Change8

v11.0.6

📦 pnpmView on GitHub →
1 features🐛 9 fixes🔧 17 symbols

Summary

This patch release improves configuration loading robustness by correctly handling environment variables and fixes several issues related to workspace file ordering, self-updates on v10 installations, and configuration validation errors.

Migration Steps

  1. If you rely on uppercase environment variables for configuration (e.g., `PNPM_CONFIG_USERCONFIG`), they are now supported, but ensure consistency if you were previously only using lowercase `pnpm_config_*` variables.
  2. If `pnpm self-update` fails to update the version reported by `pnpm --version` on systems previously running pnpm v10, run `pnpm setup` to migrate PATH to the v11 layout.

✨ New Features

  • Accept `PNPM_CONFIG_*` (uppercase) environment variables in addition to `pnpm_config_*` for configuration settings.

🐛 Bug Fixes

  • Fixed issue where `pnpm_config_npmrc_auth_file` and `pnpm_config_userconfig` environment variables were not loading custom `.npmrc` files because they were consulted after the default file was read. They are now consulted before loading user-level `.npmrc`.
  • Preserve the original key order in `pnpm-workspace.yaml` when updating it.
  • Fixed `pnpm self-update` for installations originally set up by pnpm v10 by refreshing legacy shims pointing to the old install location and suggesting `pnpm setup` to migrate to the v11 layout.
  • Print a warning when settings not allowed in the global config file (e.g. `nodeLinker`, `hoistPattern`) are present in `config.yaml` instead of silently ignoring them.
  • Throw a pnpm error when `overrides` has an invalid shape or contains a non-string value.
  • Validate all `readPackage` dependency map fields (including `devDependencies`) and reject falsy non-object invalid values.
  • Prevent crashes during `pnpm config`, `pnpm set`, and `pnpm get` by tolerating `configDependencies` install failures (logging them at debug level instead of surfacing the error).
  • Treat `allowBuilds` as an install-state input and clear previously ignored builds when they are explicitly disallowed.
  • Fixed issue where catalogs were not being read from the workspace when using the `catalog:` protocol with `pnpm dlx` / `pnpx`.

Affected Symbols

pnpm_config_npmrc_auth_filepnpm_config_userconfigpnpm-workspace.yamlpnpm self-updateconfig.yamloverridesreadPackagedevDependenciespnpm configpnpm setpnpm getconfigDependenciesallowBuildscatalog:pnpm dlxpnpxPNPM_CONFIG_*