Pre-flight checklist
Forge version
7.11.1
Electron version
33.3.1
Operating system
macOS
Last known working Forge version
No response
Expected behavior
pnpm installs @electron-forge/cli without issue
Actual behavior
PNPM fails to install with the following message:
[ERR_PNPM_EXOTIC_SUBDEP] Exotic dependency "@electron/node-gyp" (resolved via git-repository) is not allowed in subdependencies when blockExoticSubdeps is enabled
This error happened while installing the dependencies of @electron-forge/cli@7.11.1
at @electron-forge/core-utils@7.11.1
at @electron/rebuild@3.7.2
Steps to reproduce
Use pnpm with a version > v10.26.0, and without disabling blockExoticSubdeps in pnpm-workspace.yaml
Additional information
@electron/rebuild v4+ has addressed this issue and uses version specifiers instead, however it has a number of breaking changes, including bumping minimum node version to 22.12.0.
Given the recent supply-chain attacks & compromises, we should really be following best practices and leaning into all security recommendations, including blocking such dependencies from being installed.
Pre-flight checklist
Forge version
7.11.1
Electron version
33.3.1
Operating system
macOS
Last known working Forge version
No response
Expected behavior
pnpm installs
@electron-forge/cliwithout issueActual behavior
PNPM fails to install with the following message:
Steps to reproduce
Use pnpm with a version > v10.26.0, and without disabling
blockExoticSubdepsinpnpm-workspace.yamlAdditional information
@electron/rebuildv4+ has addressed this issue and uses version specifiers instead, however it has a number of breaking changes, including bumping minimum node version to 22.12.0.Given the recent supply-chain attacks & compromises, we should really be following best practices and leaning into all security recommendations, including blocking such dependencies from being installed.