fix: write packageManagerDependencies when devEngines.packageManager is set without onFail

[shiminshen]

Summary

Partially closes #11674 — addresses part 1 (the main complaint).

When devEngines.packageManager.pnpm is set without onFail: "download", pnpm install previously ran syncEnvLockfile instead of switchCliVersion. The sync function returned early when the env lockfile lacked a packageManagerDependencies.pnpm entry — so the resolved pnpm version was never recorded on the first install, contradicting the docs ("The resolved version is stored in pnpm-lock.yaml") and forcing users to add onFail: "download" purely to trigger the lockfile write.

This PR drops the two early-returns that only fired when the env lockfile was missing or empty. Resolution proceeds whenever:

1. The project pins a pnpm version via devEngines.packageManager (or a v12+ packageManager field) — gated by shouldPersistLockfile, unchanged.
2. The currently running pnpm satisfies that pin — gated by semver.satisfies, unchanged.

The existing "already-resolved" no-op path still skips work when the lockfile records a satisfying version, so steady-state installs don't churn.

Repro (from the issue)

```json
{
"private": true,
"devEngines": {
"packageManager": { "name": "pnpm", "version": ">=11.0.0" }
},
"dependencies": { "is-odd": "^3.0.1" }
}
```

Before: `pnpm-lock.yaml` has no `packageManagerDependencies` after install.
After: `pnpm-lock.yaml` has `packageManagerDependencies.pnpm` (and `@pnpm/exe`, see deferred-work note below) with the resolved version.

Out of scope (deferred to follow-up)

The issue's part 3 asks for pruning the `@pnpm/exe` platform-specific entries when `onFail: "download"` is removed. That needs a state-transition signal that doesn't exist in the codebase today (we'd have to know that `onFail` used to be `download`). Filing that as a follow-up after this PR lands.

A related minor consequence: in non-download mode, `resolvePackageManagerIntegrities` still resolves and writes `@pnpm/exe` alongside `pnpm`. The user's issue acknowledges these entries are useful in download mode and clutter otherwise — short-term that clutter is the cost of fixing the main bug. Long-term, gating the `@pnpm/exe` resolution on `onFail === 'download'` would clean this up, but it's a separate refactor.

Test plan

• Updated `pnpm/src/syncEnvLockfile.test.ts`: two no-op assertions that previously documented the buggy behavior now assert that `resolvePackageManagerIntegrities` is called and the lockfile records the resolved version.
• Existing "already-resolved" no-op test still passes (steady-state installs don't churn).
• Existing `pnpm/test/configurationalDependencies.test.ts#package manager from the packageManager field is not saved into the lockfile` is unaffected — it uses the legacy `packageManager` field with pnpm 11, so `shouldPersistLockfile` returns false and the new code path is short-circuited.
• Existing `packageManagerDependencies is refreshed when pnpm is invoked via corepack` (syncEnvLockfile skipped when running via corepack, leaving packageManagerDependencies stale #11397) test path is unchanged when a stale version is present.

Local Jest could not run due to an unrelated `module is already linked` failure under `experimental-vm-modules` on Node 22/24 in my environment (reproduces on a pristine `main` checkout) — happy to rerun once CI exercises the change.

pacquet parity note

pacquet currently only ports `install` and does not yet implement `devEngines.packageManager` lockfile-sync. Once it grows that surface, the same behavior should be mirrored. Flagging here per `CLAUDE.md`.

---

Written by an agent (Claude Code, claude-opus-4-7).

Summary by CodeRabbit

• Bug Fixes

  • Ensure the package manager version (pnpm) is recorded in the lockfile when missing, including fresh installs.

• Tests

  • Updated tests to confirm package manager dependency entries are written to the lockfile.

• Documentation

  • Added a changeset documenting lockfile sync behavior for package manager version recording.

[welcome]

💖 Thanks for opening this pull request! 💖
Please be patient and we will get back to you as soon as we can.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: c9cbef86-210d-4bcd-862f-cda0a42179ac

📥 Commits

Reviewing files that changed from the base of the PR and between 7d95512 and d6c2f01.

📒 Files selected for processing (3)

• .changeset/sync-env-lockfile-when-missing-11674.md
• pnpm/src/syncEnvLockfile.test.ts
• pnpm/src/syncEnvLockfile.ts

✅ Files skipped from review due to trivial changes (1)

• .changeset/sync-env-lockfile-when-missing-11674.md

🚧 Files skipped from review as they are similar to previous changes (1)

• pnpm/src/syncEnvLockfile.test.ts

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Analyze (javascript)
• GitHub Check: Compile & Lint

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Use Standard Style with modifications: trailing commas are used, functions are preferred over classes, functions are declared after they are used (hoisting is relied upon).
Functions should have no more than two or three arguments. If a function needs more parameters, use a single options object instead.
Maintain import order: (1) Standard libraries, (2) External dependencies (sorted alphabetically), (3) Relative imports.

Files:

• pnpm/src/syncEnvLockfile.ts

🧠 Learnings (1)

📚 Learning: 2026-05-14T09:04:00.133Z

Learnt from: zkochan
Repo: pnpm/pnpm PR: 11622
File: resolving/npm-resolver/test/publishedBy.test.ts:350-354
Timestamp: 2026-05-14T09:04:00.133Z
Learning: In the pnpm/pnpm repository, ESLint is the authoritative style linter. Do not raise review findings for missing trailing commas in multiline function calls (e.g., `fs.writeFileSync(...)`) when this repo’s ESLint configuration does not report them and lint passes. Prefer deferring to the ESLint results for this specific trailing-comma rule rather than enforcing it manually in code review.

Applied to files:

• pnpm/src/syncEnvLockfile.ts

🔇 Additional comments (1)

pnpm/src/syncEnvLockfile.ts (1)

11-21: LGTM!

Also applies to: 33-34, 39-39

---

📝 Walkthrough

Walkthrough

This PR ensures syncEnvLockfile records the current pnpm version in pnpm-lock.yaml when pinning is enabled and the env lockfile is missing or lacks a pnpm entry; tests and a changeset were added.

Changes

Lockfile sync behavior fix

Layer / File(s)	Summary
syncEnvLockfile control flow and docs pnpm/src/syncEnvLockfile.ts	Doc comment updated; locked pnpm version read via optional chaining; early returns for missing env lockfile/lockedVersion removed; resolvePackageManagerIntegrities is invoked with envLockfile ?? undefined unless an existing locked version satisfies the wanted range.
Tests and changeset pnpm/src/syncEnvLockfile.test.ts, .changeset/sync-env-lockfile-when-missing-11674.md	Tests now assert resolvePackageManagerIntegrities is called and that importers['.'].packageManagerDependencies.pnpm is written with specifier/version equal to the resolved pnpm packageManager.version; changeset documents the behavior.

Sequence Diagram(s)

sequenceDiagram
  participant syncEnvLockfile
  participant resolvePackageManagerIntegrities
  participant pnpm_lock_yaml
  syncEnvLockfile->>resolvePackageManagerIntegrities: request integrities (envLockfile or undefined)
  resolvePackageManagerIntegrities->>pnpm_lock_yaml: write importers['.'].packageManagerDependencies.pnpm { specifier, version }
  pnpm_lock_yaml-->>syncEnvLockfile: persist confirmation

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• devEngines.packageManager: packageManagerDependencies not written to lockfile without onFail, and not cleaned up when onFail is removed #11674: Fixes the described fresh-install behavior by writing packageManagerDependencies.pnpm into the lockfile when the env entry is missing.

Possibly related PRs

• pnpm/pnpm#11435: Related work around reading/writing packageManagerDependencies.pnpm for self-update and lockfile-pinned behavior.

Suggested labels

area: lockfile

Suggested reviewers

• zkochan

Poem

🐰 I hopped through locks both bare and new,
Wrote down the pnpm version true.
Fresh installs now keep what they knew,
Tests checked the ink, the changelog too —
A tiny hop for stable brew.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and specifically describes the main change: recording packageManagerDependencies when devEngines.packageManager is set without onFail, which aligns with the PR's core objective to fix the lockfile recording behavior on first install.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[zkochan]

Isn't this covered by #11682?