Skip to main content
Version: 10.x

配置依赖

配置依赖在所有其他类型的依赖("dependencies"、"devDependencies"、"optionalDependencies" 之前)之前安装。

¥Configurational dependencies are installed before all the other types of dependencies (before "dependencies", "devDependencies", "optionalDependencies").

配置依赖不能具有其自身或生命周期脚本的依赖。应使用精确版本和完整性校验和添加它们。示例:

¥Configurational dependencies cannot have dependencies of their own or lifecycle scripts. They should be added using exact version and the integrity checksum. Example:

{
  "pnpm": {
    "configDependencies": {
      "my-configs": "1.0.0+sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw=="
    }
  }
}

用法

¥Usage

加载已构建依赖的允许列表

¥Loading an allow list of built dependencies

你可以通过配置依赖和 pnpm.onlyBuiltDependenciesFile 设置加载允许构建的包名称列表。例如,你可以发布一个在其根目录中包含 allow.json 文件的包:

¥You may load a list of package names that are allowed to be built via configurational dependencies and the pnpm.onlyBuiltDependenciesFile setting. For example, you may publish a package with an allow.json file in its root directory:

[
  "esbuild",
  "fsevents"
]

假设这个包名为 my-configs,那么你项目的 package.json 将如下所示:

¥Let's say this package is called my-configs, then your project's package.json will look like this:

{
  "pnpm": {
    "configDependencies": {
      "my-configs": "1.0.0+sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw=="
    },
    "onlyBuiltDependenciesFile": "node_modules/.pnpm-config/my-configs/allow.json"
  }
}

这样,你的项目将加载允许从 my-configs 构建的包列表。

¥This way your project will load the list of packages that are allowed to be built from my-configs.

安装钩子中使用的依赖

¥Installing dependencies used in hooks

配置依赖在加载来自 .pnpmfile.cjs 的钩子之前安装,因此你可以将它们用作钩子的依赖。

¥Configurational dependencies are installed before the hooks from .pnpmfile.cjs are loaded, so you can use them as dependencies for your hooks.

例如,你可能有一个名为 "my-hooks" 的配置依赖,它会导出 readPackage 钩子。在这种情况下,你可以像这样将其导入到你的 .pnpmfile.cjs 中:

¥For instance, you may have a configurational dependency called "my-hooks" that exports a readPackage hook. In this case, you can import it into your .pnpmfile.cjs like this:

const { readPackage } = require('.pnpm-config/my-hooks')

module.exports = {
  hooks: {
    readPackage
  }
}

加载补丁

¥Loading patches

你可以引用通过配置依赖安装的 补丁文件。例如,如果你有一个名为 "my-patches" 的配置依赖,则可以从中加载补丁:

¥You can reference patch files installed via configurational dependencies. For instance, if you have a configurational dependency called "my-patches", you can load patches from it:

{
  "pnpm": {
    "configDependencies": {
      "my-patches": "1.0.0+sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw=="
    },
    "patchedDependencies": {
      "react": "node_modules/.pnpm-config/react.patch"
    }
  }
}