已新增支持从信任策略中排除软件包以及在发布时覆盖 engines 字段。

🌐 Added support for excluding packages from trust policy and overriding the engines field on publish.

添加了对 Node.js 运行时依赖安装的支持以及用于配置信任策略的设置。

🌐 Added support for Node.js runtime installation for dependencies and a setting for configuring trust policy.

此版本为 pnpm help 命令添加了 --all 标志，用于打印所有命令。

🌐 This release adds a --all flag for the pnpm help command to print all commands.

此版本为两个设置添加了版本范围控制：[onlyBuiltDependencies] 和 [minimumReleaseAgeExclude]。

小幅更改​

🌐 Minor Changes

通过实现针对慢速网络请求的警告（包括元数据获取和压缩包下载），已将网络性能监控添加到 pnpm 中。

🌐 Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads.

添加了警告阈值的配置选项：fetchWarnTimeoutMs 和 fetchMinSpeedKiBps。当请求超过时间阈值或低于速度最小值时，会显示警告信息

🌐 Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps. Warning messages are displayed when requests exceed time thresholds or fall below speed minimums

相关的 PR: #10025。

🌐 Related PR: #10025.

补丁更改​

🌐 Patch Changes

• Retry filesystem operations on EAGAIN errors #9959.

• Outdated command respects minimumReleaseAge configuration #10030.

• Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages.

• Don't fail with a meaningless error when scriptShell is set to false #8748.

• pnpm dlx should not fail when minimumReleaseAge is set #10037.

小幅更改​

🌐 Minor Changes

minimumReleaseAgeExclude 设置现在支持模式。

小幅更改​

🌐 Minor Changes

延迟依赖更新的新设置​

🌐 New setting for delayed dependency updates

最近发生了几起流行软件包被成功攻击的事件。为了降低安装受损版本的风险，我们正在引入一个新设置，该设置会延迟安装新发布的依赖。在大多数情况下，这类攻击会被迅速发现，恶意版本会在一个小时内从注册表中移除。

🌐 There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

小幅更改​

🌐 Minor Changes

目录的新设置​

🌐 New setting for catalogs

添加了 cleanupUnusedCatalogs 配置。当设置为 true 时，pnpm 会在安装过程中移除未使用的目录条目 #9793。

🌐 Added the cleanupUnusedCatalogs configuration. When set to true, pnpm will remove unused catalog entries during installation #9793.

添加了对 JavaScript 运行时安装的支持​

🌐 Added support for JavaScript runtime installation

在 devEngines.runtime（位于 package.json 内）中声明 Node.js、Deno 或 Bun，并让 pnpm 自动下载和固定它。

🌐 Declare Node.js, Deno, or Bun in devEngines.runtime (inside package.json) and let pnpm download and pin it automatically.

这一年即将结束。真是艰难的一年。正如你可能知道的，我住在乌克兰，所以由于俄罗斯对我们的战争，今年比往年更难推动这个项目。尽管如此，这对 pnpm 来说是很好的一年。我们获得了许多新用户和贡献者，并且实现了许多很棒的功能。

🌐 It is the end of the year. A really hard year. As you may know, I live in Ukraine, so due to Russia's war against us, it was harder to lead this project than in previous years. Nevertheless, it was a good year for pnpm. We've got a lot of new users, contributors, and we have implemented many great features.

（上述插图由 Midjourney 生成。老虎象征虎年）