## Woo! A Config File!
##
## This file is used to configure the behavior of pnpm.
## If adjusting settings, please document the "why" in comments.
##
## It may also be good to understand that we intentionally are
## not using `hoisting` and using `injected` workspace packages
## to ensure properly isolated dep trees for test apps.
#
## things like `moduleExists` from @embroider/macros will report false answers
## for the test apps unless we avoid hoisting.
##
## Note, if we ever need to hoist something, we can use hoist-pattern[]=""
## For instance: hoist-pattern[]=*node-fetch*
## to hoist the specific thing we need and set this to `true`. When true
## and a hoist-pattern is present only the hoist-pattern will be hoisted.
#
hoist=false

## We should consider removing these
## But historically this was the default for pnpm
## and there is cleanup to do to make things work
## without these
## Its also just useful to have these tools top-level
#
public-hoist-pattern[]=*eslint*
public-hoist-pattern[]=*prettier*

## Ideally this would be dynamic as in CI we only have 4 CPUs
## While locally we have 10-16 CPUs. The more CPUs we use during
## install, generally the faster the install will be.
##
child-concurrency=10

## This is the default but its good to be explicit
## This helps us to ensure we are using the workspace
## version of a package.
##
save-workspace-protocol=rolling

## The current default is "highest" but we want to be explicit
## Since we also just want to ensure we are always using the
## latest versions of things we can.
##
resolution-mode=highest

## This is documented in a slightly different place in the pnpm
## docs. If this setting is true (the default) then pnpm will
## run the pre* and post* versions of a script when running other
## scripts. For instance running "build" would also run "prebuild"
## and "postbuild". This is not the behavior we want.
##
enable-pre-post-scripts=false

## We use volta to manage our node and pnpm versions, so we do not
## want pnpm to manage these for us.
##
manage-package-manager-versions=false

## This is now the default but we want to be explicit
## This prevents security exploits from packages running
## arbitrary code during install. It also speeds up install times.
## Our own packages will still run their installation scripts
##
ignore-dep-scripts=true

## Make sure we don't troll ourselves when updating deps
##
verify-deps-before-run=true

## We do not want to auto-install peers because
## We want to ensure we understand what is actually required
## So that if a consuming app uses strict mode things will work
##
## This said, Apps should probably set this to true
##
auto-install-peers=false

## We want to error if we did not setup required peers correctly
## However, this pnpm bug prevents us using this as it will
## error when using `--no-lockfile` without reporting any errors
## https://github.com/pnpm/pnpm/issues/8382
##
strict-peer-dependencies=false

## We use so many similarly grouped peers, we want to make the
## peer-groups easier to distinguish.
## This forces a shorter sha for all groups (vs the default of 1000)
##
peers-suffix-max-length=40
virtual-store-dir-max-length=40

## If a dependency is not declared, we do not want to accidentally
## resolve it from the workspace root. This is a common source of
## bugs in monorepos.
##
resolve-peers-from-workspace-root=false

## Our Workspace Packages are "injected" so prevent
## devDependencies from being exposed and to allow
## for us to test optional peerDependencies.
##
inject-workspace-packages=true

## This also means we do not want to hoist them to the root
## As this would both expose them to all other packages AND
## results in them using symlinks instead of hardlinks
##
hoist-workspace-packages=false

## We use the `workspace:*` protocol for all workspace
## packages.
## In theory it would be nice to use `deep` here just in case
## we missed something so that we could tell pnpm to use the
## workspace version of a package if it exists. At any depth.
##
## However, it seems that deep/true result in workspace packages
## that are dependencies being symlinked instead of hardlinked
## more often, even at the top-level of a package, which is not
## what we want.
##
link-workspace-packages=false # deep

## Update injected dependencies when needed
## This will rerun after various "build" scripts
## In our published packages.
##
## Unfortunately, this does not run after scripts in
## the monorepo root, so we have added a special "sync"
## script to handle this.
##
sync-injected-deps-after-scripts[]=build:pkg
sync-injected-deps-after-scripts[]=sync

## In keeping with our "no hoisting" and "no auto-peers" and
## "isolated dep trees", we also want to avoid other things
## that lead to reliance on hoisting.
## In general, deduping leads to hoisting. This particular
## setting causes direct-dependencies to resolve from the
## workspace root if already in root. We don't want this.
##
dedupe-direct-deps=false

## We do not want to dedupe peer dependencies as this
## results in hoisting and violates optional peer isolation.
##
dedupe-peer-dependents=false

## We do not want to dedupe injected dependencies as this
## results in hoisting and violates optional peer isolation.
##
dedupe-injected-deps=false

## Fin
