Skip to content

feat(rush-lib): support pnpm strictDepBuilds, allowBuilds (10.26.0+), and dangerouslyAllowAllBuilds#5800

Draft
Copilot wants to merge 4 commits into
mainfrom
copilot/add-support-pnpm-allowbuilds
Draft

feat(rush-lib): support pnpm strictDepBuilds, allowBuilds (10.26.0+), and dangerouslyAllowAllBuilds#5800
Copilot wants to merge 4 commits into
mainfrom
copilot/add-support-pnpm-allowbuilds

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 11, 2026
edited
Loading

New Feature

Adds Rush config support for three pnpm workspace settings that control dependency build script permissions. allowBuilds version floor is corrected from 11.0.0 → 10.26.0 (when it was added to pnpm-workspace.yaml).

New pnpm-config.json settings

  • globalStrictDepBuilds (pnpm 10.3.0+) — fails the install with a non-zero exit code if any dependency has an unreviewed build script (not listed in globalAllowBuilds)
  • globalAllowBuilds (pnpm 10.26.0+, was incorrectly documented as 11.0.0+) — map of package matchers → true/false to explicitly allow or block build scripts; replaces the now-deprecated globalNeverBuiltDependencies and globalOnlyBuiltDependencies
  • globalDangerouslyAllowAllBuilds (pnpm 10.9.0+) — skips all approval requirements; runs every dependency's install scripts unconditionally ⚠️
{
  "globalStrictDepBuilds": true,
  "globalAllowBuilds": {
    "esbuild": true,
    "core-js": false,
    "nx@21.6.4 || 21.6.5": true
  }
}

All three settings are written to pnpm-workspace.yaml during installation. Using them with an older pnpm version emits a warning.

Implementation details

  • IPnpmOptionsJson / PnpmOptionsConfiguration — new fields with JSDoc and version notes
  • PnpmWorkspaceFile — new strictDepBuilds / dangerouslyAllowAllBuilds YAML fields; setStrictDepBuilds() / setDangerouslyAllowAllBuilds() setters
  • WorkspaceInstallManager — version-gated writes with pnpm version warnings (10.3.0, 10.26.0, 10.9.0)
  • pnpm-config.schema.json — schema entries for new fields; corrected globalAllowBuilds description
  • rush-init/pnpm-config.json — template updated with correct versions and new settings examples
  • Tests — new fixtures and cases for all three settings in PnpmOptionsConfiguration and PnpmWorkspaceFile

@github-project-automation github-project-automation Bot moved this to Needs triage in Bug Triage May 11, 2026
Copilot AI changed the title feat: add pnpm allowBuilds support, deprecate globalNeverBuiltDependencies feat(rush-lib): add pnpm 11 allowBuilds support, deprecate globalNeverBuiltDependencies May 11, 2026
Copilot AI requested a review from bmiddha May 11, 2026 03:09
Copilot stopped work on behalf of bmiddha due to an error May 12, 2026 01:31
The session was cancelled by the user.
Copilot AI added 2 commits May 12, 2026 01:40
feat: support pnpm strictDepBuilds, allowBuilds (10.26.0+), and dange…
b9c7df8 
…rouslyAllowAllBuilds settings

- Add globalStrictDepBuilds (pnpm 10.3.0+) to PnpmOptionsConfiguration and PnpmWorkspaceFile
- Add globalDangerouslyAllowAllBuilds (pnpm 10.9.0+) to PnpmOptionsConfiguration and PnpmWorkspaceFile
- Update globalAllowBuilds version requirement from pnpm 11.0.0 to 10.26.0
- Add strictDepBuilds/dangerouslyAllowAllBuilds handling in WorkspaceInstallManager
- Update pnpm-config.schema.json with new fields
- Add test fixtures and tests
fix: update pnpm-config template with correct version and new settings
d678f07
Copilot AI changed the title feat(rush-lib): add pnpm 11 allowBuilds support, deprecate globalNeverBuiltDependencies feat(rush-lib): support pnpm strictDepBuilds, allowBuilds (10.26.0+), and dangerouslyAllowAllBuilds May 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bmiddha bmiddha Awaiting requested review from bmiddha bmiddha is a code owner

@iclanton iclanton Awaiting requested review from iclanton iclanton will be requested when the pull request is marked ready for review iclanton is a code owner

@octogonz octogonz Awaiting requested review from octogonz octogonz will be requested when the pull request is marked ready for review octogonz is a code owner

@apostolisms apostolisms Awaiting requested review from apostolisms apostolisms will be requested when the pull request is marked ready for review apostolisms is a code owner

@dmichon-msft dmichon-msft Awaiting requested review from dmichon-msft dmichon-msft will be requested when the pull request is marked ready for review dmichon-msft is a code owner

@jxanthony jxanthony Awaiting requested review from jxanthony jxanthony will be requested when the pull request is marked ready for review jxanthony is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@bmiddha bmiddha

Copilot code review Copilot

Labels

None yet

Projects

Bug Triage
Status: Needs triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bmiddha