v10.27.0

Breaking Changes

📅 Dec 30, 2025📦 pnpmView on GitHub →

⚠ 1 breaking✨ 4 features🐛 5 fixes🔧 3 symbols

Summary

This release adds trust‑policy ignore options, project registry and mark‑and‑sweep pruning for the global virtual store, and includes several bug fixes, with a semi‑breaking change to unscoped package storage layout.

⚠️ Breaking Changes

Changed the location of unscoped packages in the virtual global store: they are now stored under a directory named "@" to keep a uniform 4‑level depth. Update any scripts or tooling that reference the old path.

Migration Steps

If you rely on the previous layout of unscoped packages in the virtual global store, update paths to point to the new `@` directory.
Ensure `tokenHelper` values are literal strings and do not reference environment variables to avoid runtime errors.

✨ New Features

Added `trustPolicyIgnoreAfter` option to ignore trust‑policy checks for packages published earlier than a specified time.
Introduced project registry for global virtual store prune support via symlinks in `{storeDir}/v10/projects/`.
Implemented mark‑and‑sweep garbage collection for the global virtual store; `pnpm store prune` now removes unreachable packages from `links/`.
Enhanced `pnpm store prune` to work with workspace monorepos by scanning all `node_modules` directories within a project.

🐛 Bug Fixes

Throw an error when the value of `tokenHelper` or `<url>:tokenHelper` contains an environment variable.
Git dependencies with build scripts now respect the `dangerouslyAllowAllBuilds` setting.
Skip the package manager check when running with `--global` and a project `packageManager` is configured, and emit a warning.
`pnpm store prune` no longer fails if the dlx cache directory contains files instead of only directories.
Fixed a bug where `pnpm add` incorrectly modified a catalog entry in `pnpm-workspace.yaml` to its exact version.

🔧 Affected Symbols

pnpm store prunevirtual store path resolutiontokenHelper configuration