Skip to content

@pnpm/plugin-trusted-deps@latest is not compatible with pnpm 11 allowBuilds #8

Description

@hyrious

Verify latest release

  • I verified that the issue exists with the latest pnpm release.

pnpm version

11.1.3

Which area(s) of pnpm are affected?

Hooks / Package manager compatibility

Reproduction steps

  1. Create a project with this in pnpm-workspace.yaml:
configDependencies:
  '@pnpm/plugin-trusted-deps': 0.2.2
  1. Add a dependency that uses esbuild, or just install esbuild.
  2. Run pnpm install with pnpm 11.

Describe the Bug

@pnpm/plugin-trusted-deps@latest is still 0.2.2, and that version only writes onlyBuiltDependencies.

pnpm 11 uses allowBuilds, so the plugin does not actually allow trusted packages such as esbuild. pnpm then writes this placeholder instead:

allowBuilds:
  esbuild: set this to true or false

I noticed 0.3.0-2 on the next tag already supports pnpm 11 and allowBuilds, but it is not the latest version.

Expected Behavior

Installing @pnpm/plugin-trusted-deps on pnpm 11 should allow trusted deps through allowBuilds, or the compatible version should be published/tagged as latest.

Node.js version

24.15.0

Operating systems

  • macOS
  • Windows
  • Linux

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions