pnpm/pnpm (pnpm)
### [`v8.9.2`](https://togithub.com/pnpm/pnpm/releases/tag/v8.9.2)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.9.1...v8.9.2)
#### Patch Changes
- Don't use reflink on Windows [#7186](https://togithub.com/pnpm/pnpm/issues/7186).
- Do not run node-gyp rebuild if `preinstall` lifecycle script is present [#7206](https://togithub.com/pnpm/pnpm/pull/7206).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.9.1`](https://togithub.com/pnpm/pnpm/releases/tag/v8.9.1)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.9.0...v8.9.1)
#### Patch Changes
- Optimize selection result output of `pnpm update --interactive` [7109](https://togithub.com/pnpm/pnpm/issues/7109)
- When `shared-workspace-lockfile` is set to `false`, read the pnpm settings from `package.json` files that are nested. This was broken in pnpm v8.9.0 [#7184](https://togithub.com/pnpm/pnpm/issues/7184).
- Fix file cloning to `node_modules` on Windows Dev Drives [#7186](https://togithub.com/pnpm/pnpm/issues/7186). This is a fix to a regression that was shipped with v8.9.0.
- `pnpm dlx` should ignore any settings that are in a `package.json` file found in the current working directory [#7198](https://togithub.com/pnpm/pnpm/issues/7198).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.9.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.9.0)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.8.0...v8.9.0)
#### Minor Changes
- **🚀Performance improvement:** Use reflinks instead of hard links by default on macOS and Windows Dev Drives [#5001](https://togithub.com/pnpm/pnpm/issues/5001).
- The list of packages that are allowed to run installation scripts now may be provided in a separate configuration file. The path to the file should be specified via the `pnpm.onlyBuiltDependenciesFile` field in `package.json`. For instance:
```json
{
"dependencies": {
"@my-org/policy": "1.0.0"
}
"pnpm": {
"onlyBuiltDependenciesFile": "node_modules/@my-org/policy/allow-build.json"
}
}
```
In the example above, the list is loaded from a dependency. The JSON file with the list should contain an array of package names. For instance:
```json
["esbuild", "@reflink/reflink"]
```
With the above list, only `esbuild` and `@reflink/reflink` will be allowed to run scripts during installation.
Related issue: [#7137](https://togithub.com/pnpm/pnpm/issues/7137).
- Add `disallow-workspace-cycles` option to error instead of warn about cyclic dependencies
- Allow `env rm` to remove multiple node versions at once, and introduce `env add` for installing node versions without setting as default [#7155](https://togithub.com/pnpm/pnpm/pull/7155).
#### Patch Changes
- Fix memory error in `pnpm why` when the dependencies tree is too big, the command will now prune the tree to just 10 end leafs and now supports `--depth` argument [#7122](https://togithub.com/pnpm/pnpm/pull/7122).
- Use `neverBuiltDependencies` and `onlyBuiltDependencies` from the root `package.json` of the workspace, when `shared-workspace-lockfile` is set to `false` [#7141](https://togithub.com/pnpm/pnpm/pull/7141).
- Optimize peers resolution to avoid out-of-memory exceptions in some rare cases, when there are too many circular dependencies and peer dependencies [#7149](https://togithub.com/pnpm/pnpm/pull/7149).
- Instead of `pnpm.overrides` replacing `resolutions`, the two are now merged. This is intended to make it easier to migrate from Yarn by allowing one to keep using `resolutions` for Yarn, but adding additional changes just for pnpm using `pnpm.overrides`.
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.8.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.8.0)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.7.6...v8.8.0)
#### Minor Changes
- Add `--reporter-hide-prefix` option for `run` command to hide project name as prefix for lifecycle log outputs of running scripts [#7061](https://togithub.com/pnpm/pnpm/issues/7061).
#### Patch Changes
- Pass through the `--ignore-scripts` command to install, when running `pnpm dedupe --ignore-scripts` [#7102](https://togithub.com/pnpm/pnpm/issues/7102).
- Throw meaningful error for config sub commands[#7106](https://togithub.com/pnpm/pnpm/issues/7106).
- When the `node-linker` is set to `hoisted`, the `package.json` files of the existing dependencies inside `node_modules` will be checked to verify their actual versions. The data in the `node_modules/.modules.yaml` and `node_modules/.pnpm/lock.yaml` may not be fully reliable, as an installation may fail after changes to dependencies were made but before those state files were updated [#7107](https://togithub.com/pnpm/pnpm/pull/7107).
- Don't update git-hosted dependencies when adding an unrelated dependency [#7008](https://togithub.com/pnpm/pnpm/issues/7008).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.7.6`](https://togithub.com/pnpm/pnpm/releases/tag/v8.7.6)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.7.5...v8.7.6)
#### Patch Changes
- Don't run the `prepublishOnly` scripts of git-hosted dependencies [#7026](https://togithub.com/pnpm/pnpm/issues/7026).
- Fix a bug in which `use-node-version` or `node-version` isn't passed down to `checkEngine` when using pnpm workspace, resulting in an error [#6981](https://togithub.com/pnpm/pnpm/issues/6981).
- Don't print out each deprecated subdependency separately with its deprecation message. Just print out a summary of all the deprecated subdependencies [#6707](https://togithub.com/pnpm/pnpm/issues/6707).
- Fixed an ENOENT error that was sometimes happening during install with "hoisted" `node_modules` [#6756](https://togithub.com/pnpm/pnpm/issues/6756).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.7.5`](https://togithub.com/pnpm/pnpm/releases/tag/v8.7.5)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.7.4...v8.7.5)
#### Patch Changes
- Improve performance of installation by using a worker for creating the symlinks inside `node_modules/.pnpm` [#7069](https://togithub.com/pnpm/pnpm/pull/7069).
- Tarballs that have hard links are now unpacked successfully. This fixes a regression introduced in v8.7.0, which was shipped with our new in-house tarball parser [#7062](https://togithub.com/pnpm/pnpm/pull/7062).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.7.4`](https://togithub.com/pnpm/pnpm/releases/tag/v8.7.4)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.7.3...v8.7.4)
#### Patch Changes
- Fix a bug causing the pnpm server to hang if a tarball worker was requested while another worker was exiting [#7041](https://togithub.com/pnpm/pnpm/pull/7041).
- Fixes a regression published with pnpm v8.7.3. Don't hang while reading `package.json` from the content-addressable store [#7051](https://togithub.com/pnpm/pnpm/pull/7051).
- Allow create scoped package with preferred version. [#7053](https://togithub.com/pnpm/pnpm/issues/7053)
- Reverting a change shipped in v8.7 that caused issues with the `pnpm deploy` command and "injected dependencies" [#6943](https://togithub.com/pnpm/pnpm/pull/6943).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.7.3`](https://togithub.com/pnpm/pnpm/releases/tag/v8.7.3)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.7.2...v8.7.3)
#### Patch Changes
- Fix a bug causing errors to be printed as "Cannot read properties of undefined (reading 'code')" instead of the underlying reason when using the pnpm store server [#7032](https://togithub.com/pnpm/pnpm/pull/7032)
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.7.2`](https://togithub.com/pnpm/pnpm/compare/v8.7.1...v8.7.2)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.7.1...v8.7.2)
### [`v8.7.1`](https://togithub.com/pnpm/pnpm/releases/tag/v8.7.1)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.7.0...v8.7.1)
#### Patch Changes
- Fixed an issue with extracting some old versions of tarballs [#6991](https://togithub.com/pnpm/pnpm/issues/6991).
- Side-effects cache will now be leveraged when running install in a workspace that uses dedicated lockfiles for each project [#6890](https://togithub.com/pnpm/pnpm/issues/6890).
- Reduce concurrency in the `pnpm -r publish` command [#6968](https://togithub.com/pnpm/pnpm/issues/6968).
- Improved the `pnpm update --interactive` output by grouping dependencies by type. Additionally, a new column has been added with links to the documentation for outdated packages [#6978](https://togithub.com/pnpm/pnpm/pull/6978).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.7.0`](https://togithub.com/pnpm/pnpm/releases/tag/v8.7.0)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.12...v8.7.0)
#### Minor Changes
- Improve performance of installation by using a worker pool for extracting packages and writing them to the content-addressable store [#6850](https://togithub.com/pnpm/pnpm/pull/6850)
- The default value of the `resolution-mode` setting is changed to `highest`. This setting was changed to `lowest-direct` in v8.0.0 and some users were [not happy with the change](https://togithub.com/pnpm/pnpm/issues/6463). A [twitter poll](https://twitter.com/pnpmjs/status/1693707270897517022) concluded that most of the users want the old behaviour (`resolution-mode` set to `highest` by default). This is a semi-breaking change but should not affect users that commit their lockfile [#6463](https://togithub.com/pnpm/pnpm/issues/6463).
#### Patch Changes
- Warn when linking a package with `peerDependencies` [#615](https://togithub.com/pnpm/pnpm/issues/615).
- Add support for npm lockfile v3 in `pnpm import` [#6233](https://togithub.com/pnpm/pnpm/issues/6233).
- Override `peerDependencies` in `pnpm.overrides` [#6759](https://togithub.com/pnpm/pnpm/issues/6759).
- Respect workspace alias syntax in pkg graph [#6922](https://togithub.com/pnpm/pnpm/issues/6922)
- Emit a clear error message when users attempt to specify an undownloadable node version [#6916](https://togithub.com/pnpm/pnpm/pull/6916).
- `pnpm patch` should write patch files with a trailing newline [#6905](https://togithub.com/pnpm/pnpm/pull/6905).
- Dedupe deps with the same alias in direct dependencies [6966](https://togithub.com/pnpm/pnpm/issues/6966)
- Don't prefix install output for the dlx command.
- Performance optimizations. Package tarballs are now download directly to memory and built to an ArrayBuffer. Hashing and other operations are avoided until the stream has been fully received [#6819](https://togithub.com/pnpm/pnpm/pull/6819).
#### Our Gold Sponsors
#### Our Silver Sponsors
### [`v8.6.12`](https://togithub.com/pnpm/pnpm/releases/tag/v8.6.12)
[Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.6.11...v8.6.12)
#### Patch Changes
- Make the error message friendlier when a user attempts to run a command that does not exist [#6887](https://togithub.com/pnpm/pnpm/pull/6887).
- `pnpm patch` should work correctly when `shared-workspace-file` is set to `false` [#6885](https://togithub.com/pnpm/pnpm/issues/6885).
- `pnpm env use` should retry deleting the previous Node.js executable [#6587](https://togithub.com/pnpm/pnpm/issues/6587).
- `pnpm dlx` should not print an error stack when the underlying script execution fails [#6698](https://togithub.com/pnpm/pnpm/issues/6698).
- When showing the download progress of large tarball files, always display the same number of digits after the decimal point [#6901](https://togithub.com/pnpm/pnpm/issues/6901).
- Report download progress less frequently to improve performance [#6906](https://togithub.com/pnpm/pnpm/pull/6906).
- `pnpm install --frozen-lockfile --lockfile-only` should fail if the lockfile is not up to date with the `package.json` files [#6913](https://togithub.com/pnpm/pnpm/issues/6913).
#### Our Gold Sponsors
This PR contains the following updates:
8.3.1->8.9.2Release Notes
pnpm/pnpm (pnpm)
### [`v8.9.2`](https://togithub.com/pnpm/pnpm/releases/tag/v8.9.2) [Compare Source](https://togithub.com/pnpm/pnpm/compare/v8.9.1...v8.9.2) #### Patch Changes - Don't use reflink on Windows [#7186](https://togithub.com/pnpm/pnpm/issues/7186). - Do not run node-gyp rebuild if `preinstall` lifecycle script is present [#7206](https://togithub.com/pnpm/pnpm/pull/7206). #### Our Gold Sponsors