v11.2.0
📦 pnpmView on GitHub →
✨ 4 features🐛 7 fixes🔧 13 symbols
Summary
This release introduces an experimental opt-in preview of the Rust install engine via @pnpm/pacquet and enhances support for platform-specific dependencies within configuration dependencies. Several critical bugs related to configuration loading, login commands, and lockfile pruning stability have also been resolved.
Migration Steps
- To configure pacquet in a project (opt-in preview), run: pnpm add @pnpm/pacquet --config. Ensure any changes to pnpm-workspace.yaml and pnpm-lock.yaml are committed.
- When using platform-specific optionalDependencies in a config dependency, ensure each entry declares an exact version (ranges and tags are rejected).
✨ New Features
- Opt-in preview: Configuring @pnpm/pacquet in configDependencies in pnpm-workspace.yaml delegates the materialization phase of pnpm install to the pacquet binary (Rust install engine).
- configDependencies now resolve and install one level of optionalDependencies declared by the config dependency, applying platform filtering, enabling esbuild/swc-style platform-specific binaries via config dependencies.
- Implemented the documented pnpm login --scope <scope> flag, which writes an @<scope>:registry=<registry> mapping to the auth file.
- pnpm outdated and pnpm update --interactive now report Node.js, Deno, and Bun runtimes installed as project dependencies (runtime: specifiers).
🐛 Bug Fixes
- Fixed cafile=<relative-path> in .npmrc being read from the wrong directory when pnpm is invoked from a different cwd; path is now resolved against the directory of the .npmrc that declared it.
- Fixed config.registry getting a trailing slash appended when registry is set in .npmrc and no registries.default is provided by pnpm-workspace.yaml.
- Fixed global add/update to handle minimumReleaseAge policy violations instead of surfacing an internal resolver guardrail error.
- Fixed two crashes related to injectWorkspacePackages: true when the lockfile has been pruned: resolution reconstruction in convertToLockfileObject and preserving node_modules content during lifecycle hook execution.
- Fixed pnpm login and pnpm logout ignoring registries.default from pnpm-workspace.yaml.
- Fixed the minimumReleaseAge (publishedBy) maturity shortcut to be inclusive at the cutoff boundary.
- Fixed honoring publishConfig.access when publishing packages.