Change8

v10.3.0

📦 pnpmView on GitHub →
1 features🐛 2 fixes🔧 2 symbols

Summary

v10 introduces the `strict-dep-builds` setting for stricter script validation and includes fixes for `verify-deps-before-run` false negatives and improved warning display.

Migration Steps

  1. Review the breaking changes listed in v10 (https://github.com/pnpm/pnpm/releases/tag/v10.0.0) and adjust any scripts that rely on postinstall execution.
  2. If you enable `strict-dep-builds`, ensure your CI/CD pipelines handle a non-zero exit code for packages with unreviewed build scripts.

✨ New Features

  • Added a new setting called `strict-dep-builds` that causes the installation to exit with a non-zero code if any dependencies have unreviewed postinstall scripts.

🐛 Bug Fixes

  • Fixed a false negative of `verify-deps-before-run` after `pnpm install --production` or `--no-optional` (see #9019).
  • Moved the warning about blocked installation scripts to the end of the installation output and made it more prominent.

🔧 Affected Symbols

strict-dep-buildsverify-deps-before-run