Skip to content

packageManagerDependencies is sometimes written to lockfile despite pmOnFail: ignore #12228

Description

@anomiex

Verify latest release

  • I verified that the issue exists in the latest pnpm release

pnpm version

11.5.2

Which area(s) of pnpm are affected? (leave empty if unsure)

No response

Link to the code that reproduces this issue or a replay of the bug

No response

Reproduction steps

  1. echo 'pmOnFail: ignore' > pnpm-workspace.yaml
  2. cat <<'EOF' > package.json
    {
            "devEngines": {
                    "packageManager": {
                            "name": "pnpm",
                            "version": "^11.0.0"
                    }
            }
    }
    EOF
    
  3. pnpm install
  4. Observe pnpm-lock.yaml does not contain packageManagerDependencies
  5. pnpm self-update
  6. Observe pnpm-lock.yaml now unexpectedly does contain packageManagerDependencies

Describe the Bug

It seems that some commands, at least pnpm self-update, write packageManagerDependencies even when it is not normally written due to pmOnFail: ignore.

Expected Behavior

In this scenario, pnpm-lock.yaml does not contain packageManagerDependencies regardless of what commands are executed.

Failing that, it always contains packageManagerDependencies regardless of what commands are executed. But IMO with pmOnFail: ignore there's really no point to recording it, and I'm not sure how much point there really is for anything except pmOnFail: download.

Which Node.js version are you using?

v24.16.0

Which operating systems have you used?

  • macOS
  • Windows
  • Linux

If your OS is a Linux based, which one it is? (Include the version if relevant)

Debian

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    Fields

    No fields configured for Bug.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions