-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpnpm-workspace.yaml
More file actions
74 lines (66 loc) · 2.35 KB
/
pnpm-workspace.yaml
File metadata and controls
74 lines (66 loc) · 2.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
packages:
- packages/*
- .claude/hooks/*
# Packages allowed to run build scripts (pnpm v11 strictDepBuilds default).
allowBuilds:
docsify: false
esbuild: true
onnxruntime-node: true
# Refuse to run if the pnpm version on PATH differs from the packageManager
# field in package.json. Our setup action pins pnpm via external-tools.json;
# any drift should fail fast, not silently auto-download via @pnpm/exe
# (which in rc.5 leaves a placeholder launcher that errors at runtime).
pmOnFail: error
catalog:
'@anthropic-ai/claude-code': 2.1.92
'@babel/core': 7.28.4
'@babel/types': 7.28.5
'@biomejs/biome': 2.2.4
'@dotenvx/dotenvx': 1.31.0
'@sinclair/typebox': 0.34.49
'@socketsecurity/lib': 5.26.1
'@types/adm-zip': 0.5.7
'@types/node': 24.9.2
'@vitest/coverage-v8': 4.0.3
acorn: 8.14.0
acorn-walk: 8.3.4
adm-zip: 0.5.16
ecc-agentshield: 1.4.0
esbuild: 0.25.11
magic-string: 0.30.19
octokit: 5.0.5
tar: 7.4.3
vitest: 4.0.3
yoctocolors-cjs: 2.1.3
# Wait 7 days (10080 minutes) before installing newly published packages.
minimumReleaseAge: 10080
minimumReleaseAgeExclude:
- '@anthropic-ai/claude-code@2.1.92'
- '@socketaddon/*'
- '@socketbin/*'
- '@socketregistry/*'
- '@socketsecurity/*'
# Refuse transitive dependencies declared via git/tarball/local-tarball
# specs — an npm package shouldn't be allowed to drag in a git URL we
# don't control (bypasses npm registry validation, no provenance, no
# soak window). Direct git deps are still allowed (the test suite at
# pnpm/pkg-manager/core/test/install/blockExoticSubdeps.ts confirms
# this). pnpm's current default is `false`; declared explicitly so a
# future flip can't silently change install behavior.
blockExoticSubdeps: true
# Dependency overrides (migrated from package.json pnpm.overrides).
overrides:
vite: '7.3.2'
trustPolicy: no-downgrade
trustPolicyExclude:
- semver@6.3.1
# Auto-install missing peer deps (pnpm default). Declared explicitly
# so a future default flip can't silently change install behavior.
autoInstallPeers: true
# Run pre/post lifecycle scripts on the workspace root (e.g.
# prepare -> husky). This is the pnpm default; declared explicitly
# so a future default flip can't silently disable husky setup.
enablePrePostScripts: true
# Pin exact versions on `pnpm add`. Catalog and overrides should
# also be exact pins (5.24.0, not ^5.24.0).
saveExact: true