Codeberg/Documentation
43
151
Fork
You've already forked Documentation
128

chore(deps): update dependency pnpm to v10.27.0 [security] #727

Merged
Gusted merged 1 commit from renovate/npm-pnpm-vulnerability into main 2026年01月13日 16:13:12 +01:00

This PR contains the following updates:

Package Change Age Confidence
pnpm (source) 10.24.010.27.0 age confidence

pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies

CVE-2025-69263 / GHSA-7vhp-vf5g-r2fw

More information

Details

Summary

HTTP tarball dependencies (and git-hosted tarballs) are stored in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed.

Details

When a package depends on an HTTP tarball URL, pnpm's tarball resolver returns only the URL without computing an integrity hash:

resolving/tarball-resolver/src/index.ts:

return {
 resolution: {
 tarball: resolvedUrl,
 // No integrity field
 },
 resolvedVia: 'url',
}

The resulting lockfile entry has no integrity to verify:

remote-dynamic-dependency@http://example.com/pkg.tgz:resolution:{tarball:http://example.com/pkg.tgz}version:1.0.0

Since there is no integrity hash, pnpm cannot detect when the server returns different content.

This affects:

  • HTTP/HTTPS tarball URLs ("pkg": "https://example.com/pkg.tgz")
  • Git shorthand dependencies ("pkg": "github:user/repo")
  • Git URLs ("pkg": "git+https://github.com/user/repo")

npm registry packages are not affected as they include integrity hashes from the registry metadata.

PoC

See attached pnpm-bypass-integrity-poc.zip

The POC includes:

  • A server that returns different tarball content on each request
  • A malicious-package that depends on the HTTP tarball
  • A victim project that depends on malicious-package

To run:

cd pnpm-bypass-integrity-poc
./run-poc.sh

The output shows that each install (with pnpm store prune between them) downloads different code despite having a committed lockfile.

Impact

An attacker who publishes a package with an HTTP tarball dependency can serve different code to different users or CI/CD environments. This enables:

  • Targeted attacks based on request metadata (IP, headers, timing)
  • Evasion of security audits (serve benign code during review, malicious code later)
  • Supply chain attacks where the malicious payload changes over time

The attack requires the victim to install a package that has an HTTP/git tarball in its dependency tree. The victim's lockfile provides no protection.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"

CVE-2025-69264 / GHSA-379q-355j-w6rj

More information

Details

pnpm v10+ Git Dependency Script Execution Bypass
Summary

A security bypass vulnerability in pnpm v10+ allows git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the onlyBuiltDependencies mechanism, git dependencies can still execute prepare, prepublish, and prepack scripts during the fetch phase, enabling remote code execution without user consent or approval.

Details

pnpm v10 introduced a security feature to disable dependency lifecycle scripts by default (PR #​8897). This is implemented by setting onlyBuiltDependencies = [] when no build policy is configured:

File: pkg-manager/core/src/install/extendInstallOptions.ts (lines 290-291)

if (opts.neverBuiltDependencies == null && opts.onlyBuiltDependencies == null && opts.onlyBuiltDependenciesFile == null) {
 opts.onlyBuiltDependencies = []
}

This creates an allowlist that blocks all packages from running scripts during the BUILD phase in exec/build-modules/src/index.ts.

However, git-hosted dependencies are processed differently. During the FETCH phase, git packages are prepared using preparePackage():

File: exec/prepare-package/src/index.ts (lines 28-57)

export async function preparePackage (opts: PreparePackageOptions, gitRootDir: string, subDir: string) {
 // ...
 if (opts.ignoreScripts) return { shouldBeBuilt: true, pkgDir } // Only checks ignoreScripts, not onlyBuiltDependencies

 const execOpts: RunLifecycleHookOptions = {
 // ...
 rawConfig: omit(['ignore-scripts'], opts.rawConfig), // Explicitly removes ignore-scripts!
 }
 // Runs npm/pnpm install
 await runLifecycleHook(installScriptName, manifest, execOpts)
 // Runs prepare scripts
 for (const scriptName of PREPUBLISH_SCRIPTS) { // ['prepublish', 'prepack', 'publish']
 await runLifecycleHook(newScriptName, manifest, execOpts)
 }
}

The ignoreScripts option defaults to false and is completely separate from onlyBuiltDependencies. The onlyBuiltDependencies allowlist is never consulted during the fetch phase.

Affected scripts that execute during fetch:

  • prepare
  • prepublish
  • prepack

Attack vectors:

  • git+https://github.com/attacker/malicious.git
  • github:attacker/malicious
  • gitlab:attacker/malicious
  • bitbucket:attacker/malicious
  • git+ssh://git@github.com/attacker/malicious.git
  • git+file:///path/to/local/repo
PoC

Prerequisites:

  • pnpm v10.0.0 or later (tested on v10.23.0 and v11.0.0-alpha.1)
  • git

Steps to reproduce:

  1. Extract the attached poc.zip

  2. Run the PoC script:

    cd poc
chmod +x run-poc.sh
./run-poc.sh

  3. Verify the marker file was created by the malicious script:

    cat /tmp/pnpm-vuln-poc-marker.txt

Manual reproduction:

  1. Create a malicious package with a prepare script:

    {
 "name": "malicious-pkg",
 "version": "1.0.0",
 "scripts": {
 "prepare": "node -e \"require('fs').writeFileSync('/tmp/pwned.txt', 'RCE!')\""
 }
}

  2. Initialize it as a git repo and commit the files

  3. Create a victim project that depends on it (just have to make sure it actually git clones and not just downloads a tarball):

    {
 "dependencies": {
 "malicious-pkg": "git+file:///path/to/malicious-pkg"
 }
}

  4. Run pnpm install - the prepare script executes without any warning or approval prompt

Impact

Severity: High

Who is impacted:

  • All pnpm v10+ users
  • Users who believed they were protected by the v10 "scripts disabled by default" feature
  • CI/CD pipelines

Attack scenarios:

  1. Supply chain attack: An attacker compromises a dependency, adding to it a malicious git dependency that executes arbitrary code during pnpm install

What an attacker can do:

  • Execute arbitrary code with the victim's privileges
  • Exfiltrate environment variables, secrets, and credentials
  • Modify source code or inject backdoors
  • Establish persistence or reverse shells
  • Access the filesystem and network

Why this bypasses security expectations:

  • pnpm v10 changelog explicitly states "Lifecycle scripts of dependencies are not executed during installation by default"
  • Users expect git dependencies to follow the same security model as npm registry packages
  • There is no warning that git dependencies are treated differently
  • The onlyBuiltDependencies configuration does not affect git dependencies

Severity

  • CVSS Score: 8.8 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

pnpm vulnerable to Command Injection via environment variable substitution

CVE-2025-69262 / GHSA-2phv-j68v-wwqx

More information

Details

Summary

A command injection vulnerability exists in pnpm when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution (RCE) in build environments.

Affected Components
  • Package: pnpm
  • Versions: All versions using @pnpm/config.env-replace and loadToken functionality
  • File: pnpm/network/auth-header/src/getAuthHeadersFromConfig.ts - loadToken() function
  • File: pnpm/config/config/src/readLocalConfig.ts - .npmrc environment variable substitution
Technical Details
Vulnerability Chain

  1. Environment Variable Substitution

    • .npmrc supports ${VAR} syntax
    • Substitution occurs in readLocalConfig()

  2. loadToken Execution

    • Uses spawnSync(helperPath, { shell: true })
    • Only validates absolute path existence

  3. Attack Flow

.npmrc: registry.npmjs.org/:tokenHelper=${HELPER_PATH}
 ↓
envReplace() → /tmp/evil-helper.sh
 ↓
loadToken() → spawnSync(..., { shell: true })
 ↓
RCE achieved
Code Evidence

pnpm/config/config/src/readLocalConfig.ts:17-18

key = envReplace(key, process.env)
ini[key] = parseField(types, envReplace(val, process.env), key)

pnpm/network/auth-header/src/getAuthHeadersFromConfig.ts:60-71

export function loadToken(helperPath: string, settingName: string): string {
 if (!path.isAbsolute(helperPath) || !fs.existsSync(helperPath)) {
 throw new PnpmError('BAD_TOKEN_HELPER_PATH', ...)
 }
 const spawnResult = spawnSync(helperPath, { shell: true })
 // ...
}
Proof of Concept
Prerequisites
  • Private npm registry access
  • Control over environment variables
  • Ability to place scripts in filesystem
PoC Steps

##### 1. Create malicious helper script
cat > /tmp/evil-helper.sh << 'SCRIPT'
#!/bin/bash
echo "RCE SUCCESS!" > /tmp/rce-log.txt
echo "TOKEN_12345"
SCRIPT
chmod +x /tmp/evil-helper.sh
##### 2. Create .npmrc with environment variable
cat > .npmrc << 'EOF'
registry=https://registry.npmjs.org/
registry.npmjs.org/:tokenHelper=${HELPER_PATH}
EOF
##### 3. Set environment variable (attacker controlled)
export HELPER_PATH=/tmp/evil-helper.sh
##### 4. Trigger pnpm install
pnpm install # RCE occurs during auth
##### 5. Verify attack
cat /tmp/rce-log.txt
PoC Results
==> Attack successful
==> File created: /tmp/rce-log.txt
==> Arbitrary code execution confirmed
Impact
Severity
  • CVSS Score: 7.6 (High)
  • CVSS Vector: cvss:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Environments

High Risk:

  • CI/CD pipelines (GitHub Actions, GitLab CI)
  • Docker build environments
  • Kubernetes deployments
  • Private registry users

Low Risk:

  • Public registry only
  • Production runtime (no pnpm execution)
  • Static sites
Attack Scenarios

Scenario 1: CI/CD Supply Chain

Repository → Build Trigger → pnpm install → RCE → Production Deploy

Scenario 2: Docker Build

FROMnode:20ARG HELPER_PATH=/tmp/evilCOPY .npmrc .RUN pnpm install # RCE

Scenario 3: Kubernetes

Secret Control → Env Variable → .npmrc Substitution → RCE
Mitigation
Temporary Workarounds

Disable tokenHelper:


##### .npmrc
##### registry.npmjs.org/:tokenHelper=${HELPER_PATH}

Use direct tokens:

//registry.npmjs.org/:_authToken=YOUR_TOKEN

Audit environment variables:

  • Review CI/CD env vars
  • Restrict .npmrc changes
  • Monitor build logs
Recommended Fixes
  1. Remove shell: true from loadToken
  2. Implement helper path allowlist
  3. Validate substituted paths
  4. Consider sandboxing
Disclosure
  • Discovery: 2025年11月02日
  • PoC: 2025年11月02日
  • Report: [Pending disclosure decision]
References
Credit

Reported by: Jiyong Yang
Contact: sy2n0@​naver.com

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

pnpm/pnpm (pnpm)

v10.27.0: pnpm 10.27

Compare Source

Minor Changes

  • Adding trustPolicyIgnoreAfter allows you to ignore trust policy checks for packages published more than a specified time ago#​10352.

  • Added project registry for global virtual store prune support.

    Projects using the store are now registered via symlinks in {storeDir}/v10/projects/. This enables pnpm store prune to track which packages are still in use by active projects and safely remove unused packages from the global virtual store.

  • Semi-breaking. Changed the location of unscoped packages in the virtual global store. They will now be stored under a directory named @ to maintain a uniform 4-level directory depth.

  • Added mark-and-sweep garbage collection for global virtual store.

    pnpm store prune now removes unused packages from the global virtual store's links/ directory. The algorithm:

    1. Scans all registered projects for symlinks pointing to the store
    2. Walks transitive dependencies to mark reachable packages
    3. Removes any package directories not marked as reachable

    This includes support for workspace monorepos - all node_modules directories within a project (including those in workspace packages) are scanned.

Patch Changes
  • Throw an error if the value of the tokenHelper or <url>:tokenHelper setting contains an environment variable.
  • Git dependencies with build scripts should respect the dangerouslyAllowAllBuilds settings #​10376.
  • Skip the package manager check when running with --global and a project packageManager is configured, and warn that the check is skipped.
  • pnpm store prune should not fail if the dlx cache directory has files, not only directories #​10384
  • Fixed a bug (#​9759) where pnpm add would incorrectly modify a catalog entry in pnpm-workspace.yaml to its exact version.
Platinum Sponsors
Bit
Gold Sponsors
Discord CodeRabbit Workleap
Stackblitz Vite

v10.26.2: pnpm 10.26.2

Compare Source

Patch Changes

  • Improve error message when a package version exists but does not meet the minimumReleaseAge constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") #​10307.

  • Fix installation of Git dependencies using annotated tags #​10335.

    Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused ERR_PNPM_GIT_CHECKOUT_FAILED errors because the checked-out commit hash didn't match the stored tag object hash.

  • Binaries of runtime engines (Node.js, Deno, Bun) are written to node_modules/.bin before lifecycle scripts (install, postinstall, prepare) are executed #​10244.

  • Try to avoid making network calls with preferOffline #​10334.

Platinum Sponsors
Bit
Gold Sponsors
Discord CodeRabbit Workleap
Stackblitz Vite

v10.26.1: pnpm 10.26.1

Compare Source

Patch Changes
  • Don't fail on pnpm add, when blockExoticSubdeps is set to true #​10324.
  • Always resolve git references to full commits and ensure HEAD points to the commit after checkout #​10310.
Platinum Sponsors
Bit
Gold Sponsors
Discord CodeRabbit Workleap
Stackblitz Vite

v10.26.0: pnpm 10.26

Compare Source

Minor Changes

  • Semi-breaking. Block git-hosted dependencies from running prepare scripts unless explicitly allowed in onlyBuiltDependencies #​10288.

  • Semi-breaking. Compute integrity hash for HTTP tarball dependencies when fetching, storing it in the lockfile to prevent servers from serving altered content on subsequent installs #​10287.

  • Added a new setting blockExoticSubdeps that prevents the resolution of exotic protocols in transitive dependencies.

    When set to true, direct dependencies (those listed in your root package.json) may still use exotic sources, but all transitive dependencies must be resolved from a trusted source. Trusted sources include the configured registry, local file paths, workspace links, trusted GitHub repositories (node, bun, deno), and custom resolvers.

    This helps to secure the dependency supply chain. Packages from trusted sources are considered safer, as they are typically subject to more reliable verification and scanning for malware and vulnerabilities.

    Exotic sources are dependency locations that bypass the usual trusted resolution process. These protocols are specifically targeted and blocked: Git repositories (git+ssh://...) and direct URL links to tarballs (https://.../package.tgz).

    Related PR: #​10265.

  • Added support for allowBuilds, which is a new field that can be used instead of onlyBuiltDependencies and ignoredBuiltDependencies. The new allowBuilds field in your pnpm-workspace.yaml uses a map of package matchers to explicitly allow (true) or disallow (false) script execution. This allows for a single, easy-to-manage source of truth for your build permissions.

    Example Usage. To explicitly allow all versions of esbuild to run scripts and prevent core-js from running them:

    allowBuilds:esbuild:truecore-js:false

    The example above achieves the same result as the previous configuration:

    onlyBuiltDependencies:- esbuildignoredBuiltDependencies:- core-js

    Related PR: #​10311

  • Added support for --dry-run to the pack command #​10301.

Patch Changes
  • Show deprecation in table/list formats when latest version is deprecated #​8658.
  • Remove the injectWorkspacePackages setting from the lockfile on the deploy command #​10294.
  • Normalize the tarball URLs before saving them to the lockfile. URLs should not contain default ports, like :80 for http and :443 for https #​10273.
  • When a dependency is installed via a direct URL that redirects to another URL and is immutable, the original URL is normalized and saved to package.json #​10197.
Platinum Sponsors
Bit
Gold Sponsors
Discord CodeRabbit Workleap
Stackblitz Vite

v10.25.0: pnpm 10.25

Compare Source

Minor Changes

  • Allow loading certificates from cert, ca, and key for specific registry URLs. E.g., //registry.example.com/:ca=-----BEGIN CERTIFICATE-----.... Previously this was only working via certfile, cafile, and keyfile.

    These properties are supported in .npmrc, but were ignored by pnpm, this will make pnpm read and use them as well.

    Related PR: #​10230.

  • Added a new flag called --bare to pnpm init for creating a package.json with the bare minimum of required fields #​10226.

Patch Changes
  • Improved reporting of ignored dependency scripts #​10276.
  • pnpm install should build any dependencies that were added to onlyBuiltDependencies and were not built yet #​10256.
  • pnpm publish -r --force should allow to run publish over already existing versions in the registry #​10272.
  • Don't fail with a ERR_PNPM_MISSING_TIME error if a package that is excluded from trust policy checks is missing the time field in the metadata.
Platinum Sponsors
Bit
Gold Sponsors
Discord CodeRabbit Workleap
Stackblitz Vite

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [pnpm](https://pnpm.io) ([source](https://github.com/pnpm/pnpm/tree/HEAD/pnpm)) | `10.24.0` → `10.27.0` | ![age](https://developer.mend.io/api/mc/badges/age/npm/pnpm/10.27.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pnpm/10.24.0/10.27.0?slim=true) | --- ### pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies [CVE-2025-69263](https://nvd.nist.gov/vuln/detail/CVE-2025-69263) / [GHSA-7vhp-vf5g-r2fw](https://github.com/advisories/GHSA-7vhp-vf5g-r2fw) <details> <summary>More information</summary> #### Details ##### Summary HTTP tarball dependencies (and git-hosted tarballs) are stored in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. ##### Details When a package depends on an HTTP tarball URL, pnpm's tarball resolver returns only the URL without computing an integrity hash: `resolving/tarball-resolver/src/index.ts`: ```javascript return { resolution: { tarball: resolvedUrl, // No integrity field }, resolvedVia: 'url', } ``` The resulting lockfile entry has no integrity to verify: ```yaml remote-dynamic-dependency@http://example.com/pkg.tgz: resolution: {tarball: http://example.com/pkg.tgz} version: 1.0.0 ``` Since there is no integrity hash, pnpm cannot detect when the server returns different content. This affects: - HTTP/HTTPS tarball URLs (`"pkg": "https://example.com/pkg.tgz"`) - Git shorthand dependencies (`"pkg": "github:user/repo"`) - Git URLs (`"pkg": "git+https://github.com/user/repo"`) npm registry packages are not affected as they include integrity hashes from the registry metadata. ##### PoC See attached [pnpm-bypass-integrity-poc.zip](https://github.com/user-attachments/files/23819648/pnpm-bypass-integrity-poc.zip) The POC includes: - A server that returns different tarball content on each request - A `malicious-package` that depends on the HTTP tarball - A `victim` project that depends on `malicious-package` To run: ```bash cd pnpm-bypass-integrity-poc ./run-poc.sh ``` The output shows that each install (with `pnpm store prune` between them) downloads different code despite having a committed lockfile. ##### Impact An attacker who publishes a package with an HTTP tarball dependency can serve different code to different users or CI/CD environments. This enables: - Targeted attacks based on request metadata (IP, headers, timing) - Evasion of security audits (serve benign code during review, malicious code later) - Supply chain attacks where the malicious payload changes over time The attack requires the victim to install a package that has an HTTP/git tarball in its dependency tree. The victim's lockfile provides no protection. #### Severity - CVSS Score: 7.5 / 10 (High) - Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H` #### References - [https://github.com/pnpm/pnpm/security/advisories/GHSA-7vhp-vf5g-r2fw](https://github.com/pnpm/pnpm/security/advisories/GHSA-7vhp-vf5g-r2fw) - [https://nvd.nist.gov/vuln/detail/CVE-2025-69263](https://nvd.nist.gov/vuln/detail/CVE-2025-69263) - [https://github.com/pnpm/pnpm/commit/0958027f88a99ccefe7e9676cdebba393dfbdc85](https://github.com/pnpm/pnpm/commit/0958027f88a99ccefe7e9676cdebba393dfbdc85) - [https://github.com/pnpm/pnpm](https://github.com/pnpm/pnpm) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-7vhp-vf5g-r2fw) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default" [CVE-2025-69264](https://nvd.nist.gov/vuln/detail/CVE-2025-69264) / [GHSA-379q-355j-w6rj](https://github.com/advisories/GHSA-379q-355j-w6rj) <details> <summary>More information</summary> #### Details ##### pnpm v10+ Git Dependency Script Execution Bypass ##### Summary A security bypass vulnerability in pnpm v10+ allows git-hosted dependencies to execute arbitrary code during `pnpm install`, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks `postinstall` scripts via the `onlyBuiltDependencies` mechanism, git dependencies can still execute `prepare`, `prepublish`, and `prepack` scripts during the fetch phase, enabling remote code execution without user consent or approval. ##### Details pnpm v10 introduced a security feature to disable dependency lifecycle scripts by default ([PR #&#8203;8897](https://github.com/pnpm/pnpm/pull/8897)). This is implemented by setting `onlyBuiltDependencies = []` when no build policy is configured: **File:** `pkg-manager/core/src/install/extendInstallOptions.ts` (lines 290-291) ```typescript if (opts.neverBuiltDependencies == null && opts.onlyBuiltDependencies == null && opts.onlyBuiltDependenciesFile == null) { opts.onlyBuiltDependencies = [] } ``` This creates an allowlist that blocks all packages from running scripts during the **BUILD phase** in `exec/build-modules/src/index.ts`. However, git-hosted dependencies are processed differently. During the **FETCH phase**, git packages are prepared using `preparePackage()`: **File:** `exec/prepare-package/src/index.ts` (lines 28-57) ```typescript export async function preparePackage (opts: PreparePackageOptions, gitRootDir: string, subDir: string) { // ... if (opts.ignoreScripts) return { shouldBeBuilt: true, pkgDir } // Only checks ignoreScripts, not onlyBuiltDependencies const execOpts: RunLifecycleHookOptions = { // ... rawConfig: omit(['ignore-scripts'], opts.rawConfig), // Explicitly removes ignore-scripts! } // Runs npm/pnpm install await runLifecycleHook(installScriptName, manifest, execOpts) // Runs prepare scripts for (const scriptName of PREPUBLISH_SCRIPTS) { // ['prepublish', 'prepack', 'publish'] await runLifecycleHook(newScriptName, manifest, execOpts) } } ``` The `ignoreScripts` option defaults to `false` and is completely separate from `onlyBuiltDependencies`. The `onlyBuiltDependencies` allowlist is never consulted during the fetch phase. **Affected scripts that execute during fetch:** - `prepare` - `prepublish` - `prepack` **Attack vectors:** - `git+https://github.com/attacker/malicious.git` - `github:attacker/malicious` - `gitlab:attacker/malicious` - `bitbucket:attacker/malicious` - `git+ssh://git@github.com/attacker/malicious.git` - `git+file:///path/to/local/repo` ##### PoC **Prerequisites:** - pnpm v10.0.0 or later (tested on v10.23.0 and v11.0.0-alpha.1) - git **Steps to reproduce:** 1. Extract the attached [poc.zip](https://github.com/user-attachments/files/23797816/poc.zip) 2. Run the PoC script: ```bash cd poc chmod +x run-poc.sh ./run-poc.sh ``` 3. Verify the marker file was created by the malicious script: ```bash cat /tmp/pnpm-vuln-poc-marker.txt ``` **Manual reproduction:** 1. Create a malicious package with a `prepare` script: ```json { "name": "malicious-pkg", "version": "1.0.0", "scripts": { "prepare": "node -e \"require('fs').writeFileSync('/tmp/pwned.txt', 'RCE!')\"" } } ``` 2. Initialize it as a git repo and commit the files 3. Create a victim project that depends on it (just have to make sure it actually git clones and not just downloads a tarball): ```json { "dependencies": { "malicious-pkg": "git+file:///path/to/malicious-pkg" } } ``` 4. Run `pnpm install` - the prepare script executes without any warning or approval prompt ##### Impact **Severity: High** **Who is impacted:** - All pnpm v10+ users - Users who believed they were protected by the v10 "scripts disabled by default" feature - CI/CD pipelines **Attack scenarios:** 1. **Supply chain attack:** An attacker compromises a dependency, adding to it a malicious git dependency that executes arbitrary code during `pnpm install` **What an attacker can do:** - Execute arbitrary code with the victim's privileges - Exfiltrate environment variables, secrets, and credentials - Modify source code or inject backdoors - Establish persistence or reverse shells - Access the filesystem and network **Why this bypasses security expectations:** - pnpm v10 changelog explicitly states "Lifecycle scripts of dependencies are not executed during installation by default" - Users expect git dependencies to follow the same security model as npm registry packages - There is no warning that git dependencies are treated differently - The `onlyBuiltDependencies` configuration does not affect git dependencies #### Severity - CVSS Score: 8.8 / 10 (High) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H` #### References - [https://github.com/pnpm/pnpm/security/advisories/GHSA-379q-355j-w6rj](https://github.com/pnpm/pnpm/security/advisories/GHSA-379q-355j-w6rj) - [https://nvd.nist.gov/vuln/detail/CVE-2025-69264](https://nvd.nist.gov/vuln/detail/CVE-2025-69264) - [https://github.com/pnpm/pnpm/commit/73cc63504d9bc360c43e4b2feb9080677f03c5b5](https://github.com/pnpm/pnpm/commit/73cc63504d9bc360c43e4b2feb9080677f03c5b5) - [https://github.com/pnpm/pnpm](https://github.com/pnpm/pnpm) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-379q-355j-w6rj) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### pnpm vulnerable to Command Injection via environment variable substitution [CVE-2025-69262](https://nvd.nist.gov/vuln/detail/CVE-2025-69262) / [GHSA-2phv-j68v-wwqx](https://github.com/advisories/GHSA-2phv-j68v-wwqx) <details> <summary>More information</summary> #### Details ##### Summary A command injection vulnerability exists in pnpm when using environment variable substitution in `.npmrc` configuration files with `tokenHelper` settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution (RCE) in build environments. ##### Affected Components - **Package**: pnpm - **Versions**: All versions using `@pnpm/config.env-replace` and `loadToken` functionality - **File**: `pnpm/network/auth-header/src/getAuthHeadersFromConfig.ts` - `loadToken()` function - **File**: `pnpm/config/config/src/readLocalConfig.ts` - `.npmrc` environment variable substitution ##### Technical Details ##### Vulnerability Chain 1. **Environment Variable Substitution** - `.npmrc` supports `${VAR}` syntax - Substitution occurs in `readLocalConfig()` 2. **loadToken Execution** - Uses `spawnSync(helperPath, { shell: true })` - Only validates absolute path existence 3. **Attack Flow** ``` .npmrc: registry.npmjs.org/:tokenHelper=${HELPER_PATH} ↓ envReplace() → /tmp/evil-helper.sh ↓ loadToken() → spawnSync(..., { shell: true }) ↓ RCE achieved ``` ##### Code Evidence **`pnpm/config/config/src/readLocalConfig.ts:17-18`** ```typescript key = envReplace(key, process.env) ini[key] = parseField(types, envReplace(val, process.env), key) ``` **`pnpm/network/auth-header/src/getAuthHeadersFromConfig.ts:60-71`** ```typescript export function loadToken(helperPath: string, settingName: string): string { if (!path.isAbsolute(helperPath) || !fs.existsSync(helperPath)) { throw new PnpmError('BAD_TOKEN_HELPER_PATH', ...) } const spawnResult = spawnSync(helperPath, { shell: true }) // ... } ``` ##### Proof of Concept ##### Prerequisites - Private npm registry access - Control over environment variables - Ability to place scripts in filesystem ##### PoC Steps ```bash ##### 1. Create malicious helper script cat > /tmp/evil-helper.sh << 'SCRIPT' #!/bin/bash echo "RCE SUCCESS!" > /tmp/rce-log.txt echo "TOKEN_12345" SCRIPT chmod +x /tmp/evil-helper.sh ##### 2. Create .npmrc with environment variable cat > .npmrc << 'EOF' registry=https://registry.npmjs.org/ registry.npmjs.org/:tokenHelper=${HELPER_PATH} EOF ##### 3. Set environment variable (attacker controlled) export HELPER_PATH=/tmp/evil-helper.sh ##### 4. Trigger pnpm install pnpm install # RCE occurs during auth ##### 5. Verify attack cat /tmp/rce-log.txt ``` ##### PoC Results ``` ==> Attack successful ==> File created: /tmp/rce-log.txt ==> Arbitrary code execution confirmed ``` ##### Impact ##### Severity - **CVSS Score**: 7.6 (High) - **CVSS Vector**: cvss:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H ##### Affected Environments **High Risk:** - CI/CD pipelines (GitHub Actions, GitLab CI) - Docker build environments - Kubernetes deployments - Private registry users **Low Risk:** - Public registry only - Production runtime (no pnpm execution) - Static sites ##### Attack Scenarios **Scenario 1: CI/CD Supply Chain** ``` Repository → Build Trigger → pnpm install → RCE → Production Deploy ``` **Scenario 2: Docker Build** ```dockerfile FROM node:20 ARG HELPER_PATH=/tmp/evil COPY .npmrc . RUN pnpm install # RCE ``` **Scenario 3: Kubernetes** ``` Secret Control → Env Variable → .npmrc Substitution → RCE ``` ##### Mitigation ##### Temporary Workarounds **Disable tokenHelper:** ```ini ##### .npmrc ##### registry.npmjs.org/:tokenHelper=${HELPER_PATH} ``` **Use direct tokens:** ```ini //registry.npmjs.org/:_authToken=YOUR_TOKEN ``` **Audit environment variables:** - Review CI/CD env vars - Restrict .npmrc changes - Monitor build logs ##### Recommended Fixes 1. Remove `shell: true` from loadToken 2. Implement helper path allowlist 3. Validate substituted paths 4. Consider sandboxing ##### Disclosure - **Discovery**: 2025年11月02日 - **PoC**: 2025年11月02日 - **Report**: [Pending disclosure decision] ##### References - Repository: https://github.com/pnpm/pnpm - Affected: `@pnpm/config.env-replace@^3.0.2` - Similar: CVE-2024-53866, CVE-2023-37478 ##### Credit Reported by: Jiyong Yang Contact: sy2n0@&#8203;naver.com #### Severity - CVSS Score: 7.5 / 10 (High) - Vector String: `CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H` #### References - [https://github.com/pnpm/pnpm/security/advisories/GHSA-2phv-j68v-wwqx](https://github.com/pnpm/pnpm/security/advisories/GHSA-2phv-j68v-wwqx) - [https://nvd.nist.gov/vuln/detail/CVE-2025-69262](https://nvd.nist.gov/vuln/detail/CVE-2025-69262) - [https://github.com/pnpm/pnpm](https://github.com/pnpm/pnpm) - [https://github.com/pnpm/pnpm/releases/tag/v10.27.0](https://github.com/pnpm/pnpm/releases/tag/v10.27.0) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-2phv-j68v-wwqx) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>pnpm/pnpm (pnpm)</summary> ### [`v10.27.0`](https://github.com/pnpm/pnpm/releases/tag/v10.27.0): pnpm 10.27 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.26.2...v10.27.0) ##### Minor Changes - Adding `trustPolicyIgnoreAfter` allows you to ignore trust policy checks for packages published more than a specified time ago[#&#8203;10352](https://github.com/pnpm/pnpm/issues/10352). - Added project registry for global virtual store prune support. Projects using the store are now registered via symlinks in `{storeDir}/v10/projects/`. This enables `pnpm store prune` to track which packages are still in use by active projects and safely remove unused packages from the global virtual store. - **Semi-breaking.** Changed the location of unscoped packages in the virtual global store. They will now be stored under a directory named `@` to maintain a uniform 4-level directory depth. - Added mark-and-sweep garbage collection for global virtual store. `pnpm store prune` now removes unused packages from the global virtual store's `links/` directory. The algorithm: 1. Scans all registered projects for symlinks pointing to the store 2. Walks transitive dependencies to mark reachable packages 3. Removes any package directories not marked as reachable This includes support for workspace monorepos - all `node_modules` directories within a project (including those in workspace packages) are scanned. ##### Patch Changes - Throw an error if the value of the `tokenHelper` or `<url>:tokenHelper` setting contains an environment variable. - Git dependencies with build scripts should respect the `dangerouslyAllowAllBuilds` settings [#&#8203;10376](https://github.com/pnpm/pnpm/issues/10376). - Skip the package manager check when running with --global and a project packageManager is configured, and warn that the check is skipped. - `pnpm store prune` should not fail if the dlx cache directory has files, not only directories [#&#8203;10384](https://github.com/pnpm/pnpm/pull/10384) - Fixed a bug ([#&#8203;9759](https://github.com/pnpm/pnpm/issues/9759)) where `pnpm add` would incorrectly modify a catalog entry in `pnpm-workspace.yaml` to its exact version. ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> ### [`v10.26.2`](https://github.com/pnpm/pnpm/releases/tag/v10.26.2): pnpm 10.26.2 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.26.1...v10.26.2) ##### Patch Changes - Improve error message when a package version exists but does not meet the `minimumReleaseAge` constraint. The error now clearly states that the version exists and shows a human-readable time since release (e.g., "released 6 hours ago") [#&#8203;10307](https://github.com/pnpm/pnpm/issues/10307). - Fix installation of Git dependencies using annotated tags [#&#8203;10335](https://github.com/pnpm/pnpm/issues/10335). Previously, pnpm would store the annotated tag object's SHA in the lockfile instead of the actual commit SHA. This caused `ERR_PNPM_GIT_CHECKOUT_FAILED` errors because the checked-out commit hash didn't match the stored tag object hash. - Binaries of runtime engines (Node.js, Deno, Bun) are written to `node_modules/.bin` before lifecycle scripts (install, postinstall, prepare) are executed [#&#8203;10244](https://github.com/pnpm/pnpm/issues/10244). - Try to avoid making network calls with preferOffline [#&#8203;10334](https://github.com/pnpm/pnpm/pull/10334). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> ### [`v10.26.1`](https://github.com/pnpm/pnpm/releases/tag/v10.26.1): pnpm 10.26.1 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.26.0...v10.26.1) ##### Patch Changes - Don't fail on `pnpm add`, when `blockExoticSubdeps` is set to `true` [#&#8203;10324](https://github.com/pnpm/pnpm/issues/10324). - Always resolve git references to full commits and ensure `HEAD` points to the commit after checkout [#&#8203;10310](https://github.com/pnpm/pnpm/pull/10310). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> ### [`v10.26.0`](https://github.com/pnpm/pnpm/releases/tag/v10.26.0): pnpm 10.26 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.25.0...v10.26.0) ##### Minor Changes - **Semi-breaking.** Block git-hosted dependencies from running prepare scripts unless explicitly allowed in `onlyBuiltDependencies` [#&#8203;10288](https://github.com/pnpm/pnpm/pull/10288). - **Semi-breaking.** Compute integrity hash for HTTP tarball dependencies when fetching, storing it in the lockfile to prevent servers from serving altered content on subsequent installs [#&#8203;10287](https://github.com/pnpm/pnpm/pull/10287). - Added a new setting `blockExoticSubdeps` that prevents the resolution of exotic protocols in transitive dependencies. When set to `true`, direct dependencies (those listed in your root `package.json`) may still use exotic sources, but all transitive dependencies must be resolved from a trusted source. Trusted sources include the configured registry, local file paths, workspace links, trusted GitHub repositories (node, bun, deno), and custom resolvers. This helps to secure the dependency supply chain. Packages from trusted sources are considered safer, as they are typically subject to more reliable verification and scanning for malware and vulnerabilities. **Exotic sources** are dependency locations that bypass the usual trusted resolution process. These protocols are specifically targeted and blocked: Git repositories (`git+ssh://...`) and direct URL links to tarballs (`https://.../package.tgz`). Related PR: [#&#8203;10265](https://github.com/pnpm/pnpm/pull/10265). - Added support for `allowBuilds`, which is a new field that can be used instead of `onlyBuiltDependencies` and `ignoredBuiltDependencies`. The new `allowBuilds` field in your `pnpm-workspace.yaml` uses a map of package matchers to explicitly allow (`true`) or disallow (`false`) script execution. This allows for a single, easy-to-manage source of truth for your build permissions. **Example Usage.** To explicitly allow all versions of `esbuild` to run scripts and prevent `core-js` from running them: ```yaml allowBuilds: esbuild: true core-js: false ``` The example above achieves the same result as the previous configuration: ```yaml onlyBuiltDependencies: - esbuild ignoredBuiltDependencies: - core-js ``` Related PR: [#&#8203;10311](https://github.com/pnpm/pnpm/pull/10311) - Added support for `--dry-run` to the `pack` command [#&#8203;10301](https://github.com/pnpm/pnpm/issues/10301). ##### Patch Changes - Show deprecation in table/list formats when latest version is deprecated [#&#8203;8658](https://github.com/pnpm/pnpm/issues/8658). - Remove the `injectWorkspacePackages` setting from the lockfile on the `deploy` command [#&#8203;10294](https://github.com/pnpm/pnpm/pull/10294). - Normalize the tarball URLs before saving them to the lockfile. URLs should not contain default ports, like :80 for http and :443 for https [#&#8203;10273](https://github.com/pnpm/pnpm/pull/10273). - When a dependency is installed via a direct URL that redirects to another URL and is immutable, the original URL is normalized and saved to `package.json` [#&#8203;10197](https://github.com/pnpm/pnpm/pull/10197). ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> ### [`v10.25.0`](https://github.com/pnpm/pnpm/releases/tag/v10.25.0): pnpm 10.25 [Compare Source](https://github.com/pnpm/pnpm/compare/v10.24.0...v10.25.0) ##### Minor Changes - Allow loading certificates from `cert`, `ca`, and `key` for specific registry URLs. E.g., `//registry.example.com/:ca=-----BEGIN CERTIFICATE-----...`. Previously this was only working via `certfile`, `cafile`, and `keyfile`. These properties are supported in `.npmrc`, but were ignored by pnpm, this will make pnpm read and use them as well. Related PR: [#&#8203;10230](https://github.com/pnpm/pnpm/pull/10230). - Added a new flag called `--bare` to `pnpm init` for creating a package.json with the bare minimum of required fields [#&#8203;10226](https://github.com/pnpm/pnpm/issues/10226). ##### Patch Changes - Improved reporting of ignored dependency scripts [#&#8203;10276](https://github.com/pnpm/pnpm/pull/10276). - `pnpm install` should build any dependencies that were added to `onlyBuiltDependencies` and were not built yet [#&#8203;10256](https://github.com/pnpm/pnpm/pull/10256). - `pnpm publish -r --force` should allow to run publish over already existing versions in the registry [#&#8203;10272](https://github.com/pnpm/pnpm/issues/10272). - Don't fail with a `ERR_PNPM_MISSING_TIME` error if a package that is excluded from trust policy checks is missing the time field in the metadata. ##### Platinum Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://bit.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"><img src="https://pnpm.io/img/users/bit.svg" width="80" alt="Bit"></a> </td> </tr> </tbody> </table> ##### Gold Sponsors <table> <tbody> <tr> <td align="center" valign="middle"> <a href="https://discord.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/discord.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/discord_light.svg" /> <img src="https://pnpm.io/img/users/discord.svg" width="220" alt="Discord" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://coderabbit.ai/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/coderabbit.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/coderabbit_light.svg" /> <img src="https://pnpm.io/img/users/coderabbit.svg" width="220" alt="CodeRabbit" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://workleap.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/workleap.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/workleap_light.svg" /> <img src="https://pnpm.io/img/users/workleap.svg" width="190" alt="Workleap" /> </picture> </a> </td> </tr> <tr> <td align="center" valign="middle"> <a href="https://stackblitz.com/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <picture> <source media="(prefers-color-scheme: light)" srcset="https://pnpm.io/img/users/stackblitz.svg" /> <source media="(prefers-color-scheme: dark)" srcset="https://pnpm.io/img/users/stackblitz_light.svg" /> <img src="https://pnpm.io/img/users/stackblitz.svg" width="190" alt="Stackblitz" /> </picture> </a> </td> <td align="center" valign="middle"> <a href="https://vite.dev/?utm_source=pnpm&utm_medium=release_notes" target="_blank"> <img src="https://pnpm.io/img/users/vitejs.svg" width="42" alt="Vite"> </a> </td> </tr> </tbody> </table> </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43OC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNzguMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeSJdfQ==-->
chore(deps): update dependency pnpm to v10.27.0 [security]
Some checks failed
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/deploy-preview Pipeline was successful
ci/woodpecker/pr/lint Pipeline failed
ci/woodpecker/pull_request_closed/deploy-preview Pipeline was successful
8cfcf7d438
renovate-bot scheduled this pull request to auto merge when all checks succeed 2026年01月12日 01:43:37 +01:00
Gusted deleted branch renovate/npm-pnpm-vulnerability 2026年01月13日 16:13:13 +01:00
Sign in to join this conversation.
No reviewers
Labels
Clear labels
Codeberg Pages

Issues affecting Codeberg Pages
Documentation Usability

Issues related to using and reading docs.codeberg.org
Forgejo
Good First Issue! 👋
Kind: Bug
Kind: Documentation
Kind: Enhancement
Kind: Feature
Kind: Question
Kind: Security
Licensing
Part: Generator

This is related to the generation of the documentation, not to the content itself
Priority: High

The priority is high
Priority: Low

The priority is low
Priority: Medium

The priority is medium
Reviewed: Confirmed

Something has been confirmed
Reviewed: Duplicate

Something exists already
Reviewed: Invalid

Something was marked as invalid
Reviewed: Wontfix

Something won't be fixed
Status: Blocked
Status: Help wanted

Contributions are welcome!
Status: In progress

Work is in progress
Status: Needs feedback

Feedback is needed
Status: Ready for Review

Work is completed
Status: Review

Review is in progress / Reviewers wanted
Status: Stale
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Documentation!727
Reference in a new issue
Codeberg/Documentation
No description provided.
Delete branch "renovate/npm-pnpm-vulnerability"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?