-
Notifications
You must be signed in to change notification settings - Fork 103
Expand file tree
/
Copy pathpnpm-workspace.yaml
More file actions
58 lines (52 loc) · 2.35 KB
/
Copy pathpnpm-workspace.yaml
File metadata and controls
58 lines (52 loc) · 2.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Copyright 2026 Element Creations Ltd.
#
# SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
# Please see LICENSE files in the repository root for full details.
# $schema: https://www.schemastore.org/pnpm-workspace.json
packages:
- "frontend"
- ".github/scripts"
# Enforce the package.json `engines` field.
engineStrict: true
# Refuse to install dependencies whose trust level has dropped compared to an
# earlier release (e.g. a previously-provenanced package now publishing without
# provenance). Add specific selectors to `trustPolicyExclude` to override.
trustPolicy: no-downgrade
trustPolicyExclude:
# @babel/core@7.29.0 still pulls in semver@6.3.1, whose earlier versions
# had provenance attestation but this one does not.
- "semver@6.3.1"
# @actions/github-script bundles @actions/http-client which pulls in
# undici@5.29.0 — older 5.x releases were published with provenance.
- "undici@5.29.0"
# They switched to npm staged publishing, which for some reason npm flags
# from being a release with a trusted publisher (GH actions) and provenance
# to one with only provenance.
- "tinyexec@1.2.2"
# Force a single copy of @radix-ui/react-dialog across the tree: vaul resolves
# its own (older) copy otherwise, and mixing two copies breaks React context
# between the app's Dialog.Trigger and vaul's Drawer.Root ("DialogTrigger must
# be used within Dialog" on mobile). Keep in sync with frontend/package.json.
overrides:
"@radix-ui/react-dialog": ^1.1.18
# Fail the install if any dependency has a build script that isn't explicitly
# allowed. Add entries to `allowBuilds` (package name pattern -> bool) to
# permit specific packages to run their install/build scripts.
strictDepBuilds: true
allowBuilds:
# Native binary toolchains
"@swc/core": true
esbuild: true
# MSW writes a service worker file into .storybook/public during install
msw: true
# Telemetry collector — opt out
"@scarf/scarf": false
# The @actions/github-script repo only ships sources; it has a "prepare"
# script that runs tsc to produce dist/ when fetched directly from git.
"@actions/github-script": true
# Fail the install if peer dependencies are missing or unsatisfied. Add
# entries under `peerDependencyRules.allowedVersions` to whitelist specific
# version mismatches.
strictPeerDependencies: true
peerDependencyRules:
allowedVersions: {}