WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have recently run into issues after upgrading to version 10.
The need to explicitly allow install scripts lead me to this discussion about options to allow all builds
I wouldn't like to apply the accepted answer (which definitely answers the original question) to my monorepo, so I came up with a solution that I couldn't find documented anywhere.
I have a structure like
root
-- apps
-- frontend
-- backend
When I install a new package that requires an install script I run pnpm approve-builds and it gets added to the root-level pnpm-workspace.yaml which is versioned, problem solved for local development.
The problem is not solved by that alone in Docker though, so I
put sharedWorkspaceLockfile: false in the top-level pnpm-workspace.yaml
I add a pnpm-workspace.yaml to apps/backend that only has the onlyBuiltDependencies property, with the same entries as in the root-level workspace file
in the Dockerfile I just run pnpm i --frozen-lockfile without the --dangerously-allow-all-builds and it just works since there is a pnpm-workspace.yaml in the apps/backend folder.
I am not sure though if this is hacky and if there may be pitfalls, and if this usage is even supported.
If it is, then my follow-up question would be how multiple workspace files are handled on conflict. For the onlyBuiltDependencies a merge strategy could make sense for example but in others not.
Edit
After diving deeper into pnpm's source code and doing some research, I have found this PR: #3464
The NPM_CONFIG_WORKSPACE_DIR environment variable effectively solves the potential problems I can think of.
So, is it part of pnpm's public API? I could only find it here and in source, but not in the docs.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
pnpm
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I have recently run into issues after upgrading to version 10.
The need to explicitly allow install scripts lead me to this discussion about options to allow all builds
I wouldn't like to apply the accepted answer (which definitely answers the original question) to my monorepo, so I came up with a solution that I couldn't find documented anywhere.
I have a structure like
When I install a new package that requires an install script I run
pnpm approve-buildsand it gets added to the root-levelpnpm-workspace.yamlwhich is versioned, problem solved for local development.The problem is not solved by that alone in Docker though, so I
sharedWorkspaceLockfile: falsein the top-levelpnpm-workspace.yamlpnpm-workspace.yamltoapps/backendthat only has theonlyBuiltDependenciesproperty, with the same entries as in the root-level workspace filepnpm i --frozen-lockfilewithout the--dangerously-allow-all-buildsand it just works since there is apnpm-workspace.yamlin the apps/backend folder.I am not sure though if this is hacky and if there may be pitfalls, and if this usage is even supported.
If it is, then my follow-up question would be how multiple workspace files are handled on conflict. For the
onlyBuiltDependenciesa merge strategy could make sense for example but in others not.Edit
After diving deeper into pnpm's source code and doing some research, I have found this PR: #3464
The
NPM_CONFIG_WORKSPACE_DIRenvironment variable effectively solves the potential problems I can think of.So, is it part of pnpm's public API? I could only find it here and in source, but not in the docs.
Beta Was this translation helpful? Give feedback.
All reactions