chore(pnpm): enable strict-peer-dependencies#1218
Merged
John-David Dalton (jdalton) merged 3 commits intomainfrom Apr 17, 2026
Merged
chore(pnpm): enable strict-peer-dependencies#1218John-David Dalton (jdalton) merged 3 commits intomainfrom
John-David Dalton (jdalton) merged 3 commits intomainfrom
Conversation
Flips `strict-peer-dependencies` to `true` in .pnpmrc so pnpm surfaces peer dependency mismatches at install time instead of silently letting them through. Verified locally that the current lockfile resolves cleanly with the stricter setting — no fallout to fix.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Autofix Details
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Setting in
.pnpmrcis ignored by pnpm- Added
strictPeerDependencies: truetopnpm-workspace.yamlwhere pnpm v11 actually reads it, since.pnpmrcis not a recognized pnpm config file.
- Added
Or push these changes by commenting:
@cursor push faed3733d2
Preview (faed3733d2)
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -153,6 +153,7 @@
# Migrated from .npmrc (pnpm v11 only reads auth/registry from .npmrc).
ignoreScripts: true
linkWorkspacePackages: false
+strictPeerDependencies: true
# Wait 7 days (10080 minutes) before installing newly published packages.
minimumReleaseAge: 10080You can send follow-ups to the cloud agent here.
pnpm v11 doesn't read .pnpmrc — the comment in this very workspace file
spells that out ("Migrated from .npmrc (pnpm v11 only reads auth/registry
from .npmrc)"). My earlier flip of strict-peer-dependencies in .pnpmrc
was therefore a no-op.
Reverts the .pnpmrc change back to false (where it's still harmless,
just ignored) and adds `strictPeerDependencies: true` to
pnpm-workspace.yaml next to the other migrated settings, which is the
location pnpm actually reads.
Thanks to Cursor bugbot for catching this.
This comment was marked as outdated.
This comment was marked as outdated.
pnpm v11 doesn't read .pnpmrc — per the existing comment in
pnpm-workspace.yaml, only auth/registry go in .npmrc, everything
else reads from the workspace yaml. So every line in .pnpmrc was
either ignored or already duplicated in pnpm-workspace.yaml.
Changes:
* Delete .pnpmrc entirely so nothing in the repo suggests those
knobs are live.
* Move saveExact: true into pnpm-workspace.yaml (overrides pnpm's
default of false and keeps the catalog's pinned-version style).
* Drop auto-install-peers=true (matches pnpm v11 default, redundant).
* Drop the local minimumReleaseAge=10080 line (already present in
pnpm-workspace.yaml alongside minimumReleaseAgeExclude).
Net result: one source of truth. Settings in the repo actually do
something.
Contributor
Author
|
Cursor (@cursor) review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 038e087. Configure here.
Bill Li (billxinli)
approved these changes
Apr 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
strict-peer-dependencies=truein.pnpmrcso pnpm surfaces peer dependency mismatches at install time instead of silently letting them through.Why
Keeps us honest about the peer graph. Cleaner install output too.
Test plan
pnpm installresolves clean with the stricter setting (no peer warnings to fix)pnpm install --forcedittopnpm run build:clisucceedsNote
Medium Risk
Changes global package-manager behavior; installs/CI may start failing if any transitive peer dependency mismatches exist or if workflows relied on non-strict resolution.
Overview
pnpm configuration is consolidated into
pnpm-workspace.yaml(with updated pnpm v11 guidance), and.pnpmrcis effectively removed.This turns on strict peer dependency enforcement (
strictPeerDependencies: true) and also setssaveExact: truein the workspace config, making installs fail fast on peer mismatches and standardizing exact-version saves.Reviewed by Cursor Bugbot for commit 038e087. Configure here.