hooks from a local pnpmfile and includes several bug fixes such as the cd command with shellEmulator, workspace yaml key sorting, and npm_package_json propagation.

This release adds JSR package installation support and a new `dangerouslyAllowAllBuilds` setting, fixes a verifyDepsBeforeRun false negative, and drops verifyDepsBeforeRun support for nodeLinker "pnp".

This patch release removes bright white highlighting, adds automatic writing of `onlyBuiltDependencies` to `pnpm-workspace.yaml` when no config exists, and ensures patch file paths are stored as relative paths.

This release adds an experimental configuration hook and a new --config flag for pnpm add, and includes several bug fixes around workspace globs, audit overrides, and link behavior.

Patch release that corrects config type conversion, auth config retrieval, and expands `~/` in .npmrc paths.

This minor release adds workspace‑aware config commands, env‑var support in workspace files, version‑range based dependency patching, a new ignore‑patch‑failures option, and fixes audit output memory issues.

This patch release fixes several issues: it removes post‑approval warnings, preserves the `ignoredBuilds` field, corrects `catalog:` protocol handling in injected workspace packages, and allows non‑positive `workspace-concurrency` values.

This patch release fixes pnpm dlx with the --allow-build flag, prevents invalid Node.js versions from breaking pnpm, and reduces the max linking workers to four for better performance.

Patch release fixing a crash in `pnpm install --prod=false`, adding missing `node-options` to `recursive run`, and cleaning up the `dedupe-peer-dependents` code path.

This patch release fixes a Windows-specific issue where running the pnpm CLI from within itself failed when the CLI was bundled as an executable.

This patch release fixes Windows CLI execution issues, improves self‑update behavior, aligns patch‑commit filesystem handling, adds proper handling of log level errors, and enables peerDependencyRules configuration via pnpm‑workspace.yaml.

This patch release fixes self-update version handling, prevents CLI hangs with --silent, and silences extra output when --loglevel=error.

This patch release fixes several CLI hanging and output issues, restores handling of patchedDependencies, improves approve-builds behavior, and adds registry info for missing package versions.

This release adds support for .npmrc settings in pnpm-workspace.yaml, improves tarball dependency performance, replaces fast-glob with tinyglobby, and includes several bug fixes for self-update, deploy, and update commands.

This patch release introduces a new scoped registry CLI option and resolves several bugs affecting self‑update, interactive update listings, and catalog entry preservation.

The patch restores the default behavior of `pnpm config set` to modify the global .npmrc file.

This patch release fixes several issues: it adds an error for incorrect workspace config filenames, corrects workspace updates via approve-builds, normalizes link paths in package.json, enables overrides in pnpm-workspace.yaml, and makes pnpm dlx ignore local package.json settings.

This release adds support for defining `pnpm.*` settings in `pnpm-workspace.yaml`, introduces automatic syncing of injected workspace packages after scripts, makes the `packages` field optional, and includes several command enhancements and bug fixes.

This patch release fixes several bugs related to corepack updates, version output, packageManager version format, and catalog handling during filtered installs.

This patch release fixes several CLI behaviors: it adds validation for overlapping `--allow-build` values, prints version info after execution time, warns on ignored builds during repeat installs, and restores proper handling of `init-package-manager`.

pnpm v10 introduces `--global` support for approve-builds, a new `--allow-build` flag for add, and several bug fixes and documentation updates.

v10 introduces the `strict-dep-builds` setting for stricter script validation and includes fixes for `verify-deps-before-run` false negatives and improved warning display.

This patch release fixes side‑effects cache handling, improves `pnpm approve-builds` in sub‑workspaces, and restores `pnpm deploy --legacy` functionality with clearer error guidance.

pnpm v10 introduces default building of packages run via `dlx` and `create`, adds several bug fixes, and improves handling of overrides and proxy settings.

This patch release adds support for preprepare/postprepare scripts during pnpm install, improves script argument quoting on POSIX, respects proxy settings for Git dependencies, validates package names on publish, and replaces strip-ansi with the built-in util.stripVTControlCharacters.

This release introduces new commands (`pnpm ignored-builds`, `pnpm approve-builds`), a performance‑focused setting, and a field to ignore built dependencies, while also fixing several bugs around publishing, scripts execution, peerDependencies handling, and internal utilities.

This patch release fixes recursive `pnpm update --latest` to correctly update only the targeted package when `dedupe-peer-dependents` is enabled.