Home > @microsoft/rush-lib > PnpmOptionsConfiguration

PnpmOptionsConfiguration class

Options that are only used when the PNPM package manager is selected. Use this class to load "common/config/rush/pnpm-config.json" file, or, load json from "pnpmOptions" field in "rush.json" for legacy support.

Signature:

export declare class PnpmOptionsConfiguration extends PackageManagerOptionsConfigurationBase 

Extends: PackageManagerOptionsConfigurationBase

Remarks

It is valid to define these options in rush.json even if the PNPM package manager is not being used.

Properties

Property	Modifiers	Type	Description
alwaysFullInstall	readonly	boolean | undefined	(EXPERIMENTAL) If "true", then filtered installs ("rush install --to my-project") will be disregarded, instead always performing a full installation of the lockfile. This setting is primarily useful with Rush subspaces which enable filtering across multiple lockfiles, if filtering may be inefficient or undesirable for certain lockfiles. The default value is false.
alwaysInjectDependenciesFromOtherSubspaces	readonly	boolean | undefined	If true, then rush update add injected install options for all cross-subspace workspace dependencies, to avoid subspace doppelganger issue. Here, the injected install refers to PNPM's PNPM's "injected dependencies" feature. Learn more: https://pnpm.io/package\_json\#dependenciesmeta
autoInstallPeers	readonly	boolean | undefined	When true, any missing non-optional peer dependencies are automatically installed.
globalAllowedDeprecatedVersions	readonly	Record<string, string> | undefined	The globalAllowedDeprecatedVersions setting suppresses installation warnings for package versions that the NPM registry reports as being deprecated. This is useful if the deprecated package is an indirect dependency of an external package that has not released a fix. The settings are copied into the pnpm.allowedDeprecatedVersions field of the common/temp/package.json file that is generated by Rush during installation. PNPM documentation: https://pnpm.io/package\_json\#pnpmalloweddeprecatedversions If you are working to eliminate a deprecated version, it's better to specify allowedDeprecatedVersions in the package.json file for individual Rush projects.
globalCatalogs	readonly	Record<string, Record<string, string>> | undefined	The globalCatalogs setting provides named catalogs for organizing dependency versions. Each catalog can be referenced using the catalog:catalogName protocol in package.json files (e.g., catalog:react18). The settings are written to the catalogs field of the pnpm-workspace.yaml file that is generated by Rush during installation. PNPM documentation: https://pnpm.io/catalogs
globalIgnoredOptionalDependencies	readonly	string[] | undefined	The ignoredOptionalDependencies setting allows you to exclude certain optional dependencies from being installed during the Rush installation process. This can be useful when optional dependencies are not required or are problematic in specific environments (e.g., dependencies with incompatible binaries or platform-specific requirements). The listed dependencies will be treated as though they are missing, even if other packages specify them as optional dependencies. The settings are copied into the pnpm.ignoredOptionalDependencies field of the common/temp/package.json file that is generated by Rush during installation. (SUPPORTED ONLY IN PNPM 9.0.0 AND NEWER) PNPM documentation: https://pnpm.io/package\_json\#pnpmignoredoptionaldependencies
globalNeverBuiltDependencies	readonly	string[] | undefined	The globalNeverBuiltDependencies setting suppresses the preinstall, install, and postinstall lifecycle events for the specified NPM dependencies. This is useful for scripts with poor practices such as downloading large binaries without retries or attempting to invoke OS tools such as a C++ compiler. (PNPM's terminology refers to these lifecycle events as "building" a package; it has nothing to do with build system operations such as rush build or rushx build.) The settings are copied into the pnpm.neverBuiltDependencies field of the common/temp/package.json file that is generated by Rush during installation. PNPM documentation: https://pnpm.io/package\_json\#pnpmneverbuiltdependencies
globalOnlyBuiltDependencies	readonly	string[] | undefined	The globalOnlyBuiltDependencies setting specifies an allowlist of dependencies that are permitted to run build scripts (preinstall, install, and postinstall lifecycle events). This is the inverse of globalNeverBuiltDependencies. In PNPM 10.x, build scripts are disabled by default for security, so this setting is required to explicitly permit specific packages to run their build scripts. The settings are copied into the pnpm.onlyBuiltDependencies field of the common/temp/package.json file that is generated by Rush during installation. (SUPPORTED ONLY IN PNPM 10.1.0 AND NEWER) PNPM documentation: https://pnpm.io/package\_json\#pnpmonlybuiltdependencies
globalOverrides	readonly	Record<string, string> | undefined	The "globalOverrides" setting provides a simple mechanism for overriding version selections for all dependencies of all projects in the monorepo workspace. The settings are copied into the pnpm.overrides field of the common/temp/package.json file that is generated by Rush during installation. Order of precedence: .pnpmfile.cjs has the highest precedence, followed by unsupportedPackageJsonSettings, globalPeerDependencyRules, globalPackageExtensions, and globalOverrides has lowest precedence. PNPM documentation: https://pnpm.io/package\_json\#pnpmoverrides
globalPackageExtensions	readonly	Record<string, IPnpmPackageExtension> | undefined	The globalPackageExtension setting provides a way to patch arbitrary package.json fields for any PNPM dependency of the monorepo. The settings are copied into the pnpm.packageExtensions field of the common/temp/package.json file that is generated by Rush during installation. The globalPackageExtension setting has similar capabilities as .pnpmfile.cjs but without the downsides of an executable script (nondeterminism, unreliable caching, performance concerns). Order of precedence: .pnpmfile.cjs has the highest precedence, followed by unsupportedPackageJsonSettings, globalPeerDependencyRules, globalPackageExtensions, and globalOverrides has lowest precedence. PNPM documentation: https://pnpm.io/package\_json\#pnpmpackageextensions
globalPatchedDependencies	readonly	Record<string, string> | undefined	(GENERATED BY RUSH-PNPM PATCH-COMMIT) When modifying this property, make sure you know what you are doing. The globalPatchedDependencies is added/updated automatically when you run pnpm patch-commit command. It is a dictionary where the key should be the package name and exact version. The value should be a relative path to a patch file. PNPM documentation: https://pnpm.io/package\_json\#pnpmpatcheddependencies
globalPeerDependencyRules	readonly	IPnpmPeerDependencyRules | undefined	The globalPeerDependencyRules setting provides various settings for suppressing validation errors that are reported during installation with strictPeerDependencies=true. The settings are copied into the pnpm.peerDependencyRules field of the common/temp/package.json file that is generated by Rush during installation. Order of precedence: .pnpmfile.cjs has the highest precedence, followed by unsupportedPackageJsonSettings, globalPeerDependencyRules, globalPackageExtensions, and globalOverrides has lowest precedence. https://pnpm.io/package\_json\#pnpmpeerdependencyrules
jsonFilename	readonly	string | undefined
minimumReleaseAge	readonly	number | undefined	The minimum number of minutes that must pass after a version is published before pnpm will install it. This setting helps reduce the risk of installing compromised packages, as malicious releases are typically discovered and removed within a short time frame.
minimumReleaseAgeExclude	readonly	string[] | undefined	List of package names or patterns that are excluded from the minimumReleaseAge check. These packages will always install the newest version immediately, even if minimumReleaseAge is set.
pnpmLockfilePolicies	readonly	IPnpmLockfilePolicies | undefined	The pnpmLockfilePolicies setting defines the policies that govern the pnpm-lock.yaml file.
pnpmStore	readonly	PnpmStoreLocation	The method used to resolve the store used by PNPM.
pnpmStorePath	readonly	string	The path for PNPM to use as the store directory. Will be overridden by environment variable RUSH_PNPM_STORE_PATH
preventManualShrinkwrapChanges	readonly	boolean	If true, then rush install will report an error if manual modifications were made to the PNPM shrinkwrap file without running rush update afterwards.
resolutionMode	readonly	PnpmResolutionMode | undefined	This setting determines how PNPM chooses version numbers during rush update.
strictPeerDependencies	readonly	boolean	If true, then Rush will add the "--strict-peer-dependencies" option when invoking PNPM.
unsupportedPackageJsonSettings	readonly	unknown | undefined	(USE AT YOUR OWN RISK) This is a free-form property bag that will be copied into the common/temp/package.json file that is generated by Rush during installation. This provides a way to experiment with new PNPM features. These settings will override any other Rush configuration associated with a given JSON field except for .pnpmfile.cjs. USAGE OF THIS SETTING IS NOT SUPPORTED BY THE RUSH MAINTAINERS AND MAY CAUSE RUSH TO MALFUNCTION. If you encounter a missing PNPM setting that you believe should be supported, please create a GitHub issue or PR. Note that Rush does not aim to support every possible PNPM setting, but rather to promote a battle-tested installation strategy that is known to provide a good experience for large teams with lots of projects.
useWorkspaces	readonly	boolean	If true, then Rush will use the workspaces feature to install and link packages when invoking PNPM.

Methods

Method	Modifiers	Description
updateGlobalOnlyBuiltDependencies(onlyBuiltDependencies)		Updates globalOnlyBuiltDependencies field of the PNPM options in the common/config/rush/pnpm-config.json file.
updateGlobalPatchedDependencies(patchedDependencies)		Updates patchedDependencies field of the PNPM options in the common/config/rush/pnpm-config.json file.