Change8

v10.25.0

📦 pnpmView on GitHub →
2 features🐛 4 fixes🔧 4 symbols

Summary

This release adds certificate loading via `cert`, `ca`, and `key` fields and a `--bare` flag for `pnpm init`, plus several bug fixes around script reporting, build handling, forced publishing, and trust‑policy time errors.

✨ New Features

  • Added support for loading certificates from `cert`, `ca`, and `key` fields for specific registry URLs (e.g., `//registry.example.com/:ca=-----BEGIN CERTIFICATE-----...`). This works via `.npmrc` and is now recognized by pnpm.
  • Added a new `--bare` flag to `pnpm init` to create a package.json with only the required fields.

🐛 Bug Fixes

  • Improved reporting of ignored dependency scripts.
  • `pnpm install` now builds any dependencies added to `onlyBuiltDependencies` that have not been built yet.
  • `pnpm publish -r --force` now allows publishing over already existing versions in the registry.
  • Do not fail with an `ERR_PNPM_MISSING_TIME` error when a package excluded from trust policy checks is missing the time field in its metadata.

🔧 Affected Symbols

pnpm init commandpnpm install commandpnpm publish commandcertificate loading configuration parser