パッケージに関する情報を記述したファイルです。 タイトル、作者、依存パッケージなどのメタ情報を含んでいます。 このセクションで説明しているのは、pnpmを含む全ての主要なNode.jsのパッケージマネージャに共通する標準的な内容です。

engines​

ソフトウェアが（パッケージが）動作するNode.jsとpnpmのバージョンを指定できます。

{
"engines":{
"node":">=10",
"pnpm":">=3"
}
}

開発時に使用しているpnpmのバージョンがenginesフィールドに指定したバージョンと一致しない場合、常に失敗し、エラーメッセージを出力するでしょう。

ユーザがengine-strict設定フラグ (.npmrcを参照) を指定しなければ、このフィールドの役割は助言を与えるだけですし、あなたのパッケージを依存パッケージとしてインストールするときに警告を出力するだけでしょう。

dependenciesMeta​

dependencies,optionalDependencies,devDependencies内で宣言された依存関係のために使用される追加のメタ情報です。

dependenciesMeta.*.injected​

If this is set totrue for a local dependency, the package will be hard linked to the virtual store (node_modules/.pnpm) and symlinked from the virtual store to the modules directory.

If this is set tofalse or not set for a local dependency, the package will be symlinked directly from its location in the workspace to the module directory.

For instance, the followingpackage.json in a workspace will create a symlink tobutton in thenode_modules directory ofcard:

{
"name":"card",
"dependencies":{
"button":"workspace:1.0.0"
}
}

But what ifbutton hasreact in its peer dependencies? If all projects in the monorepo use the same version ofreact, then no problem. But what ifbutton is required bycard that usesreact@16 andform withreact@17? Without usinginject, you'd have to choose a single version ofreact and install it as dev dependency ofbutton. But using theinjected field you can injectbutton to a package, andbutton will be installed with thereact version of that package.

So this will be thepackage.json ofcard:

{
"name":"card",
"dependencies":{
"button":"workspace:1.0.0",
"react":"16"
},
"dependenciesMeta":{
"button":{
"injected":true
}
}
}

button will be hard linked into the dependencies ofcard, andreact@16 will be symlinked to the dependencies ofcard/node_modules/button.

And this will be thepackage.json ofform:

{
"name":"form",
"dependencies":{
"button":"workspace:1.0.0",
"react":"17"
},
"dependenciesMeta":{
"button":{
"injected":true
}
}
}

button will be hard linked into the dependencies ofform, andreact@17 will be symlinked to the dependencies ofform/node_modules/button.

In contrast to normal dependencies, injected ones are not symlinked to the destination folder, so they are not updated automatically, e.g. after running the build script. To update the hard linked folder contents to the latest state of the dependency package folder, callpnpm i again.

Note that thebutton package must have any lifecycle script that runs on install in order forpnpm to detect the changes and update it. For example, the package can be rebuilt on install:"prepare": "pnpm run build". Any script would work, even a simple unrelated command without side effects, like this:"prepare": "pnpm root".

peerDependenciesMeta​

This field lists some extra information related to the dependencies listed in thepeerDependencies field.

peerDependenciesMeta.*.optional​

If this is set to true, the selected peer dependency will be marked as optional by the package manager. Therefore, the consumer omitting it will no longer be reported as an error.

例:

{
"peerDependencies":{
"foo":"1"
},
"peerDependenciesMeta":{
"foo":{
"optional":true
},
"bar":{
"optional":true
}
}
}

Note that even thoughbar was not specified inpeerDependencies, it is marked as optional. pnpm will therefore assume that any version of bar is fine. However,foo is optional, but only to the required version specification.

publishConfig​

It is possible to override some fields in the manifest before the package is packed. The following fields may be overridden:

• bin
• main
• exports
• typesおよびtypings
• module
• browser
• esnext
• es2015
• unpkg
• umd:main
• typesVersions
• cpu
• os

To override a field, add the publish version of the field topublishConfig.

For instance, the followingpackage.json:

{
"name":"foo",
"version":"1.0.0",
"main":"src/index.ts",
"publishConfig":{
"main":"lib/index.js",
"typings":"lib/index.d.ts"
}
}

Will be published as:

{
"name":"foo",
"version":"1.0.0",
"main":"lib/index.js",
"typings":"lib/index.d.ts"
}

publishConfig.executableFiles​

By default, for portability reasons, no files except those listed in the bin field will be marked as executable in the resulting package archive. TheexecutableFiles field lets you declare additional fields that must have the executable flag (+x) set even if they aren't directly accessible through the bin field.

{
"publishConfig":{
"executableFiles":[
"./dist/shim.js"
]
}
}

publishConfig.directory​

You also can use the fieldpublishConfig.directory to customize the published subdirectory relative to the currentpackage.json.

It is expected to have a modified version of the current package in the specified directory (usually using third party build tools).

次の例では"dist"フォルダーにpackage.jsonを配置しなければなりません。

{
"name":"foo",
"version":"1.0.0",
"publishConfig":{
"directory":"dist"
}
}

publishConfig.linkDirectory​

• デフォルト:true
• タイプ:Boolean

When set totrue, the project will be symlinked from thepublishConfig.directory location during local development.

例:

{
"name":"foo",
"version":"1.0.0",
"publishConfig":{
"directory":"dist"
"linkDirectory":true
}
}

pnpm.overrides​

このフィールドを指定すると、依存関係グラフにおける任意の依存関係を上書きするようpnpmに指示できるようになります。 全てのパッケージが同じバージョンの依存パッケージを使うように強制したり、バグ修正をバックポートしたり、フォークした依存パッケージへ置き換えるときに役立ちます。

overridesフィールドは、最上位のプロジェクトでしか設定できないので注意してください。

"pnpm"."overdides"フィールドは次のように設定します。

{
"pnpm":{
"overrides":{
"foo":"^1.0.0",
"quux":"npm:@myorg/quux@^1.0.0",
"bar@^2.1.0":"3.0.0",
"qar@1>zoo":"2"
}
}
}

上書きするように指定した依存関係が所属するパッケージは、">" を区切り文字として、パッケージセレクタと依存関係セレクタにより指定できます。例えば、qar@1>zooと指定すると、zooの依存関係qar@1だけを上書きすることになり、他の依存関係には影響しません。

An override may be defined as a reference to a direct dependency's spec. This is achieved by prefixing the name of the dependency with a$:

{
"dependencies":{
"foo":"^1.0.0"
},
"pnpm":{
"overrides":{
"foo":"$foo"
}
}
}

The referenced package does not need to match the overridden one:

{
"dependencies":{
"foo":"^1.0.0"
},
"pnpm":{
"overrides":{
"bar":"$foo"
}
}
}

pnpm.packageExtensions​

packageExtensionsフィールドは、追加の情報と共に既存のパッケージ定義を拡張する方法を提供します。 例えば、react-reduxのpeerDependenciesに存在するべきreact-domがなかった場合、packageExtensionsフィールドで次のように追加（パッチ）できます。

{
"pnpm":{
"packageExtensions":{
"react-redux":{
"peerDependencies":{
"react-dom":"*"
}
}
}
}
}

packageExtensionsフィールドのキーはパッケージ名、あるいは、パッケージ名とsemver形式のバージョン範囲を組み合わせたものです。つまり、あるパッケージの特定のバージョンだけをパッチできるのです。

{
"pnpm":{
"packageExtensions":{
"react-redux@1":{
"peerDependencies":{
"react-dom":"*"
}
}
}
}
}

packageExtensionsフィールドは、dependencies、optionalDependencies、peerDependencies、peerDependenciesMetaを拡張できます。

より長い例は次のとおりです。

{
"pnpm":{
"packageExtensions":{
"express@1":{
"optionalDependencies":{
"typescript":"2"
}
},
"fork-ts-checker-webpack-plugin":{
"dependencies":{
"@babel/core":"1"
},
"peerDependencies":{
"eslint":">= 6"
},
"peerDependenciesMeta":{
"eslint":{
"optional":true
}
}
}
}
}
}

pnpm.peerDependencyRules​

pnpm.peerDependencyRules.ignoreMissing​

pnpm は、このリストで指定された peerDependencies が存在しなくても警告を出力しません。

たとえば、次の構成では、依存関係がreact を要求しているが、react がインストールされていない場合でも、pnpmは警告を出力しません。

{
"pnpm":{
"peerDependencyRules":{
"ignoreMissing":["react"]
}
}
}

Package name patterns may also be used:

{
"pnpm":{
"peerDependencyRules":{
"ignoreMissing":["@babel/*","@eslint/*"]
}
}
}

pnpm.peerDependencyRules.allowedVersions​

指定された範囲については peerDependencies が満たされていなくても警告が表示されなくなります。

例えば、react@16 を必要とする依存関係があったとして、それがreact@17 でも正常に動くことをあなたが知っている場合、次のような構成を使用できます。

{
"pnpm":{
"peerDependencyRules":{
"allowedVersions":{
"react":"17"
}
}
}
}

これは pnpm に、peerDependencies に react を持っているすべての依存関係について、react v17 をインストールすることを許可するように指示します。

It is also possible to suppress the warnings only for peer dependencies of specific packages. For instance, with the following configurationreact v17 will be only allowed when it is in the peer dependencies of thebutton v2 package or in the dependencies of anycard package:

{
"pnpm":{
"peerDependencyRules":{
"allowedVersions":{
"button@2>react":"17",
"card>react":"17"
}
}
}
}

pnpm.peerDependencyRules.allowAny​

allowAny is an array of package name patterns, any peer dependency matching the pattern will be resolved from any version, regardless of the range specified inpeerDependencies. 例：

{
"pnpm":{
"peerDependencyRules":{
"allowAny":["@babel/*","eslint"]
}
}
}

The above setting will mute any warnings about peer dependency version mismatches related to@babel/ packages oreslint.

pnpm.neverBuiltDependencies​

このフィールドに指定した依存関係のビルドは無視されます。 ここに列挙されたパッケージの「preinstall」、「install」、および「postinstall」スクリプトは、インストール中に実行されません。

"pnpm"."neverBuiltDependencies" フィールドの例:

{
"pnpm":{
"neverBuiltDependencies":["fsevents","level"]
}
}

pnpm.onlyBuiltDependencies​

インストール中に実行することを許可されたパッケージのリスト。 このフィールドが存在する場合、列挙されたパッケージのみがインストールスクリプトを実行できます。

例:

{
"pnpm":{
"onlyBuiltDependencies":["fsevents"]
}
}

pnpm.onlyBuiltDependenciesFile​

Added in: v8.9.0

This configuration option allows users to specify a JSON file that lists the only packages permitted to run installation scripts during the pnpm install process. By using this, you can enhance security or ensure that only specific dependencies execute scripts during installation.

例:

{
"dependencies":{
"@my-org/policy":"1.0.0"
},
"pnpm":{
"onlyBuiltDependenciesFile":"node_modules/@my-org/policy/onlyBuiltDependencies.json"
}
}

The JSON file itself should contain an array of package names:

[
"fsevents"
]

pnpm.allowedDeprecatedVersions​

This setting allows muting deprecation warnings of specific packages.

例:

{
"pnpm":{
"allowedDeprecatedVersions":{
"express":"1",
"request":"*"
}
}
}

With the above configuration pnpm will not print deprecation warnings about any version ofrequest and about v1 ofexpress.

pnpm.patchedDependencies​

This field is added/updated automatically when you runpnpm patch-commit. It is a dictionary where the key should be the package name and exact version. The value should be a relative path to a patch file.

例:

{
"pnpm":{
"patchedDependencies":{
"express@4.18.1":"patches/express@4.18.1.patch"
}
}
}

pnpm.allowNonAppliedPatches​

Whentrue, installation won't fail if some of the patches from thepatchedDependencies field were not applied.

{
"pnpm":{
"patchedDependencies":{
"express@4.18.1":"patches/express@4.18.1.patch"
},
"allowNonAppliedPatches":true
}

pnpm.updateConfig​

pnpm.updateConfig.ignoreDependencies​

Sometimes you can't update a dependency. For instance, the latest version of the dependency started to use ESM but your project is not yet in ESM. Annoyingly, such a package will be always printed out by thepnpm outdated command and updated, when runningpnpm update --latest. However, you may list packages that you don't want to upgrade in theignoreDependencies field:

{
"pnpm":{
"updateConfig":{
"ignoreDependencies":["load-json-file"]
}
}
}

Patterns are also supported, so you may ignore any packages from a scope:@babel/*.

pnpm.auditConfig​

pnpm.auditConfig.ignoreCves​

A list of CVE IDs that will be ignored by thepnpm audit command.

{
"pnpm":{
"auditConfig":{
"ignoreCves":[
"CVE-2022-36313"
]
}
}
}

pnpm.requiredScripts​

Scripts listed in this array will be required in each project of the workspace. Otherwise,pnpm -r run <script name> will fail.

{
  "pnpm": {
    "requiredScripts": ["build"]
  }
}

pnpm.supportedArchitectures​

Added in: v8.10.0

You can specify architectures for which you'd like to install optional dependencies, even if they don't match the architecture of the system running the install.

For example, the following configuration tells to install optional dependencies for Windows x64:

{
"pnpm":{
"supportedArchitectures":{
"os":["win32"],
"cpu":["x64"]
}
}
}

Whereas this configuration will install optional dependencies for Windows, macOS, and the architecture of the system currently running the install. It includes artifacts for both x64 and arm64 CPUs:

{
"pnpm":{
"supportedArchitectures":{
"os":["win32","darwin","current"],
"cpu":["x64","arm64"]
}
}
}

Additionally,supportedArchitectures also supports specifying thelibc of the system.

resolutions​

Functionally identical topnpm.overrides, this field is intended to make it easier to migrate from Yarn.

resolutions andpnpm.overrides get merged before package resolution (withpnpm.overrides taking precedence), which can be useful when you're migrating from Yarn and need to tweak a few packages just for pnpm.