-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
Copy path.npmrc
156 lines (136 loc) · 5.28 KB
/
.npmrc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
## Woo! A Config File!
##
## This file is used to configure the behavior of pnpm.
## If adjusting settings, please document the "why" in comments.
##
## It may also be good to understand that we intentionally are
## not using `hoisting` and using `injected` workspace packages
## to ensure properly isolated dep trees for test apps.
#
## things like `moduleExists` from @embroider/macros will report false answers
## for the test apps unless we avoid hoisting.
##
## Note, if we ever need to hoist something, we can use hoist-pattern[]=""
## For instance: hoist-pattern[]=*node-fetch*
## to hoist the specific thing we need and set this to `true`. When true
## and a hoist-pattern is present only the hoist-pattern will be hoisted.
#
hoist=false
## We should consider removing these
## But historically this was the default for pnpm
## and there is cleanup to do to make things work
## without these
## Its also just useful to have these tools top-level
#
public-hoist-pattern[]=*eslint*
public-hoist-pattern[]=*prettier*
## Ideally this would be dynamic as in CI we only have 4 CPUs
## While locally we have 10-16 CPUs. The more CPUs we use during
## install, generally the faster the install will be.
##
child-concurrency=10
## This is the default but its good to be explicit
## This helps us to ensure we are using the workspace
## version of a package.
##
save-workspace-protocol=rolling
## The current default is "highest" but we want to be explicit
## Since we also just want to ensure we are always using the
## latest versions of things we can.
##
resolution-mode=highest
## This is documented in a slightly different place in the pnpm
## docs. If this setting is true (the default) then pnpm will
## run the pre* and post* versions of a script when running other
## scripts. For instance running "build" would also run "prebuild"
## and "postbuild". This is not the behavior we want.
##
enable-pre-post-scripts=false
## We use volta to manage our node and pnpm versions, so we do not
## want pnpm to manage these for us.
##
manage-package-manager-versions=false
## This is now the default but we want to be explicit
## This prevents security exploits from packages running
## arbitrary code during install. It also speeds up install times.
## Our own packages will still run their installation scripts
##
ignore-dep-scripts=true
## Make sure we don't troll ourselves when updating deps
##
verify-deps-before-run=true
## We do not want to auto-install peers because
## We want to ensure we understand what is actually required
## So that if a consuming app uses strict mode things will work
##
## This said, Apps should probably set this to true
##
auto-install-peers=false
## We want to error if we did not setup required peers correctly
## However, this pnpm bug prevents us using this as it will
## error when using `--no-lockfile` without reporting any errors
## https://github.com/pnpm/pnpm/issues/8382
##
strict-peer-dependencies=false
## We use so many similarly grouped peers, we want to make the
## peer-groups easier to distinguish.
## This forces a shorter sha for all groups (vs the default of 1000)
##
peers-suffix-max-length=40
virtual-store-dir-max-length=40
## If a dependency is not declared, we do not want to accidentally
## resolve it from the workspace root. This is a common source of
## bugs in monorepos.
##
resolve-peers-from-workspace-root=false
## Our Workspace Packages are "injected" so prevent
## devDependencies from being exposed and to allow
## for us to test optional peerDependencies.
##
inject-workspace-packages=true
## This also means we do not want to hoist them to the root
## As this would both expose them to all other packages AND
## results in them using symlinks instead of hardlinks
##
hoist-workspace-packages=false
## We use the `workspace:*` protocol for all workspace
## packages.
## In theory it would be nice to use `deep` here just in case
## we missed something so that we could tell pnpm to use the
## workspace version of a package if it exists. At any depth.
##
## However, it seems that deep/true result in workspace packages
## that are dependencies being symlinked instead of hardlinked
## more often, even at the top-level of a package, which is not
## what we want.
##
link-workspace-packages=false # deep
## Update injected dependencies when needed
## This will rerun after various "build" scripts
## In our published packages.
##
## Unfortunately, this does not run after scripts in
## the monorepo root, so we have added a special "sync"
## script to handle this.
##
sync-injected-deps-after-scripts[]=build:pkg
sync-injected-deps-after-scripts[]=build:infra
sync-injected-deps-after-scripts[]=build:glint
sync-injected-deps-after-scripts[]=sync
## In keeping with our "no hoisting" and "no auto-peers" and
## "isolated dep trees", we also want to avoid other things
## that lead to reliance on hoisting.
## In general, deduping leads to hoisting. This particular
## setting causes direct-dependencies to resolve from the
## workspace root if already in root. We don't want this.
##
dedupe-direct-deps=false
## We do not want to dedupe peer dependencies as this
## results in hoisting and violates optional peer isolation.
##
dedupe-peer-dependents=false
## We do not want to dedupe injected dependencies as this
## results in hoisting and violates optional peer isolation.
##
dedupe-injected-deps=false
## Fin