Package resolution for dependencies available in workspace is completely broken

[SteRoy]

Last pnpm version that worked

9.15.9

pnpm version

=10.13.1

Code to reproduce the issue

mkdir -p my-app
mkdir -p my-lib

echo '{
  "packageManager": "pnpm@10.13.1"
}' > package.json

echo 'packages:
  - '\''my-app'\''
  - '\''my-lib'\''' > pnpm-workspace.yaml

echo 'link-workspace-packages=true' > .npmrc

echo '{
  "name": "my-app",
  "dependencies": {
    "@super-secret/my-lib": "2.0.0"
  }
}' > my-app/package.json

echo '{
  "name": "@super-secret/my-lib",
  "version": "1.0.0",
}' > my-lib/package.json

Expected behavior

 ERR_PNPM_FETCH_404  GET https://registry.npmjs.org/@super-secret%2Fmy-lib: Not Found - 404

This error happened while installing a direct dependency of 

@super-secret/my-lib is not in the npm registry, or you have no permission to fetch it.

No authorization header was set for the request.

Actual behavior

Legend: production dependency, optional only, dev only

my-app@1.0.0

dependencies:
@super-secret/my-lib link:../my-lib

Additional information

This is quite insidious and severe, it basically made pnpm v10 unusable for our purposes. Affects all platforms as far as I can tell.

Node.js version

20.19.3

Operating System

Windows

[rheidehrt]

Any update on this? We're also experiencing this issue and is causing is issues in our monorepo and would love to switch to pnpm 10 but this is blocking us right now

[SteRoy]

Bump? this feels like a pretty significant regression and has a trivial repro? Is it being tracked somewhere else?