@pnpm/installing.commands 1004.6.10

package/lib/installDeps.d.ts

@@ -0,0 +1,41 @@
+import type { Config } from '@pnpm/config.reader';
+import { type UpdateMatchingFunction } from '@pnpm/installing.deps-installer';
+import type { LockfileObject } from '@pnpm/lockfile.types';
+import { type CreateStoreControllerOptions } from '@pnpm/store.connection-manager';
+import type { IncludedDependencies, PackageVulnerabilityAudit } from '@pnpm/types';
+export type InstallDepsOptions = Pick<Config, 'allProjects' | 'allProjectsGraph' | 'autoInstallPeers' | 'bail' | 'bin' | 'catalogs' | 'catalogMode' | 'cleanupUnusedCatalogs' | 'cliOptions' | 'dedupePeerDependents' | 'depth' | 'dev' | 'enableGlobalVirtualStore' | 'virtualStoreOnly' | 'engineStrict' | 'excludeLinksFromLockfile' | 'global' | 'globalPnpmfile' | 'hooks' | 'ignoreCurrentSpecifiers' | 'ignorePnpmfile' | 'ignoreScripts' | 'optimisticRepeatInstall' | 'linkWorkspacePackages' | 'lockfileDir' | 'lockfileOnly' | 'production' | 'preferWorkspacePackages' | 'rawLocalConfig' | 'registries' | 'rootProjectManifestDir' | 'rootProjectManifest' | 'save' | 'saveDev' | 'saveExact' | 'saveOptional' | 'savePeer' | 'savePrefix' | 'saveProd' | 'saveWorkspaceProtocol' | 'lockfileIncludeTarballUrl' | 'scriptsPrependNodePath' | 'scriptShell' | 'selectedProjectsGraph' | 'sideEffectsCache' | 'sideEffectsCacheReadonly' | 'sort' | 'sharedWorkspaceLockfile' | 'shellEmulator' | 'tag' | 'allowBuilds' | 'optional' | 'workspaceConcurrency' | 'workspaceDir' | 'workspacePackagePatterns' | 'extraEnv' | 'ignoreWorkspaceCycles' | 'disallowWorkspaceCycles' | 'configDependencies' | 'packageExtensions' | 'updateConfig'> & CreateStoreControllerOptions & {
+    argv: {
+        original: string[];
+    };
+    allowNew?: boolean;
+    forceFullResolution?: boolean;
+    frozenLockfileIfExists?: boolean;
+    include?: IncludedDependencies;
+    includeDirect?: IncludedDependencies;
+    latest?: boolean;
+    /**
+     * If specified, the installation will only be performed for comparison of the
+     * wanted lockfile. The wanted lockfile will not be updated on disk and no
+     * modules will be linked.
+     *
+     * The given callback is passed the wanted lockfile before installation and
+     * after. This allows functions to reasonably determine whether the wanted
+     * lockfile will change on disk after installation. The lockfile arguments
+     * passed to this callback should not be mutated.
+     */
+    lockfileCheck?: (prev: LockfileObject, next: LockfileObject) => void;
+    update?: boolean;
+    updateToLatest?: boolean;
+    updateMatching?: UpdateMatchingFunction;
+    updatePackageManifest?: boolean;
+    useBetaCli?: boolean;
+    recursive?: boolean;
+    dedupe?: boolean;
+    workspace?: boolean;
+    includeOnlyPackageFiles?: boolean;
+    fetchFullMetadata?: boolean;
+    pruneLockfileImporters?: boolean;
+    pnpmfile: string[];
+    packageVulnerabilityAudit?: PackageVulnerabilityAudit;
+} & Partial<Pick<Config, 'pnpmHomeDir' | 'strictDepBuilds'>>;
+export declare function installDeps(opts: InstallDepsOptions, params: string[]): Promise<void>;

package/lib/installDeps.js

@@ -0,0 +1,349 @@
+import path from 'node:path';
+import { buildProjects } from '@pnpm/building.after-install';
+import { readProjectManifestOnly, tryReadProjectManifest, } from '@pnpm/cli.utils';
+import { checkDepsStatus } from '@pnpm/deps.status';
+import { PnpmError } from '@pnpm/error';
+import { arrayOfWorkspacePackagesToMap } from '@pnpm/installing.context';
+import { IgnoredBuildsError, install, mutateModulesInSingleProject, } from '@pnpm/installing.deps-installer';
+import { globalInfo, logger } from '@pnpm/logger';
+import { filterDependenciesByType } from '@pnpm/pkg-manifest.utils';
+import { createStoreController } from '@pnpm/store.connection-manager';
+import { filterProjectsBySelectorObjects } from '@pnpm/workspace.projects-filter';
+import { createProjectsGraph } from '@pnpm/workspace.projects-graph';
+import { findWorkspaceProjects } from '@pnpm/workspace.projects-reader';
+import { sequenceGraph } from '@pnpm/workspace.projects-sorter';
+import { updateWorkspaceState } from '@pnpm/workspace.state';
+import { updateWorkspaceManifest } from '@pnpm/workspace.workspace-manifest-writer';
+import { getPinnedVersion } from './getPinnedVersion.js';
+import { getSaveType } from './getSaveType.js';
+import { createMatcher, makeIgnorePatterns, matchDependencies, recursive, } from './recursive.js';
+import { createWorkspaceSpecs, updateToWorkspacePackagesFromManifest } from './updateWorkspaceDependencies.js';
+const OVERWRITE_UPDATE_OPTIONS = {
+    allowNew: true,
+    update: false,
+};
+export async function installDeps(opts, params) {
+    if (!opts.update && !opts.dedupe && params.length === 0 && opts.optimisticRepeatInstall) {
+        const { upToDate } = await checkDepsStatus({
+            ...opts,
+            ignoreFilteredInstallCache: true,
+        });
+        if (upToDate) {
+            globalInfo('Already up to date');
+            return;
+        }
+    }
+    if (opts.workspace) {
+        if (opts.latest) {
+            throw new PnpmError('BAD_OPTIONS', 'Cannot use --latest with --workspace simultaneously');
+        }
+        if (!opts.workspaceDir) {
+            throw new PnpmError('WORKSPACE_OPTION_OUTSIDE_WORKSPACE', '--workspace can only be used inside a workspace');
+        }
+        if (!opts.linkWorkspacePackages && !opts.saveWorkspaceProtocol) {
+            if (opts.rawLocalConfig['save-workspace-protocol'] === false) {
+                throw new PnpmError('BAD_OPTIONS', 'This workspace has link-workspace-packages turned off, \
+so dependencies are linked from the workspace only when the workspace protocol is used. \
+Either set link-workspace-packages to true or don\'t use the --no-save-workspace-protocol option \
+when running add/update with the --workspace option');
+            }
+            else {
+                opts.saveWorkspaceProtocol = true;
+            }
+        }
+        // @ts-expect-error
+        opts['preserveWorkspaceProtocol'] = !opts.linkWorkspacePackages;
+    }
+    const store = await createStoreController(opts);
+    const includeDirect = opts.includeDirect ?? {
+        dependencies: true,
+        devDependencies: true,
+        optionalDependencies: true,
+    };
+    const forceHoistPattern = typeof opts.rawLocalConfig['hoist-pattern'] !== 'undefined' ||
+        typeof opts.rawLocalConfig['hoist'] !== 'undefined';
+    const forcePublicHoistPattern = typeof opts.rawLocalConfig['shamefully-hoist'] !== 'undefined' ||
+        typeof opts.rawLocalConfig['public-hoist-pattern'] !== 'undefined';
+    const allProjects = opts.allProjects ?? (opts.workspaceDir
+        ? await findWorkspaceProjects(opts.workspaceDir, { ...opts, patterns: opts.workspacePackagePatterns })
+        : []);
+    if (opts.workspaceDir) {
+        const selectedProjectsGraph = opts.selectedProjectsGraph ?? selectProjectByDir(allProjects, opts.dir);
+        if (selectedProjectsGraph != null) {
+            const sequencedGraph = sequenceGraph(selectedProjectsGraph);
+            // Check and warn if there are cyclic dependencies
+            if (!opts.ignoreWorkspaceCycles && !sequencedGraph.safe) {
+                const cyclicDependenciesInfo = sequencedGraph.cycles.length > 0
+                    ? `: ${sequencedGraph.cycles.map(deps => deps.join(', ')).join('; ')}`
+                    : '';
+                if (opts.disallowWorkspaceCycles) {
+                    throw new PnpmError('DISALLOW_WORKSPACE_CYCLES', `There are cyclic workspace dependencies${cyclicDependenciesInfo}`);
+                }
+                logger.warn({
+                    message: `There are cyclic workspace dependencies${cyclicDependenciesInfo}`,
+                    prefix: opts.workspaceDir,
+                });
+            }
+            const allProjectsGraph = opts.allProjectsGraph ?? createProjectsGraph(allProjects, {
+                linkWorkspacePackages: Boolean(opts.linkWorkspacePackages),
+            }).graph;
+            await recursiveInstallThenUpdateWorkspaceState(allProjects, params, {
+                ...opts,
+                forceHoistPattern,
+                forcePublicHoistPattern,
+                preferredVersions: opts.packageVulnerabilityAudit ? preferNonvulnerablePackageVersions(opts.packageVulnerabilityAudit) : undefined,
+                allProjectsGraph,
+                selectedProjectsGraph,
+                storeControllerAndDir: store,
+                workspaceDir: opts.workspaceDir,
+            }, opts.update ? 'update' : (params.length === 0 ? 'install' : 'add'));
+            return;
+        }
+    }
+    // `pnpm install ""` is going to be just `pnpm install`
+    params = params.filter(Boolean);
+    const dir = opts.dir || process.cwd();
+    let workspacePackages;
+    if (opts.workspaceDir) {
+        workspacePackages = arrayOfWorkspacePackagesToMap(allProjects);
+    }
+    let { manifest, writeProjectManifest } = await tryReadProjectManifest(opts.dir, opts);
+    if (manifest === null) {
+        if (opts.update === true || params.length === 0) {
+            throw new PnpmError('NO_PKG_MANIFEST', `No package.json found in ${opts.dir}`);
+        }
+        manifest = {};
+    }
+    const installOpts = {
+        ...opts,
+        forceHoistPattern,
+        forcePublicHoistPattern,
+        // In case installation is done in a multi-package repository
+        // The dependencies should be built first,
+        // so ignoring scripts for now
+        ignoreScripts: !!workspacePackages || opts.ignoreScripts,
+        linkWorkspacePackagesDepth: opts.linkWorkspacePackages === 'deep' ? Infinity : opts.linkWorkspacePackages ? 0 : -1,
+        sideEffectsCacheRead: opts.sideEffectsCache ?? opts.sideEffectsCacheReadonly,
+        sideEffectsCacheWrite: opts.sideEffectsCache,
+        storeController: store.ctrl,
+        storeDir: store.dir,
+        workspacePackages,
+        preferredVersions: opts.packageVulnerabilityAudit ? preferNonvulnerablePackageVersions(opts.packageVulnerabilityAudit) : undefined,
+    };
+    let updateMatch;
+    let updatePackageManifest = opts.updatePackageManifest;
+    let updateMatching;
+    if (opts.update) {
+        if (params.length === 0) {
+            const ignoreDeps = opts.updateConfig?.ignoreDependencies;
+            if (ignoreDeps?.length) {
+                params = makeIgnorePatterns(ignoreDeps);
+            }
+        }
+        updateMatch = params.length ? createMatcher(params) : null;
+    }
+    else {
+        updateMatch = null;
+    }
+    if (opts.packageVulnerabilityAudit != null) {
+        updateMatch = null;
+        const { packageVulnerabilityAudit } = opts;
+        updateMatching = (pkgName, version) => version != null && packageVulnerabilityAudit.isVulnerable(pkgName, version);
+    }
+    if (updateMatch != null) {
+        params = matchDependencies(updateMatch, manifest, includeDirect);
+        if (params.length === 0) {
+            if (opts.latest)
+                return;
+            if (opts.depth === 0) {
+                throw new PnpmError('NO_PACKAGE_IN_DEPENDENCIES', 'None of the specified packages were found in the dependencies.');
+            }
+            // No direct dependencies matched, so we're updating indirect dependencies only
+            // Don't update package.json in this case, and limit updates to only matching dependencies
+            updatePackageManifest = false;
+            updateMatching = (pkgName) => updateMatch(pkgName) != null;
+        }
+    }
+    if (opts.update && opts.latest && (!params || (params.length === 0))) {
+        params = Object.keys(filterDependenciesByType(manifest, includeDirect));
+    }
+    if (opts.workspace) {
+        if (!params || (params.length === 0)) {
+            params = updateToWorkspacePackagesFromManifest(manifest, includeDirect, workspacePackages);
+        }
+        else {
+            params = createWorkspaceSpecs(params, workspacePackages);
+        }
+    }
+    if (params?.length) {
+        const mutatedProject = {
+            allowNew: opts.allowNew,
+            binsDir: opts.bin,
+            dependencySelectors: params,
+            manifest,
+            mutation: 'installSome',
+            peer: opts.savePeer,
+            pinnedVersion: getPinnedVersion(opts),
+            rootDir: opts.dir,
+            targetDependenciesField: getSaveType(opts),
+        };
+        const { updatedCatalogs, updatedProject, ignoredBuilds } = await mutateModulesInSingleProject(mutatedProject, installOpts);
+        if (opts.save !== false) {
+            await Promise.all([
+                writeProjectManifest(updatedProject.manifest),
+                updateWorkspaceManifest(opts.workspaceDir ?? opts.dir, {
+                    updatedCatalogs,
+                    cleanupUnusedCatalogs: opts.cleanupUnusedCatalogs,
+                    allProjects: opts.allProjects,
+                }),
+            ]);
+        }
+        if (!opts.lockfileOnly) {
+            await updateWorkspaceState({
+                allProjects,
+                settings: opts,
+                workspaceDir: opts.workspaceDir ?? opts.lockfileDir ?? opts.dir,
+                pnpmfiles: opts.pnpmfile,
+                filteredInstall: allProjects.length !== Object.keys(opts.selectedProjectsGraph ?? {}).length,
+                configDependencies: opts.configDependencies,
+            });
+        }
+        if (opts.strictDepBuilds && ignoredBuilds?.size) {
+            throw new IgnoredBuildsError(ignoredBuilds);
+        }
+        return;
+    }
+    const { updatedCatalogs, updatedManifest, ignoredBuilds } = await install(manifest, {
+        ...installOpts,
+        updatePackageManifest,
+        updateMatching,
+    });
+    if (opts.update === true && opts.save !== false) {
+        await Promise.all([
+            writeProjectManifest(updatedManifest),
+            updateWorkspaceManifest(opts.workspaceDir ?? opts.dir, {
+                updatedCatalogs,
+                cleanupUnusedCatalogs: opts.cleanupUnusedCatalogs,
+                allProjects,
+            }),
+        ]);
+    }
+    if (opts.strictDepBuilds && ignoredBuilds?.size) {
+        throw new IgnoredBuildsError(ignoredBuilds);
+    }
+    if (opts.linkWorkspacePackages && opts.workspaceDir) {
+        const { selectedProjectsGraph } = await filterProjectsBySelectorObjects(allProjects, [
+            {
+                excludeSelf: true,
+                includeDependencies: true,
+                parentDir: dir,
+            },
+        ], {
+            workspaceDir: opts.workspaceDir,
+        });
+        await recursiveInstallThenUpdateWorkspaceState(allProjects, [], {
+            ...opts,
+            ...OVERWRITE_UPDATE_OPTIONS,
+            allProjectsGraph: opts.allProjectsGraph,
+            selectedProjectsGraph,
+            workspaceDir: opts.workspaceDir, // Otherwise TypeScript doesn't understand that is not undefined
+        }, 'install');
+        if (opts.ignoreScripts)
+            return;
+        await buildProjects([
+            {
+                buildIndex: 0,
+                manifest: await readProjectManifestOnly(opts.dir, opts),
+                rootDir: opts.dir,
+            },
+        ], {
+            ...opts,
+            pending: true,
+            storeController: store.ctrl,
+            storeDir: store.dir,
+            skipIfHasSideEffectsCache: true,
+        });
+    }
+    else {
+        if (!opts.lockfileOnly) {
+            await updateWorkspaceState({
+                allProjects,
+                settings: opts,
+                workspaceDir: opts.workspaceDir ?? opts.lockfileDir ?? opts.dir,
+                pnpmfiles: opts.pnpmfile,
+                filteredInstall: allProjects.length !== Object.keys(opts.selectedProjectsGraph ?? {}).length,
+                configDependencies: opts.configDependencies,
+            });
+        }
+    }
+}
+function selectProjectByDir(projects, searchedDir) {
+    const project = projects.find(({ rootDir }) => path.relative(rootDir, searchedDir) === '');
+    if (project == null)
+        return undefined;
+    return { [searchedDir]: { dependencies: [], package: project } };
+}
+async function recursiveInstallThenUpdateWorkspaceState(allProjects, params, opts, cmdFullName) {
+    const recursiveResult = await recursive(allProjects, params, opts, cmdFullName);
+    if (!opts.lockfileOnly) {
+        await updateWorkspaceState({
+            allProjects,
+            settings: opts,
+            workspaceDir: opts.workspaceDir,
+            pnpmfiles: opts.pnpmfile,
+            filteredInstall: allProjects.length !== Object.keys(opts.selectedProjectsGraph ?? {}).length,
+            configDependencies: opts.configDependencies,
+        });
+    }
+    return recursiveResult;
+}
+function severityStringToNumber(severity) {
+    switch (severity) {
+        case 'low': return 0;
+        case 'moderate': return 1;
+        case 'high': return 2;
+        case 'critical': return 3;
+        default: return -1;
+    }
+}
+function getVulnerabilityPenalty(severity) {
+    switch (severity) {
+        case 'low': return -1100; // 100 more than DIRECT_DEP_SELECTOR_WEIGHT from @pnpm/resolving.resolver-base
+        case 'moderate': return -2000;
+        case 'high': return -3000;
+        case 'critical': return -4000;
+        // Treat unrecognized severity as the lowest severity
+        default: return -1100;
+    }
+}
+function preferNonvulnerablePackageVersions(packageVulnerabilityAudit) {
+    const preferredVersions = {};
+    for (const [packageName, vulnerabilities] of packageVulnerabilityAudit.getVulnerabilities()) {
+        const vulnerableRanges = new Map();
+        for (const vuln of vulnerabilities) {
+            const existingSeverity = vulnerableRanges.get(vuln.versionRange);
+            if (existingSeverity == null) {
+                vulnerableRanges.set(vuln.versionRange, vuln.severity);
+                continue;
+            }
+            // Choose the highest severity for the same version range
+            if (severityStringToNumber(vuln.severity) > severityStringToNumber(existingSeverity)) {
+                vulnerableRanges.set(vuln.versionRange, vuln.severity);
+            }
+        }
+        const preferredVersionSelectors = {};
+        for (const [vulnRange, severity] of vulnerableRanges) {
+            if (vulnRange === '__proto__' || vulnRange === 'constructor' || vulnRange === 'prototype') {
+                // Prevent prototype pollution
+                continue;
+            }
+            preferredVersionSelectors[vulnRange] = {
+                selectorType: 'range',
+                weight: getVulnerabilityPenalty(severity),
+            };
+        }
+        preferredVersions[packageName] = preferredVersionSelectors;
+    }
+    return preferredVersions;
+}
+//# sourceMappingURL=installDeps.js.map

package/lib/link.d.ts

@@ -0,0 +1,9 @@
+import { type Config } from '@pnpm/config.reader';
+import * as install from './install.js';
+type LinkOpts = Pick<Config, 'bin' | 'cliOptions' | 'engineStrict' | 'rootProjectManifest' | 'rootProjectManifestDir' | 'overrides' | 'saveDev' | 'saveOptional' | 'saveProd' | 'workspaceDir' | 'workspacePackagePatterns' | 'sharedWorkspaceLockfile'> & Partial<Pick<Config, 'linkWorkspacePackages'>> & install.InstallCommandOptions;
+export declare const rcOptionsTypes: typeof cliOptionsTypes;
+export declare function cliOptionsTypes(): Record<string, unknown>;
+export declare const commandNames: string[];
+export declare function help(): string;
+export declare function handler(opts: LinkOpts, params?: string[]): Promise<void>;
+export {};

package/lib/link.js

@@ -0,0 +1,130 @@
+import path from 'node:path';
+import { UNIVERSAL_OPTIONS } from '@pnpm/cli.common-cli-options-help';
+import { docsUrl, tryReadProjectManifest, } from '@pnpm/cli.utils';
+import { types as allTypes } from '@pnpm/config.reader';
+import { writeSettings } from '@pnpm/config.writer';
+import { PnpmError } from '@pnpm/error';
+import { arrayOfWorkspacePackagesToMap } from '@pnpm/installing.context';
+import { logger } from '@pnpm/logger';
+import { DEPENDENCIES_FIELDS } from '@pnpm/types';
+import { findWorkspaceProjects } from '@pnpm/workspace.projects-reader';
+import normalize from 'normalize-path';
+import { partition, pick } from 'ramda';
+import { renderHelp } from 'render-help';
+import { createProjectManifestWriter } from './createProjectManifestWriter.js';
+import { getSaveType } from './getSaveType.js';
+import * as install from './install.js';
+// @ts-expect-error
+const isWindows = process.platform === 'win32' || global['FAKE_WINDOWS'];
+const isFilespec = isWindows ? /^(?:[./\\]|~\/|[a-z]:)/i : /^(?:[./]|~\/|[a-z]:)/i;
+export const rcOptionsTypes = cliOptionsTypes;
+export function cliOptionsTypes() {
+    return pick([
+        'global-dir',
+        'global',
+        'only',
+        'package-import-method',
+        'production',
+        'registry',
+        'reporter',
+        'save-dev',
+        'save-exact',
+        'save-optional',
+        'save-prefix',
+        'unsafe-perm',
+    ], allTypes);
+}
+export const commandNames = ['link', 'ln'];
+export function help() {
+    return renderHelp({
+        aliases: ['ln'],
+        descriptionLists: [
+            {
+                title: 'Options',
+                list: UNIVERSAL_OPTIONS,
+            },
+        ],
+        url: docsUrl('link'),
+        usages: [
+            'pnpm link <dir>',
+        ],
+    });
+}
+async function checkPeerDeps(linkCwdDir, opts) {
+    const { manifest } = await tryReadProjectManifest(linkCwdDir, opts);
+    if (manifest?.peerDependencies && Object.keys(manifest.peerDependencies).length > 0) {
+        const packageName = manifest.name ?? path.basename(linkCwdDir); // Assuming the name property exists in newManifest
+        const peerDeps = Object.entries(manifest.peerDependencies)
+            .map(([key, value]) => `  - ${key}@${String(value)}`)
+            .join(', ');
+        logger.warn({
+            message: `The package ${packageName}, which you have just pnpm linked, has the following peerDependencies specified in its package.json:
+
+${peerDeps}
+
+The linked in dependency will not resolve the peer dependencies from the target node_modules.
+This might cause issues in your project. To resolve this, you may use the "file:" protocol to reference the local dependency.`,
+            prefix: opts.dir,
+        });
+    }
+}
+export async function handler(opts, params) {
+    let workspacePackagesArr;
+    let workspacePackages;
+    if (opts.workspaceDir) {
+        workspacePackagesArr = await findWorkspaceProjects(opts.workspaceDir, {
+            ...opts,
+            patterns: opts.workspacePackagePatterns,
+        });
+        workspacePackages = arrayOfWorkspacePackagesToMap(workspacePackagesArr);
+    }
+    else {
+        workspacePackages = new Map();
+    }
+    const linkOpts = Object.assign(opts, {
+        targetDependenciesField: getSaveType(opts),
+        workspacePackages,
+        binsDir: opts.bin,
+    });
+    const writeProjectManifest = await createProjectManifestWriter(opts.rootProjectManifestDir);
+    if ((params == null) || (params.length === 0)) {
+        throw new PnpmError('LINK_BAD_PARAMS', 'You must provide a parameter. Usage: pnpm link <dir>');
+    }
+    const [pkgPaths, pkgNames] = partition((inp) => isFilespec.test(inp), params);
+    if (pkgNames.length > 0) {
+        throw new PnpmError('LINK_BAD_PARAMS', `Cannot link by package name. Use a relative or absolute path instead, e.g. "pnpm link ./${pkgNames[0]}"`);
+    }
+    const newManifest = opts.rootProjectManifest ?? {};
+    await Promise.all(pkgPaths.map(async (dir) => {
+        await addLinkToManifest(opts, newManifest, dir, opts.rootProjectManifestDir);
+        await checkPeerDeps(dir, opts);
+    }));
+    await writeProjectManifest(newManifest);
+    await install.handler({
+        ...linkOpts,
+        _calledFromLink: true,
+        frozenLockfileIfExists: false,
+        rootProjectManifest: newManifest,
+    });
+}
+async function addLinkToManifest(opts, manifest, linkedDepDir, manifestDir) {
+    const { manifest: linkedManifest } = await tryReadProjectManifest(linkedDepDir, opts);
+    const linkedPkgName = linkedManifest?.name ?? path.basename(linkedDepDir);
+    const linkedPkgSpec = `link:${normalize(path.relative(manifestDir, linkedDepDir))}`;
+    opts.overrides = {
+        ...opts.overrides,
+        [linkedPkgName]: linkedPkgSpec,
+    };
+    await writeSettings({
+        ...opts,
+        workspaceDir: opts.workspaceDir ?? opts.rootProjectManifestDir,
+        updatedSettings: {
+            overrides: opts.overrides,
+        },
+    });
+    if (DEPENDENCIES_FIELDS.every((depField) => manifest[depField]?.[linkedPkgName] == null)) {
+        manifest.dependencies = manifest.dependencies ?? {};
+        manifest.dependencies[linkedPkgName] = linkedPkgSpec;
+    }
+}
+//# sourceMappingURL=link.js.map

package/lib/nodeExecPath.d.ts

@@ -0,0 +1 @@
+export declare function getNodeExecPath(): Promise<string>;

package/lib/nodeExecPath.js

@@ -0,0 +1,16 @@
+import { promises as fs } from 'node:fs';
+import which from 'which';
+export async function getNodeExecPath() {
+    try {
+        // The system default Node.js executable is preferred
+        // not the one used to run the pnpm CLI.
+        const nodeExecPath = await which('node');
+        return fs.realpath(nodeExecPath);
+    }
+    catch (err) { // eslint-disable-line
+        if (err['code'] !== 'ENOENT')
+            throw err;
+        return process.env.NODE ?? process.execPath;
+    }
+}
+//# sourceMappingURL=nodeExecPath.js.map

package/lib/prune.d.ts

@@ -0,0 +1,6 @@
+import * as install from './install.js';
+export declare const rcOptionsTypes: typeof cliOptionsTypes;
+export declare function cliOptionsTypes(): Record<string, unknown>;
+export declare const commandNames: string[];
+export declare function help(): string;
+export declare function handler(opts: install.InstallCommandOptions): Promise<void>;

package/lib/prune.js

@@ -0,0 +1,49 @@
+import { OPTIONS, UNIVERSAL_OPTIONS } from '@pnpm/cli.common-cli-options-help';
+import { docsUrl } from '@pnpm/cli.utils';
+import { types as allTypes } from '@pnpm/config.reader';
+import { pick } from 'ramda';
+import { renderHelp } from 'render-help';
+import * as install from './install.js';
+export const rcOptionsTypes = cliOptionsTypes;
+export function cliOptionsTypes() {
+    return pick([
+        'dev',
+        'optional',
+        'production',
+        'ignore-scripts',
+    ], allTypes);
+}
+export const commandNames = ['prune'];
+export function help() {
+    return renderHelp({
+        description: 'Removes extraneous packages',
+        descriptionLists: [
+            {
+                title: 'Options',
+                list: [
+                    {
+                        description: 'Remove the packages specified in `devDependencies`',
+                        name: '--prod',
+                    },
+                    {
+                        description: 'Remove the packages specified in `optionalDependencies`',
+                        name: '--no-optional',
+                    },
+                    OPTIONS.ignoreScripts,
+                    ...UNIVERSAL_OPTIONS,
+                ],
+            },
+        ],
+        url: docsUrl('prune'),
+        usages: ['pnpm prune [--prod]'],
+    });
+}
+export async function handler(opts) {
+    return install.handler({
+        ...opts,
+        modulesCacheMaxAge: 0,
+        pruneDirectDependencies: true,
+        pruneStore: true,
+    });
+}
+//# sourceMappingURL=prune.js.map

package/lib/recursive.d.ts

@@ -0,0 +1,41 @@
+import { type Config } from '@pnpm/config.reader';
+import { type UpdateMatchingFunction } from '@pnpm/installing.deps-installer';
+import type { PreferredVersions } from '@pnpm/resolving.resolver-base';
+import { type CreateStoreControllerOptions } from '@pnpm/store.connection-manager';
+import type { StoreController } from '@pnpm/store.controller';
+import type { IncludedDependencies, Project, ProjectManifest, ProjectsGraph } from '@pnpm/types';
+export type RecursiveOptions = CreateStoreControllerOptions & Pick<Config, 'bail' | 'configDependencies' | 'dedupePeerDependents' | 'depth' | 'globalPnpmfile' | 'hoistPattern' | 'hooks' | 'ignorePnpmfile' | 'ignoreScripts' | 'linkWorkspacePackages' | 'lockfileDir' | 'lockfileOnly' | 'modulesDir' | 'allowBuilds' | 'rawLocalConfig' | 'registries' | 'rootProjectManifest' | 'rootProjectManifestDir' | 'save' | 'saveCatalogName' | 'saveDev' | 'saveExact' | 'saveOptional' | 'savePeer' | 'savePrefix' | 'saveProd' | 'saveWorkspaceProtocol' | 'lockfileIncludeTarballUrl' | 'sharedWorkspaceLockfile' | 'tag' | 'cleanupUnusedCatalogs' | 'packageConfigs' | 'updateConfig'> & {
+    include?: IncludedDependencies;
+    includeDirect?: IncludedDependencies;
+    latest?: boolean;
+    pending?: boolean;
+    workspace?: boolean;
+    allowNew?: boolean;
+    forceHoistPattern?: boolean;
+    forcePublicHoistPattern?: boolean;
+    ignoredPackages?: Set<string>;
+    update?: boolean;
+    updatePackageManifest?: boolean;
+    updateMatching?: UpdateMatchingFunction;
+    useBetaCli?: boolean;
+    allProjectsGraph: ProjectsGraph;
+    selectedProjectsGraph: ProjectsGraph;
+    preferredVersions?: PreferredVersions;
+    pruneDirectDependencies?: boolean;
+    pruneLockfileImporters?: boolean;
+    storeControllerAndDir?: {
+        ctrl: StoreController;
+        dir: string;
+    };
+    pnpmfile: string[];
+} & Partial<Pick<Config, 'sort' | 'strictDepBuilds' | 'workspaceConcurrency'>> & Required<Pick<Config, 'workspaceDir'>>;
+export type CommandFullName = 'install' | 'add' | 'remove' | 'update' | 'import';
+export declare function recursive(allProjects: Project[], params: string[], opts: RecursiveOptions, cmdFullName: CommandFullName): Promise<boolean | string>;
+export declare function matchDependencies(match: (input: string) => string | null, manifest: ProjectManifest, include: IncludedDependencies): string[];
+export type UpdateDepsMatcher = (input: string) => string | null;
+export declare function createMatcher(params: string[]): UpdateDepsMatcher;
+export declare function parseUpdateParam(param: string): {
+    pattern: string;
+    versionSpec: string | undefined;
+};
+export declare function makeIgnorePatterns(ignoredDependencies: string[]): string[];