-
Notifications
You must be signed in to change notification settings - Fork 683
Expand file tree
/
Copy pathpnpm-config.schema.json
More file actions
284 lines (258 loc) · 16.7 KB
/
pnpm-config.schema.json
File metadata and controls
284 lines (258 loc) · 16.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "Pnpm configuration",
"description": "This configuration file provides settings specific to the PNPM package manager.",
"type": "object",
"additionalProperties": false,
"properties": {
"$schema": {
"description": "Part of the JSON Schema standard, this optional keyword declares the URL of the schema that the file conforms to. Editors may download the schema and use it to perform syntax highlighting.",
"type": "string"
},
"extends": {
"description": "Optionally specifies another JSON config file that this file extends from. This provides a way for standard settings to be shared across multiple projects. To delete an inherited setting, set it to `null` in this file.",
"type": "string"
},
"useWorkspaces": {
"description": "If true, then `rush install` and `rush update` will use the PNPM workspaces feature to perform the install, instead of the old model where Rush generated the symlinks for each projects's node_modules folder. This option is strongly recommended. The default value is false.",
"type": "boolean"
},
"strictPeerDependencies": {
"description": "If true, then Rush will add the `--strict-peer-dependencies` command-line parameter when invoking PNPM. This causes `rush update` to fail if there are unsatisfied peer dependencies, which is an invalid state that can cause build failures or incompatible dependency versions. (For historical reasons, JavaScript package managers generally do not treat this invalid state as an error.) This is done via the \"--strict-peer-dependencies\" flag in PNPM version < 7.0.0 and via the \"--no-strict-peer-dependencies\" flag in PNPM >= 7.0.0. The default value is false.",
"type": "boolean"
},
"pnpmStore": {
"description": "Specifies the location of the PNPM store. There are two possible values:\n\n\"local\" - use the \"pnpm-store\" folder in the current configured temp folder: \"common/temp/pnpm-store\" by default.\n\"global\" - use PNPM's global store, which has the benefit of being shared across multiple repo folders, but the disadvantage of less isolation for builds (e.g. bugs or incompatibilities when two repos use different releases of PNPM)\n\nIn both cases, the store path can be overridden by the environment variable RUSH_PNPM_STORE_PATH.\n\nThe default value is \"local\".",
"type": "string",
"enum": ["local", "global"]
},
"environmentVariables": {
"description": "Environment variables for PNPM invocation",
"type": "object",
"additionalProperties": {
"type": "object",
"properties": {
"value": {
"type": "string"
},
"override": {
"type": "boolean"
}
},
"additionalProperties": false
}
},
"preventManualShrinkwrapChanges": {
"description": "If true, then \"rush install\" will report an error if manual modifications were made to the PNPM shrinkwrap file without running `rush update` afterwards. To temporarily disable this validation when invoking \"rush install\", use the \"--bypassPolicy\" command-line parameter. The default value is false.",
"type": "boolean"
},
"alwaysInjectDependenciesFromOtherSubspaces": {
"description": "When a project uses `workspace:` to depend on another Rush project, PNPM normally installs it by creating a symlink under `node_modules`. This generally works well, but in certain cases such as differing `peerDependencies` versions, symlinking may cause trouble such as incorrectly satisfied versions. For such cases, the dependency can be declared as \"injected\", causing PNPM to copy its built output into `node_modules` like a real install from a registry. Details here: https://rushjs.io/pages/advanced/injected_deps/\n\nWhen using Rush subspaces, these sorts of versioning problems are much more likely if `workspace:` refers to a project from a different subspace. This is because the symlink would point to a separate `node_modules` tree installed by a different PNPM lockfile. A comprehensive solution is to enable `alwaysInjectDependenciesFromOtherSubspaces`, which automatically treats all projects from other subspaces as injected dependencies without having to manually configure them.\n\nNOTE: Use carefully -- excessive file copying can slow down the `rush install` and `pnpm-sync` operations if too many dependencies become injected.\n\nThe default value is false.",
"type": "boolean"
},
"globalOverrides": {
"description": "The \"globalOverrides\" setting provides a simple mechanism for overriding version selections for all dependencies of all projects in the monorepo workspace. The settings are copied into the `pnpm.overrides` field of the `common/temp/package.json` file that is generated by Rush during installation.\n\nOrder of precedence: `.pnpmfile.cjs` has the highest precedence, followed by `unsupportedPackageJsonSettings`, `globalPeerDependencyRules`, `globalPackageExtensions`, and `globalOverrides` has lowest precedence.\n\nPNPM documentation: https://pnpm.io/package_json#pnpmoverrides",
"type": "object",
"additionalProperties": {
"description": "You may specify the package the overridden dependency belongs to by separating the package selector from the dependency selector with a \">\", for example qar@1>zoo will only override the zoo dependency of qar@1, not for any other dependencies.",
"type": "string"
}
},
"globalPeerDependencyRules": {
"description": "The `globalPeerDependencyRules` setting provides various settings for suppressing validation errors that are reported during installation with `strictPeerDependencies=true`. The settings are copied into the `pnpm.peerDependencyRules` field of the `common/temp/package.json` file that is generated by Rush during installation.\n\nOrder of precedence: `.pnpmfile.cjs` has the highest precedence, followed by `unsupportedPackageJsonSettings`, `globalPeerDependencyRules`, `globalPackageExtensions`, and `globalOverrides` has lowest precedence.\n\nhttps://pnpm.io/package_json#pnpmpeerdependencyrules",
"type": "object",
"additionalProperties": false,
"properties": {
"ignoreMissing": {
"description": "pnpm will not print warnings about missing peer dependencies from this list.",
"type": "array",
"items": {
"type": "string"
}
},
"allowedVersions": {
"description": "Unmet peer dependency warnings will not be printed for peer dependencies of the specified range.",
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"allowAny": {
"description": "\"allowAny\" is an array of package name patterns, any peer dependency matching the pattern will be resolved from any version, regardless of the range specified in \"peerDependencies\"",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"globalPackageExtensions": {
"description": "This fields offer a way to extend the existing package definitions with additional information.",
"type": "object",
"additionalProperties": {
"description": "Specify the extension to a package",
"type": "object",
"additionalProperties": false,
"properties": {
"dependencies": {
"type": "object",
"additionalProperties": {
"description": "Specify the version of the dependency",
"type": "string"
}
},
"optionalDependencies": {
"type": "object",
"additionalProperties": {
"description": "Specify the version of the optionalDependency",
"type": "string"
}
},
"peerDependencies": {
"type": "object",
"additionalProperties": {
"description": "Specify the version of the peerDependency",
"type": "string"
}
},
"peerDependenciesMeta": {
"description": "Specify the peerDependenciesMeta",
"type": "object",
"additionalProperties": {
"type": "object",
"properties": {
"optional": {
"type": "boolean"
}
}
}
}
}
}
},
"globalNeverBuiltDependencies": {
"description": "This field allows to ignore the builds of specific dependencies. The \"preinstall\", \"install\", and \"postinstall\" scripts of the listed packages will not be executed during installation.",
"type": "array",
"items": {
"description": "Specify package name of the dependency",
"type": "string"
}
},
"globalOnlyBuiltDependencies": {
"description": "This field allows specifying which dependencies are permitted to run build scripts (preinstall, install, postinstall). In PNPM 10.x, build scripts are disabled by default for security. Use this allowlist to explicitly permit specific packages to run their build scripts.\n\n(SUPPORTED ONLY IN PNPM 10.1.0 AND NEWER)\n\nPNPM documentation: https://pnpm.io/settings#onlybuiltdependencies",
"type": "array",
"items": {
"description": "Specify package name of the dependency allowed to run build scripts",
"type": "string"
}
},
"globalIgnoredOptionalDependencies": {
"description": "This field allows you to skip the installation of specific optional dependencies. The listed packages will be treated as if they are not present in the dependency tree during installation, meaning they will not be installed even if required by other packages.\n\n(SUPPORTED ONLY IN PNPM 9.0.0 AND NEWER)\n\nPNPM documentation: https://pnpm.io/package_json#pnpmalloweddeprecatedversions",
"type": "array",
"items": {
"description": "Specify the package name of the optional dependency to be ignored.",
"type": "string"
}
},
"globalAllowedDeprecatedVersions": {
"description": "The `globalAllowedDeprecatedVersions` setting suppresses installation warnings for package versions that the NPM registry reports as being deprecated. This is useful if the deprecated package is an indirect dependency of an external package that has not released a fix. The settings are copied into the `pnpm.allowedDeprecatedVersions` field of the `common/temp/package.json` file that is generated by Rush during installation.\n\nPNPM documentation: https://pnpm.io/package_json#pnpmalloweddeprecatedversions",
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"globalPatchedDependencies": {
"description": "(THIS FIELD IS MACHINE GENERATED) The \"globalPatchedDependencies\" field is updated automatically by the `rush-pnpm patch-commit` command. It is a dictionary, where the key is an NPM package name and exact version, and the value is a relative path to the associated patch file.\n\nPNPM documentation: https://pnpm.io/package_json#pnpmpatcheddependencies",
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"unsupportedPackageJsonSettings": {
"description": "(USE AT YOUR OWN RISK) This is a free-form property bag that will be copied into the `common/temp/package.json` file that is generated by Rush during installation. This provides a way to experiment with new PNPM features. These settings will override any other Rush configuration associated with a given JSON field except for `.pnpmfile.cjs`.",
"type": "object"
},
"resolutionMode": {
"description": "This option overrides the resolution-mode in PNPM. Use it if you want to change the default resolution behavior when installing dependencies. Defaults to \"highest\".\n\nPNPM documentation: https://pnpm.io/npmrc#resolution-mode.",
"type": "string",
"enum": ["highest", "time-based", "lowest-direct"]
},
"autoInstallPeers": {
"description": "This setting determines whether PNPM will automatically install (non-optional) missing peer dependencies instead of reporting an error. With Rush, the default value is always false.\n\nPNPM documentation: https://pnpm.io/npmrc#auto-install-peers",
"type": "boolean"
},
"minimumReleaseAge": {
"description": "The minimum number of minutes that must pass after a version is published before pnpm will install it. This setting helps reduce the risk of installing compromised packages, as malicious releases are typically discovered and removed within a short time frame.\n\n(SUPPORTED ONLY IN PNPM 10.16.0 AND NEWER)\n\nPNPM documentation: https://pnpm.io/settings#minimumreleaseage\n\nThe default value is 0 (disabled).",
"type": "number"
},
"minimumReleaseAgeExclude": {
"description": "List of package names or patterns that are excluded from the minimumReleaseAge check. These packages will always install the newest version immediately, even if minimumReleaseAge is set. Supports glob patterns (e.g., \"@myorg/*\").\n\n(SUPPORTED ONLY IN PNPM 10.16.0 AND NEWER)\n\nPNPM documentation: https://pnpm.io/settings#minimumreleaseageexclude\n\nExample: [\"webpack\", \"react\", \"@myorg/*\"]",
"type": "array",
"items": {
"description": "Package name or pattern",
"type": "string"
}
},
"trustPolicy": {
"description": "The trust policy controls whether pnpm should block installation of package versions where the trust level has decreased (e.g., a package previously published with provenance is now published without it). Setting this to \"no-downgrade\" enables the protection.\n\n(SUPPORTED ONLY IN PNPM 10.21.0 AND NEWER)\n\nPNPM documentation: https://pnpm.io/settings#trustpolicy",
"type": "string",
"enum": ["no-downgrade", "off"]
},
"trustPolicyExclude": {
"description": "List of package names or patterns that are excluded from the trust policy check. These packages will be allowed to install even if their trust level has decreased. Supports glob patterns (e.g., \"@myorg/*\").\n\n(SUPPORTED ONLY IN PNPM 10.22.0 AND NEWER)\n\nPNPM documentation: https://pnpm.io/settings#trustpolicyexclude\n\nExample: [\"webpack\", \"react\", \"@myorg/*\"]",
"type": "array",
"items": {
"description": "Package name or pattern",
"type": "string"
}
},
"trustPolicyIgnoreAfter": {
"description": "The number of minutes after which pnpm will ignore trust level downgrades. Packages published longer ago than this threshold will not be blocked even if their trust level has decreased.\n\n(SUPPORTED ONLY IN PNPM 10.27.0 AND NEWER)\n\nPNPM documentation: https://pnpm.io/settings#trustpolicyignoreafter",
"type": "number"
},
"alwaysFullInstall": {
"description": "(EXPERIMENTAL) If 'true', then filtered installs ('rush install --to my-project') * will be disregarded, instead always performing a full installation of the lockfile.",
"type": "boolean"
},
"pnpmLockfilePolicies": {
"description": "This setting defines the policies that govern the `pnpm-lock.yaml` file.",
"type": "object",
"additionalProperties": false,
"properties": {
"disallowInsecureSha1": {
"type": "object",
"description": "Forbid sha1 hashes in `pnpm-lock.yaml`.",
"properties": {
"enabled": {
"type": "boolean"
},
"exemptPackageVersions": {
"description": "A list of specific package versions to be exempted from the \"disallowInsecureSha1\" policy",
"type": "object",
"additionalProperties": {
"type": "array",
"items": {
"type": "string"
},
"description": "An array of exempted versions for this package."
}
}
},
"required": ["enabled", "exemptPackageVersions"]
}
}
},
"globalCatalogs": {
"description": "The \"globalCatalogs\" setting provides named catalogs for organizing dependency versions. Each catalog can be referenced using the `catalog:catalogName` protocol in package.json files (e.g., `catalog:react18`). The settings are written to the `catalogs` field of the `pnpm-workspace.yaml` file that is generated by Rush during installation.\n\nPNPM documentation: https://pnpm.io/catalogs",
"type": "object",
"additionalProperties": {
"description": "A named catalog containing package versions",
"type": "object",
"additionalProperties": {
"description": "Specify the version for a package in this catalog",
"type": "string"
}
}
}
}
}