mirror of
https://github.com/element-hq/matrix-authentication-service.git
synced 2026-06-06 19:52:17 +00:00
Quentin Gliech
c349228505
Sets up a pnpm workspace at the repo root with the single existing frontend/ package, pinned via packageManager to pnpm@11.1.0. The new pnpm-workspace.yaml enables three pnpm 11 defaults explicitly so they can't silently be relaxed: - trustPolicy: no-downgrade (override via trustPolicyExclude) - strictDepBuilds: true (override via allowBuilds) - strictPeerDependencies: true (override via peerDependencyRules.allowedVersions) allowBuilds permits the @swc/core, esbuild and msw postinstalls (native binaries / service worker setup) and explicitly denies @scarf/scarf telemetry. trustPolicyExclude lists semver@6.3.1, which a transitive of @babel/core publishes without provenance even though earlier versions had it. The lockfile is imported from the previous package-lock.json, so locked versions stay identical to npm — no dependency upgrades sneak in here. @graphql-typed-document-node/core is added as an explicit devDependency because @graphql-codegen/client-preset's generated code imports it directly and pnpm doesn't hoist transitive deps. The frontend/.npmrc engine-strict=true setting moves to pnpm-workspace.yaml as engineStrict: true.