Verify latest release
pnpm version
11.1.3
Which area(s) of pnpm are affected?
Hooks / Package manager compatibility
Reproduction steps
- Create a project with this in
pnpm-workspace.yaml:
configDependencies:
'@pnpm/plugin-trusted-deps': 0.2.2
- Add a dependency that uses esbuild, or just install
esbuild.
- Run
pnpm install with pnpm 11.
Describe the Bug
@pnpm/plugin-trusted-deps@latest is still 0.2.2, and that version only writes onlyBuiltDependencies.
pnpm 11 uses allowBuilds, so the plugin does not actually allow trusted packages such as esbuild. pnpm then writes this placeholder instead:
allowBuilds:
esbuild: set this to true or false
I noticed 0.3.0-2 on the next tag already supports pnpm 11 and allowBuilds, but it is not the latest version.
Expected Behavior
Installing @pnpm/plugin-trusted-deps on pnpm 11 should allow trusted deps through allowBuilds, or the compatible version should be published/tagged as latest.
Node.js version
24.15.0
Operating systems
Verify latest release
pnpm version
11.1.3
Which area(s) of pnpm are affected?
Hooks / Package manager compatibility
Reproduction steps
pnpm-workspace.yaml:esbuild.pnpm installwith pnpm 11.Describe the Bug
@pnpm/plugin-trusted-deps@latestis still0.2.2, and that version only writesonlyBuiltDependencies.pnpm 11 uses
allowBuilds, so the plugin does not actually allow trusted packages such asesbuild. pnpm then writes this placeholder instead:I noticed
0.3.0-2on thenexttag already supports pnpm 11 andallowBuilds, but it is not thelatestversion.Expected Behavior
Installing
@pnpm/plugin-trusted-depson pnpm 11 should allow trusted deps throughallowBuilds, or the compatible version should be published/tagged aslatest.Node.js version
24.15.0
Operating systems