From 873885b0e38f5fdfea8d35b791e64d61a5891111 Mon Sep 17 00:00:00 2001 From: Karthik Appiah Date: Sun, 20 Jul 2025 18:05:34 -0700 Subject: [PATCH 1/3] added alternative to only allow pnpm --- docs/only-allow-pnpm.md | 52 ++++++++++++++++++++++++++++++++--------- 1 file changed, 41 insertions(+), 11 deletions(-) diff --git a/docs/only-allow-pnpm.md b/docs/only-allow-pnpm.md index c146780eb767..fb9c8da0edb8 100644 --- a/docs/only-allow-pnpm.md +++ b/docs/only-allow-pnpm.md @@ -1,21 +1,51 @@ --- id: only-allow-pnpm -title: Only allow pnpm +title: Only Allow PNPM --- -When you use pnpm on a project, you don't want others to accidentally run -`npm install` or `yarn`. To prevent devs from using other package managers, -you can add the following `preinstall` script to your `package.json`: +When many developers are working on the same project together, you need a failsafe in case someone accidentally runs commands with another package manager (like NPM, Yarn, Bun). -```json +To prevent dependency management conflicts between package managers: + +1. Create a file, if it doesn't already exist, named `.npmrc` at the root of your project. +2. Write the following content into your `.npmrc`: + +``` +engine-strict=true +``` + +3. Write the following content into your `package.json`: + +``` { - "scripts": { - "preinstall": "npx only-allow pnpm" - } + "devEngines": { + "runtime": { + "name": "node", + "onFail": "error" + }, + "packageManager": { + "name": "pnpm", + "onFail": "error" + } + }, + "engines": { + "node": ">=18.18.0", + "pnpm": ">=10.0.0" + }, } ``` -Now, whenever someone runs `npm install` or `yarn`, they'll get an -error instead and installation will not proceed. +- Now, when you run `npm i`, `npm i -D` (or an equivalent), these commands return this error (before the preinstall script can run): -If you use npm v7, use `npx -y` instead. +``` +username@hostname some-project % npm i -D package +npm error code EBADDEVENGINES +npm error EBADDEVENGINES The developer of this package has specified the following through devEngines +npm error EBADDEVENGINES Invalid engine "packageManager" +npm error EBADDEVENGINES Invalid name "pnpm" does not match "npm" for "packageManager" +npm error EBADDEVENGINES { +npm error EBADDEVENGINES current: { name: 'npm', version: '10.0.0' }, +npm error EBADDEVENGINES required: { name: 'pnpm', onFail: 'error' } +npm error EBADDEVENGINES } +npm error A complete log of this run can be found in: /Users/username/.npm/_logs/2021-08-21T00_00_00_000Z-debug-0.log +``` From 4db6426b2116689933c8fb37bb772382f2905e75 Mon Sep 17 00:00:00 2001 From: Karthik Appiah Date: Sun, 20 Jul 2025 18:54:37 -0700 Subject: [PATCH 2/3] added more options for only-allow --- docs/only-allow-pnpm.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/only-allow-pnpm.md b/docs/only-allow-pnpm.md index fb9c8da0edb8..d8335e08cebf 100644 --- a/docs/only-allow-pnpm.md +++ b/docs/only-allow-pnpm.md @@ -3,7 +3,7 @@ id: only-allow-pnpm title: Only Allow PNPM --- -When many developers are working on the same project together, you need a failsafe in case someone accidentally runs commands with another package manager (like NPM, Yarn, Bun). +When many developers are working on the same project together, you need a failsafe in case someone accidentally runs commands with another package manager (like NPM, Yarn, or Bun). To prevent dependency management conflicts between package managers: @@ -25,6 +25,7 @@ engine-strict=true }, "packageManager": { "name": "pnpm", + "version": "10.13.1", "onFail": "error" } }, @@ -35,7 +36,7 @@ engine-strict=true } ``` -- Now, when you run `npm i`, `npm i -D` (or an equivalent), these commands return this error (before the preinstall script can run): +- Now, when you run `npm i`, `npm i -D` (or an equivalent), these commands return this error: ``` username@hostname some-project % npm i -D package @@ -49,3 +50,16 @@ npm error EBADDEVENGINES required: { name: 'pnpm', onFail: 'error' } npm error EBADDEVENGINES } npm error A complete log of this run can be found in: /Users/username/.npm/_logs/2021-08-21T00_00_00_000Z-debug-0.log ``` + +Alternatively, in your `package.json`, you can specify the following `preinstall` script: + +``` +{ + "scripts": { + "preinstall": "npx only-allow pnpm" + } +} +``` + +- You may also install the package `only-allow` as a dev dependency. +- For NPM version 7+, you may need to run `npx -y only-allow pnpm` instead. From 9a1f35e89054cc00264100ce379860e312f1eef3 Mon Sep 17 00:00:00 2001 From: Karthik Appiah Date: Sun, 20 Jul 2025 19:19:53 -0700 Subject: [PATCH 3/3] replaced certain words with better synonyms --- docs/only-allow-pnpm.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/only-allow-pnpm.md b/docs/only-allow-pnpm.md index d8335e08cebf..e1e0041bd9f5 100644 --- a/docs/only-allow-pnpm.md +++ b/docs/only-allow-pnpm.md @@ -8,13 +8,13 @@ When many developers are working on the same project together, you need a failsa To prevent dependency management conflicts between package managers: 1. Create a file, if it doesn't already exist, named `.npmrc` at the root of your project. -2. Write the following content into your `.npmrc`: +2. Toggle the following configuration variable in your `.npmrc` on: ``` engine-strict=true ``` -3. Write the following content into your `package.json`: +3. Specify the following fields in your `package.json`: ``` { @@ -51,6 +51,8 @@ npm error EBADDEVENGINES } npm error A complete log of this run can be found in: /Users/username/.npm/_logs/2021-08-21T00_00_00_000Z-debug-0.log ``` +--- + Alternatively, in your `package.json`, you can specify the following `preinstall` script: ```