You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The initial pacquet update (alias up/upgrade) port landed the core: compatible bump (withhold lockfile pins so deps re-resolve to highest-in-range), --latest (fetch latest + rewrite the manifest), pattern selectors, -P/-D/--no-optional, --depth (coarse), --lockfile-only, and -i/--interactive (dialoguer + an inline outdated check).
This issue tracks the pieces deliberately left out, so pacquet's update reaches full parity with pnpm's installing/commands/src/update.
Deferred — currently error out
--global / -g — needs the global-dir resolution + @pnpm/global.commands (handleGlobalUpdate) subsystem, not ported to pacquet. Today errors with "not supported yet".
--workspace — workspace-protocol version linking (link all deps to the versions of packages inside the workspace). Today errors with "not supported yet".
Partial / approximate
Recursive (-r) sibling manifests — under a workspace install the resolution already spans every importer, but on --latest only the rootpackage.json is rewritten; sibling-importer manifests are not. Needs a per-importer manifest-rewrite pass.
--depth precision — the compatible bump is modeled by withholding lockfile pins by name (re-resolves a name wherever it appears, i.e. depth=Infinity semantics). --depth 0 (direct-only) and finite depths aren't gated per-node the way pnpm's updateDepth / currentDepth walk does.
Interactive parity — pacquet computes "outdated" inline from one packument fetch per direct dep and presents a flat list. pnpm uses @pnpm/deps.inspection.outdated (outdatedDepsOfProjects) and getUpdateChoices (grouped by dependency type, workspace-aware). Port the richer inspection + grouping.
updateConfig.ignoreDependencies — landed in feat(pacquet): honor updateConfig.ignoreDependencies in update #12104. When no selectors are given, ignored names are excluded from the update (respecting --prod/--dev/--no-optional scope); --latest with every direct dep ignored is a no-op, while a compatible update still re-resolves the non-ignored indirect deps.
Landed since
feat(pacquet): honor updateConfig.ignoreDependencies in update #12104 also fixed a latent resolver gap: the lockfile/manifest preferred-versions seed was built but never fed to the version picker (only used for peer hoisting), so fresh re-resolves bumped every dep to highest-in-range instead of keeping pins. The seed now drives the picker (ResolveOptions.preferred_versions), which is what makes compatible update <selector> / ignoreDependencies able to keep non-targeted pins.
Reference
Resolver plumbing already exists (UpdateBehavior tri-state, npm resolver include_latest_tag); the core command lives in pacquet/crates/package-manager/src/update.rs and pacquet/crates/cli/src/cli_args/update.rs.
Written by an agent (Claude Code, claude-opus-4-8).
The initial
pacquet update(aliasup/upgrade) port landed the core: compatible bump (withhold lockfile pins so deps re-resolve to highest-in-range),--latest(fetch latest + rewrite the manifest), pattern selectors,-P/-D/--no-optional,--depth(coarse),--lockfile-only, and-i/--interactive(dialoguer + an inline outdated check).This issue tracks the pieces deliberately left out, so pacquet's
updatereaches full parity with pnpm'sinstalling/commands/src/update.Deferred — currently error out
--global/-g— needs the global-dir resolution +@pnpm/global.commands(handleGlobalUpdate) subsystem, not ported to pacquet. Today errors with "not supported yet".--workspace— workspace-protocol version linking (link all deps to the versions of packages inside the workspace). Today errors with "not supported yet".Partial / approximate
-r) sibling manifests — under a workspace install the resolution already spans every importer, but on--latestonly the rootpackage.jsonis rewritten; sibling-importer manifests are not. Needs a per-importer manifest-rewrite pass.--depthprecision — the compatible bump is modeled by withholding lockfile pins by name (re-resolves a name wherever it appears, i.e.depth=Infinitysemantics).--depth 0(direct-only) and finite depths aren't gated per-node the way pnpm'supdateDepth/currentDepthwalk does.@pnpm/deps.inspection.outdated(outdatedDepsOfProjects) andgetUpdateChoices(grouped by dependency type, workspace-aware). Port the richer inspection + grouping.updateConfig.ignoreDependencies— landed in feat(pacquet): honorupdateConfig.ignoreDependenciesinupdate#12104. When no selectors are given, ignored names are excluded from the update (respecting--prod/--dev/--no-optionalscope);--latestwith every direct dep ignored is a no-op, while a compatible update still re-resolves the non-ignored indirect deps.Landed since
updateConfig.ignoreDependenciesinupdate#12104 also fixed a latent resolver gap: the lockfile/manifest preferred-versions seed was built but never fed to the version picker (only used for peer hoisting), so fresh re-resolves bumped every dep to highest-in-range instead of keeping pins. The seed now drives the picker (ResolveOptions.preferred_versions), which is what makes compatibleupdate <selector>/ignoreDependenciesable to keep non-targeted pins.Reference
Resolver plumbing already exists (
UpdateBehaviortri-state, npm resolverinclude_latest_tag); the core command lives inpacquet/crates/package-manager/src/update.rsandpacquet/crates/cli/src/cli_args/update.rs.Written by an agent (Claude Code, claude-opus-4-8).