update

pnpm v11 moved global binaries from PNPM_HOME to PNPM_HOME/bin.
Add the new bin subdirectory to PATH so that pnpm's global bin
directory check passes. This is backwards compatible — the extra
PATH entry is harmless for older pnpm versions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.github/CODEOWNERS

@@ -1 +0,0 @@
-* @zkochan

.github/workflows/test.yaml

@@ -1,174 +1,86 @@
 name: Test Action
 
 on:
-  pull_request:
+  - push
-  push:
+  - pull_request
-    branches:
+  - workflow_dispatch
-      - master
-  workflow_dispatch:
 
 jobs:
-  smoke:
+  test_default_inputs:
-    # Cross-OS coverage. Exercises the bootstrap install + PATH on each platform,
+    name: Test with default inputs
-    # the version-respects-request regression (#225 / #230 — Windows PATH shadow),
-    # and the bin_dest output regression (#247). Multi-version coverage on Linux
-    # so we don't pay 3x for major-version differences.
-    name: 'Smoke (${{ matrix.name }})'
 
     runs-on: ${{ matrix.os }}
 
     strategy:
       fail-fast: false
       matrix:
-        include:
+        pnpm:
-          - name: 'ubuntu / v9.15.5'
+          - 9.15.5
-            os: ubuntu-latest
+        os:
-            version: '9.15.5'
+          - ubuntu-latest
-          - name: 'ubuntu / v10.33.0'
+          - macos-latest
-            os: ubuntu-latest
+          - windows-latest
-            version: '10.33.0'
-          - name: 'ubuntu / v9.15.5 / custom-dest'
-            os: ubuntu-latest
-            version: '9.15.5'
-            dest: '~/test/pnpm'
-          - name: 'macos / v9.15.5'
-            os: macos-latest
-            version: '9.15.5'
-          - name: 'windows / v9.15.5'
-            os: windows-latest
-            version: '9.15.5'
 
     steps:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
-      - id: pnpm
-        name: Run the action
-        uses: ./
-        with:
-          version: ${{ matrix.version }}
-          dest: ${{ matrix.dest || '~/setup-pnpm' }}
-
-      - name: 'Test: pnpm/pnpx on PATH report the requested version (incl. via bin_dest)'
-        # Pass paths via env, not template interpolation, so Windows
-        # backslashes in `bin_dest` aren't eaten by bash's escape handling.
-        env:
-          BIN_DEST: ${{ steps.pnpm.outputs.bin_dest }}
-          REQUIRED: ${{ matrix.version }}
-        run: |
-          set -e
-          which pnpm
-          which pnpx
-          actual="$(pnpm --version)"
-          echo "pnpm --version: ${actual}"
-          if [ "${actual}" != "${REQUIRED}" ]; then
-            echo "Expected pnpm version ${REQUIRED}, but got ${actual}"
-            exit 1
-          fi
-          bin_dest_version="$("$BIN_DEST/pnpm" --version)"
-          echo "bin_dest pnpm --version: ${bin_dest_version}"
-          if [ "${bin_dest_version}" != "${REQUIRED}" ]; then
-            echo "Expected ${REQUIRED} via bin_dest, but got ${bin_dest_version}"
-            exit 1
-          fi
-        shell: bash
-
-      - name: 'Test: install in a fresh project'
-        run: |
-          mkdir /tmp/test-project
-          cd /tmp/test-project
-          pnpm init
-          pnpm add is-odd
-        shell: bash
-
-  manifest_pin:
-    # Folds the old test_package_manager_field, test_dev_engines, and
-    # test_dev_engines_on_fail_error jobs. The action's manifest handling is
-    # OS-independent, so ubuntu-only is sufficient.
-    name: 'Manifest pin: ${{ matrix.label }}'
-
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - label: 'packageManager pnpm@9.15.5 (#227)'
-            manifest: '{"packageManager":"pnpm@9.15.5"}'
-            version: '9.15.5'
-          - label: 'packageManager pnpm@10.33.0'
-            manifest: '{"packageManager":"pnpm@10.33.0"}'
-            version: '10.33.0'
-          - label: 'devEngines onFail=download, exact'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"download"}}}'
-            version: '9.15.5'
-          - label: 'devEngines onFail=download, range'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=9.15.0","onFail":"download"}}}'
-            version: '>=9.15.0'
-          - label: 'devEngines onFail=error, exact (#252)'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"error"}}}'
-            version: '9.15.5'
-          - label: 'devEngines onFail=error, range (#252)'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=9.15.0","onFail":"error"}}}'
-            version: '>=9.15.0'
-          - label: 'explicit version: pnpm_config_pm_on_fail not exported'
-            # Regression guard for the af8e203 scope fix: when the user passes an
-            # explicit `version:` input, the action must NOT export
-            # pnpm_config_pm_on_fail=download, so the user's strict onFail policy
-            # is preserved. Asserted directly on the env var rather than pnpm
-            # runtime behavior — different pnpm majors read devEngines
-            # differently (v10 ignores it, v11+ honors it).
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"9.15.5","onFail":"error"}}}'
-            explicit_version: '10.33.0'
-            expect_pm_on_fail_unset: true
-
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-
-      - name: Set up package.json
-        run: echo '${{ matrix.manifest }}' > package.json
-        shell: bash
-
       - name: Run the action
         uses: ./
         with:
-          version: ${{ matrix.explicit_version }}
+          version: 9.15.5
 
-      - name: 'Test: pnpm reports the pinned version'
+      - name: 'Test: which'
-        if: ${{ !matrix.expect_pm_on_fail_unset }}
+        run: which pnpm; which pnpx
-        env:
-          REQUIRED: ${{ matrix.version }}
-        run: |
-          set -e
-          actual="$(pnpm --version)"
-          echo "pnpm version: ${actual}"
-          if [ "${REQUIRED}" = ">=9.15.0" ]; then
-            min="9.15.0"
-            if [ "$(printf '%s\n' "${min}" "${actual}" | sort -V | head -n1)" != "${min}" ]; then
-              echo "Expected pnpm version >= ${min}, but got ${actual}"
-              exit 1
-            fi
-          else
-            if [ "${actual}" != "${REQUIRED}" ]; then
-              echo "Expected pnpm version ${REQUIRED}, but got ${actual}"
-              exit 1
-            fi
-          fi
-        shell: bash
 
-      - name: 'Test: pnpm_config_pm_on_fail not exported (explicit version preserves strict policy)'
+      - name: 'Test: install'
-        if: ${{ matrix.expect_pm_on_fail_unset }}
+        run: pnpm install
-        run: |
+
-          if [ -n "${pnpm_config_pm_on_fail:-}" ]; then
+  test_dest:
-            echo "Expected pnpm_config_pm_on_fail to be unset, but got: '${pnpm_config_pm_on_fail}'"
+    name: Test with dest
-            exit 1
+
-          fi
+    runs-on: ${{ matrix.os }}
-          echo "pnpm_config_pm_on_fail is unset, as expected"
+
-        shell: bash
+    strategy:
+      fail-fast: false
+      matrix:
+        pnpm:
+          - 9.15.5
+        os:
+          - ubuntu-latest
+          - macos-latest
+          - windows-latest
+
+    steps:
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+
+      - name: Run the action
+        uses: ./
+        with:
+          version: 9.15.5
+          dest: ~/test/pnpm
+
+      - name: 'Test: which'
+        run: which pnpm && which pnpx
+
+      - name: 'Test: install'
+        run: pnpm install
+
+  test_standalone:
+    name: Test with standalone
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          # macos is excluded from this test because node 12 is no longer available on this platform
+          - ubuntu-latest
+          - windows-latest
 
         standalone:
-    name: Standalone mode
+          - true
-
+          - false
-    runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
@@ -177,130 +89,59 @@ jobs:
         uses: ./
         with:
           version: 9.15.0
-          standalone: true
+          standalone: ${{ matrix.standalone }}
 
-      - name: 'Test: pnpm works'
+      - name: install Node.js
-        run: |
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-          set -e
-          which pnpm
-          actual="$(pnpm --version)"
-          if [ "${actual}" != "9.15.0" ]; then
-            echo "Expected 9.15.0, got ${actual}"
-            exit 1
-          fi
-          mkdir /tmp/test-standalone
-          cd /tmp/test-standalone
-          pnpm init
-          pnpm add is-odd
-        shell: bash
-
-  standalone_windows_self_update:
-    # Regression guard for the patchPnpmEnv PATH-shadow bug. When
-    # standalone: true on Windows AND the requested pnpm differs from the
-    # bootstrap, the previous patchPnpmEnv prepended node_modules/.bin to
-    # PATH; that directory contains an npm-created pnpm.cmd shim pointing
-    # at the BOOTSTRAP pnpm, which shadowed the self-updated pnpm at
-    # $PNPM_HOME/bin and caused `pnpm install` inside the action to run
-    # under the bootstrap version. Exercising a newer-pnpm-only flag
-    # (`--no-runtime`, added in 11.1.0) makes the regression assertable:
-    # if the bootstrap (11.0.4) handles the install, it errors with
-    # "Unknown option: 'runtime'".
-    name: 'Standalone Windows self-update (PATH regression)'
-    runs-on: windows-latest
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-
-      - name: Set up package.json with a minimal manifest
-        # run_install needs a manifest to install against. Removing the
-        # repo's existing pnpm-lock.yaml avoids frozen-lockfile mismatch.
-        run: |
-          rm -f pnpm-lock.yaml
-          echo '{"name":"sw","private":true,"packageManager":"pnpm@11.1.0"}' > package.json
-        shell: bash
-
-      - name: Run the action
-        uses: ./
         with:
-          version: 11.1.0
+          # pnpm@7.0.0 is not compatible with Node.js 12
-          standalone: true
+          node-version: 12.22.12
-          run_install: |
-            args: ['--no-runtime']
 
-      - name: 'Test: pnpm install completed under the self-updated pnpm'
+      - name: 'Test: which (pnpm)'
-        # If the bug recurs, the previous step's run_install will have failed
+        run: which pnpm
-        # the job with "Unknown option: 'runtime'", so reaching this step
+
-        # implies success. Still verify the version on PATH matches request.
+      - name: 'Test: which (pnpx)'
-        env:
+        if: matrix.standalone == false
-          REQUIRED: '11.1.0'
+        run: which pnpx
-        run: |
+
-          set -e
+      - name: 'Test: install when standalone is true'
-          actual="$(pnpm --version)"
+        if: matrix.standalone
-          echo "pnpm --version: ${actual}"
+        run: pnpm install
-          if [ "${actual}" != "${REQUIRED}" ]; then
+
-            echo "Expected pnpm ${REQUIRED}, got ${actual}"
+      - name: 'Test: install when standalone is false'
-            exit 1
+        if: matrix.standalone == false
-          fi
+        # Since the default shell on windows runner is pwsh, we specify bash explicitly
         shell: bash
+        run: |
+          if pnpm install; then
+            echo "pnpm install should fail"
+            exit 1
+          else
+            echo "pnpm install failed as expected"
+          fi
 
-  cache_store_path:
+  test_run_install:
-    # Regression guard for #233. When package.json pins a pnpm major that
+    name: 'Test with run_install (${{ matrix.run_install.name }}, ${{ matrix.os }})'
-    # differs from the bootstrap pnpm's major, the bootstrap reports its
-    # own STORE_VERSION from `pnpm store path` (the `store` command skips
-    # pnpm's auto-switch). The user's actual `pnpm install` runs under the
-    # pinned version and writes to a different STORE_VERSION, so the post
-    # step's saveCache then fails with "Path Validation Error". The fix is
-    # to self-update the bootstrap to the pinned version up front.
-    name: 'Cache store path matches install (#233): ${{ matrix.label }}'
 
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.os }}
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - label: 'packageManager pnpm@10.33.0'
-            manifest: '{"packageManager":"pnpm@10.33.0","dependencies":{"is-odd":"3.0.1"}}'
-          - label: 'devEngines exact pnpm@10.33.0'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":"10.33.0"}},"dependencies":{"is-odd":"3.0.1"}}'
-          - label: 'devEngines range >=10 <11'
-            manifest: '{"devEngines":{"packageManager":{"name":"pnpm","version":">=10 <11"}},"dependencies":{"is-odd":"3.0.1"}}'
-
-    steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
-
-      - name: Set up package.json
-        run: echo '${{ matrix.manifest }}' > package.json
-        shell: bash
-
-      - id: pnpm
-        uses: ./
-        with:
-          cache: true
-          run_install: |
-            - args: [--no-frozen-lockfile]
-
-      - name: 'Test: store path computed by the action exists on disk'
-        run: |
-          set -e
-          actual="$(pnpm store path --silent)"
-          echo "pnpm store path: ${actual}"
-          if [ ! -d "${actual}" ]; then
-            echo "Expected store path to exist on disk; cache save would fail"
-            exit 1
-          fi
-        shell: bash
-
-  run_install:
-    name: 'run_install (${{ matrix.run_install.name }})'
-
-    runs-on: ubuntu-latest
 
     strategy:
       fail-fast: false
       matrix:
+        pnpm:
+          - 9.15.5
+        os:
+          - ubuntu-latest
+          - macos-latest
+          - windows-latest
         run_install:
           - name: 'null'
             value: 'null'
+          - name: 'empty object'
+            value: '{}'
+          - name: 'recursive'
+            value: |
+              recursive: true
           - name: 'global'
             value: |
               args:
@@ -308,6 +149,15 @@ jobs:
                 - --global-dir=./pnpm-global
                 - npm
                 - yarn
+          - name: 'array'
+            value: |
+              - {}
+              - recursive: true
+              - args:
+                - --global
+                - --global-dir=./pnpm-global
+                - npm
+                - yarn
 
     steps:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
@@ -318,14 +168,8 @@ jobs:
           version: 9.15.5
           run_install: ${{ matrix.run_install.value }}
 
-      - name: 'Test: pnpm works'
+      - name: 'Test: which'
-        run: |
+        run: which pnpm; which pnpx
-          set -e
+
-          which pnpm
+      - name: 'Test: install'
-          which pnpx
+        run: pnpm install
-          actual="$(pnpm --version)"
-          if [ "${actual}" != "9.15.5" ]; then
-            echo "Expected 9.15.5, got ${actual}"
-            exit 1
-          fi
-        shell: bash

.gitignore

@@ -2,6 +2,8 @@ node_modules
 *.log
 /dist/*
 !/dist/index.js
+!/dist/pnpm.cjs
+!/dist/worker.js
 tmp
 temp
 *.tmp
@@ -9,4 +11,3 @@ temp
 tmp.*
 temp.*
 .pnpm-store
-.claude

README.md

@@ -14,7 +14,7 @@ Version of pnpm to install.
 
 **Optional** when there is a [`packageManager` field in the `package.json`](https://nodejs.org/api/corepack.html).
 
-otherwise, this field is **required** It supports npm versioning scheme, it could be an exact version (such as `10.9.8`), or a version range (such as `10`, `10.x.x`, `10.9.x`, `^10.9.8`, `*`, etc.), or `latest`.
+otherwise, this field is **required** It supports npm versioning scheme, it could be an exact version (such as `6.24.1`), or a version range (such as `6`, `6.x.x`, `6.24.x`, `^6.24.1`, `*`, etc.), or `latest`.
 
 ### `dest`
 
@@ -48,7 +48,7 @@ If `run_install` is a YAML string representation of either an object or an array
 
 ### `cache_dependency_path`
 
-**Optional** (_type:_ `string`, _default:_ `pnpm-lock.yaml`) File path to the pnpm lockfile, whose contents hash will be used as a cache key. Accepts multiple paths delimited by newlines.
+**Optional** (_type:_ `string|string[]`, _default:_ `pnpm-lock.yaml`) File path to the pnpm lockfile, which contents hash will be used as a cache key.
 
 ### `package_json_file`
 
@@ -86,7 +86,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: pnpm/action-setup@v6
+      - uses: pnpm/action-setup@v4
         with:
           version: 10
 ```
@@ -105,7 +105,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: pnpm/action-setup@v6
+      - uses: pnpm/action-setup@v4
 ```
 
 ### Install pnpm and a few npm packages
@@ -120,9 +120,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v4
 
-      - uses: pnpm/action-setup@v6
+      - uses: pnpm/action-setup@v4
         with:
           version: 10
           run_install: |
@@ -144,9 +144,9 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v4
 
-      - uses: pnpm/action-setup@v6
+      - uses: pnpm/action-setup@v4
         name: Install pnpm
         with:
           version: 10
@@ -158,33 +158,6 @@ jobs:
 
 **Note:** You don't need to run `pnpm store prune` at the end; post-action has already taken care of that.
 
-### Cache dependencies from multiple lockfiles
-
-```yaml
-on:
-  - push
-  - pull_request
-
-jobs:
-  cache-and-install-multiple:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - uses: pnpm/action-setup@v6
-        with:
-          version: 10
-          cache: true
-          cache_dependency_path: |
-            one/pnpm-lock.yaml
-            two/pnpm-lock.yaml
-          run_install: |
-            - cwd: one
-            - cwd: two
-```
-
 ## Notes
 
 This action does not setup Node.js for you, use [actions/setup-node](https://github.com/actions/setup-node) yourself.

action.yml

@@ -20,7 +20,7 @@ inputs:
     required: false
     default: 'false'
   cache_dependency_path:
-    description: File path to the pnpm lockfile, whose contents hash will be used as a cache key. Accepts multiple paths delimited by newlines.
+    description: File path to the pnpm lockfile, which contents hash will be used as a cache key
     required: false
     default: 'pnpm-lock.yaml'
   package_json_file:

package.json

@@ -1,10 +1,10 @@
 {
   "private": true,
   "scripts": {
-    "build:bundle": "esbuild src/index.ts --bundle --platform=node --target=node24 --format=cjs --minify --outfile=dist/index.js --loader:.json=json",
+    "build:ncc": "ncc build --minify --no-source-map-register --no-cache dist/tsc/index.js --out dist/",
-    "build": "pnpm run build:bundle",
+    "build": "tsc && pnpm run build:ncc",
     "start": "pnpm run build && sh ./run.sh",
-    "update-bootstrap": "node scripts/update-bootstrap.mjs"
+    "update-pnpm-dist": "pnpm install && cp ./node_modules/pnpm/dist/pnpm.cjs ./dist/pnpm.cjs && cp ./node_modules/pnpm/dist/worker.js ./dist/worker.js"
   },
   "dependencies": {
     "@actions/cache": "^4.1.0",
@@ -18,7 +18,8 @@
     "zod": "^3.22.4"
   },
   "devDependencies": {
-    "esbuild": "^0.27.4",
+    "@vercel/ncc": "^0.38.1",
+    "pnpm": "^8.14.3",
     "typescript": "^5.3.3"
   }
 }

pnpm-lock.yaml

@@ -36,9 +36,12 @@ importers:
         specifier: ^3.22.4
         version: 3.24.1
     devDependencies:
-      esbuild:
+      '@vercel/ncc':
-        specifier: ^0.27.4
+        specifier: ^0.38.1
-        version: 0.27.4
+        version: 0.38.3
+      pnpm:
+        specifier: ^8.14.3
+        version: 8.15.9
       typescript:
         specifier: ^5.3.3
         version: 5.7.3
@@ -121,162 +124,6 @@ packages:
     resolution: {integrity: sha512-IQjj9RIzAKatmNca3D6bT0qJ+Pkox1WZGOg2esJF2YLHb45pQKOwGPIAV+w3rfgkj7zV3RMxpn/c6iftzSOZJQ==}
     engines: {node: '>=18.0.0'}
 
-  '@esbuild/aix-ppc64@0.27.4':
-    resolution: {integrity: sha512-cQPwL2mp2nSmHHJlCyoXgHGhbEPMrEEU5xhkcy3Hs/O7nGZqEpZ2sUtLaL9MORLtDfRvVl2/3PAuEkYZH0Ty8Q==}
-    engines: {node: '>=18'}
-    cpu: [ppc64]
-    os: [aix]
-
-  '@esbuild/android-arm64@0.27.4':
-    resolution: {integrity: sha512-gdLscB7v75wRfu7QSm/zg6Rx29VLdy9eTr2t44sfTW7CxwAtQghZ4ZnqHk3/ogz7xao0QAgrkradbBzcqFPasw==}
-    engines: {node: '>=18'}
-    cpu: [arm64]
-    os: [android]
-
-  '@esbuild/android-arm@0.27.4':
-    resolution: {integrity: sha512-X9bUgvxiC8CHAGKYufLIHGXPJWnr0OCdR0anD2e21vdvgCI8lIfqFbnoeOz7lBjdrAGUhqLZLcQo6MLhTO2DKQ==}
-    engines: {node: '>=18'}
-    cpu: [arm]
-    os: [android]
-
-  '@esbuild/android-x64@0.27.4':
-    resolution: {integrity: sha512-PzPFnBNVF292sfpfhiyiXCGSn9HZg5BcAz+ivBuSsl6Rk4ga1oEXAamhOXRFyMcjwr2DVtm40G65N3GLeH1Lvw==}
-    engines: {node: '>=18'}
-    cpu: [x64]
-    os: [android]
-
-  '@esbuild/darwin-arm64@0.27.4':
-    resolution: {integrity: sha512-b7xaGIwdJlht8ZFCvMkpDN6uiSmnxxK56N2GDTMYPr2/gzvfdQN8rTfBsvVKmIVY/X7EM+/hJKEIbbHs9oA4tQ==}
-    engines: {node: '>=18'}
-    cpu: [arm64]
-    os: [darwin]
-
-  '@esbuild/darwin-x64@0.27.4':
-    resolution: {integrity: sha512-sR+OiKLwd15nmCdqpXMnuJ9W2kpy0KigzqScqHI3Hqwr7IXxBp3Yva+yJwoqh7rE8V77tdoheRYataNKL4QrPw==}
-    engines: {node: '>=18'}
-    cpu: [x64]
-    os: [darwin]
-
-  '@esbuild/freebsd-arm64@0.27.4':
-    resolution: {integrity: sha512-jnfpKe+p79tCnm4GVav68A7tUFeKQwQyLgESwEAUzyxk/TJr4QdGog9sqWNcUbr/bZt/O/HXouspuQDd9JxFSw==}
-    engines: {node: '>=18'}
-    cpu: [arm64]
-    os: [freebsd]
-
-  '@esbuild/freebsd-x64@0.27.4':
-    resolution: {integrity: sha512-2kb4ceA/CpfUrIcTUl1wrP/9ad9Atrp5J94Lq69w7UwOMolPIGrfLSvAKJp0RTvkPPyn6CIWrNy13kyLikZRZQ==}
-    engines: {node: '>=18'}
-    cpu: [x64]
-    os: [freebsd]
-
-  '@esbuild/linux-arm64@0.27.4':
-    resolution: {integrity: sha512-7nQOttdzVGth1iz57kxg9uCz57dxQLHWxopL6mYuYthohPKEK0vU0C3O21CcBK6KDlkYVcnDXY099HcCDXd9dA==}
-    engines: {node: '>=18'}
-    cpu: [arm64]
-    os: [linux]
-
-  '@esbuild/linux-arm@0.27.4':
-    resolution: {integrity: sha512-aBYgcIxX/wd5n2ys0yESGeYMGF+pv6g0DhZr3G1ZG4jMfruU9Tl1i2Z+Wnj9/KjGz1lTLCcorqE2viePZqj4Eg==}
-    engines: {node: '>=18'}
-    cpu: [arm]
-    os: [linux]
-
-  '@esbuild/linux-ia32@0.27.4':
-    resolution: {integrity: sha512-oPtixtAIzgvzYcKBQM/qZ3R+9TEUd1aNJQu0HhGyqtx6oS7qTpvjheIWBbes4+qu1bNlo2V4cbkISr8q6gRBFA==}
-    engines: {node: '>=18'}
-    cpu: [ia32]
-    os: [linux]
-
-  '@esbuild/linux-loong64@0.27.4':
-    resolution: {integrity: sha512-8mL/vh8qeCoRcFH2nM8wm5uJP+ZcVYGGayMavi8GmRJjuI3g1v6Z7Ni0JJKAJW+m0EtUuARb6Lmp4hMjzCBWzA==}
-    engines: {node: '>=18'}
-    cpu: [loong64]
-    os: [linux]
-
-  '@esbuild/linux-mips64el@0.27.4':
-    resolution: {integrity: sha512-1RdrWFFiiLIW7LQq9Q2NES+HiD4NyT8Itj9AUeCl0IVCA459WnPhREKgwrpaIfTOe+/2rdntisegiPWn/r/aAw==}
-    engines: {node: '>=18'}
-    cpu: [mips64el]
-    os: [linux]
-
-  '@esbuild/linux-ppc64@0.27.4':
-    resolution: {integrity: sha512-tLCwNG47l3sd9lpfyx9LAGEGItCUeRCWeAx6x2Jmbav65nAwoPXfewtAdtbtit/pJFLUWOhpv0FpS6GQAmPrHA==}
-    engines: {node: '>=18'}
-    cpu: [ppc64]
-    os: [linux]
-
-  '@esbuild/linux-riscv64@0.27.4':
-    resolution: {integrity: sha512-BnASypppbUWyqjd1KIpU4AUBiIhVr6YlHx/cnPgqEkNoVOhHg+YiSVxM1RLfiy4t9cAulbRGTNCKOcqHrEQLIw==}
-    engines: {node: '>=18'}
-    cpu: [riscv64]
-    os: [linux]
-
-  '@esbuild/linux-s390x@0.27.4':
-    resolution: {integrity: sha512-+eUqgb/Z7vxVLezG8bVB9SfBie89gMueS+I0xYh2tJdw3vqA/0ImZJ2ROeWwVJN59ihBeZ7Tu92dF/5dy5FttA==}
-    engines: {node: '>=18'}
-    cpu: [s390x]
-    os: [linux]
-
-  '@esbuild/linux-x64@0.27.4':
-    resolution: {integrity: sha512-S5qOXrKV8BQEzJPVxAwnryi2+Iq5pB40gTEIT69BQONqR7JH1EPIcQ/Uiv9mCnn05jff9umq/5nqzxlqTOg9NA==}
-    engines: {node: '>=18'}
-    cpu: [x64]
-    os: [linux]
-
-  '@esbuild/netbsd-arm64@0.27.4':
-    resolution: {integrity: sha512-xHT8X4sb0GS8qTqiwzHqpY00C95DPAq7nAwX35Ie/s+LO9830hrMd3oX0ZMKLvy7vsonee73x0lmcdOVXFzd6Q==}
-    engines: {node: '>=18'}
-    cpu: [arm64]
-    os: [netbsd]
-
-  '@esbuild/netbsd-x64@0.27.4':
-    resolution: {integrity: sha512-RugOvOdXfdyi5Tyv40kgQnI0byv66BFgAqjdgtAKqHoZTbTF2QqfQrFwa7cHEORJf6X2ht+l9ABLMP0dnKYsgg==}
-    engines: {node: '>=18'}
-    cpu: [x64]
-    os: [netbsd]
-
-  '@esbuild/openbsd-arm64@0.27.4':
-    resolution: {integrity: sha512-2MyL3IAaTX+1/qP0O1SwskwcwCoOI4kV2IBX1xYnDDqthmq5ArrW94qSIKCAuRraMgPOmG0RDTA74mzYNQA9ow==}
-    engines: {node: '>=18'}
-    cpu: [arm64]
-    os: [openbsd]
-
-  '@esbuild/openbsd-x64@0.27.4':
-    resolution: {integrity: sha512-u8fg/jQ5aQDfsnIV6+KwLOf1CmJnfu1ShpwqdwC0uA7ZPwFws55Ngc12vBdeUdnuWoQYx/SOQLGDcdlfXhYmXQ==}
-    engines: {node: '>=18'}
-    cpu: [x64]
-    os: [openbsd]
-
-  '@esbuild/openharmony-arm64@0.27.4':
-    resolution: {integrity: sha512-JkTZrl6VbyO8lDQO3yv26nNr2RM2yZzNrNHEsj9bm6dOwwu9OYN28CjzZkH57bh4w0I2F7IodpQvUAEd1mbWXg==}
-    engines: {node: '>=18'}
-    cpu: [arm64]
-    os: [openharmony]
-
-  '@esbuild/sunos-x64@0.27.4':
-    resolution: {integrity: sha512-/gOzgaewZJfeJTlsWhvUEmUG4tWEY2Spp5M20INYRg2ZKl9QPO3QEEgPeRtLjEWSW8FilRNacPOg8R1uaYkA6g==}
-    engines: {node: '>=18'}
-    cpu: [x64]
-    os: [sunos]
-
-  '@esbuild/win32-arm64@0.27.4':
-    resolution: {integrity: sha512-Z9SExBg2y32smoDQdf1HRwHRt6vAHLXcxD2uGgO/v2jK7Y718Ix4ndsbNMU/+1Qiem9OiOdaqitioZwxivhXYg==}
-    engines: {node: '>=18'}
-    cpu: [arm64]
-    os: [win32]
-
-  '@esbuild/win32-ia32@0.27.4':
-    resolution: {integrity: sha512-DAyGLS0Jz5G5iixEbMHi5KdiApqHBWMGzTtMiJ72ZOLhbu/bzxgAe8Ue8CTS3n3HbIUHQz/L51yMdGMeoxXNJw==}
-    engines: {node: '>=18'}
-    cpu: [ia32]
-    os: [win32]
-
-  '@esbuild/win32-x64@0.27.4':
-    resolution: {integrity: sha512-+knoa0BDoeXgkNvvV1vvbZX4+hizelrkwmGJBdT17t8FNPwG2lKemmuMZlmaNQ3ws3DKKCxpb4zRZEIp3UxFCg==}
-    engines: {node: '>=18'}
-    cpu: [x64]
-    os: [win32]
-
   '@fastify/busboy@2.1.1':
     resolution: {integrity: sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==}
     engines: {node: '>=14'}
@@ -297,6 +144,10 @@ packages:
     resolution: {integrity: sha512-sOx1PKSuFwnIl7z4RN0Ls7N9AQawmR9r66eI5rFCzLDIs8HTIYrIpH9QjYWoX0lkgGrkLxXhi4QnK7MizPRrIg==}
     engines: {node: '>=20.0.0'}
 
+  '@vercel/ncc@0.38.3':
+    resolution: {integrity: sha512-rnK6hJBS6mwc+Bkab+PGPs9OiS0i/3kdTO+CkI8V0/VrW3vmz7O2Pxjw/owOlmo6PKEIxRSeZKv/kuL9itnpYA==}
+    hasBin: true
+
   abort-controller@3.0.0:
     resolution: {integrity: sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg==}
     engines: {node: '>=6.5'}
@@ -358,11 +209,6 @@ packages:
     resolution: {integrity: sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==}
     engines: {node: '>= 0.4'}
 
-  esbuild@0.27.4:
-    resolution: {integrity: sha512-Rq4vbHnYkK5fws5NF7MYTU68FPRE1ajX7heQ/8QXXWqNgqqJ/GkmmyxIzUnf2Sr/bakf8l54716CcMGHYhMrrQ==}
-    engines: {node: '>=18'}
-    hasBin: true
-
   event-target-shim@5.0.1:
     resolution: {integrity: sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ==}
     engines: {node: '>=6'}
@@ -453,6 +299,11 @@ packages:
     resolution: {integrity: sha512-1Y1A//QUXEZK7YKz+rD9WydcE1+EuPr6ZBgKecAB8tmoW6UFv0NREVJe1p+jRxtThkcbbKkfwIbWJe/IeE6m2Q==}
     engines: {node: '>=0.10.0'}
 
+  pnpm@8.15.9:
+    resolution: {integrity: sha512-SZQ0ydj90aJ5Tr9FUrOyXApjOrzuW7Fee13pDzL0e1E6ypjNXP0AHDHw20VLw4BO3M1XhQHkyik6aBYWa72fgQ==}
+    engines: {node: '>=16.14'}
+    hasBin: true
+
   safe-buffer@5.2.1:
     resolution: {integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==}
 
@@ -678,84 +529,6 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
-  '@esbuild/aix-ppc64@0.27.4':
-    optional: true
-
-  '@esbuild/android-arm64@0.27.4':
-    optional: true
-
-  '@esbuild/android-arm@0.27.4':
-    optional: true
-
-  '@esbuild/android-x64@0.27.4':
-    optional: true
-
-  '@esbuild/darwin-arm64@0.27.4':
-    optional: true
-
-  '@esbuild/darwin-x64@0.27.4':
-    optional: true
-
-  '@esbuild/freebsd-arm64@0.27.4':
-    optional: true
-
-  '@esbuild/freebsd-x64@0.27.4':
-    optional: true
-
-  '@esbuild/linux-arm64@0.27.4':
-    optional: true
-
-  '@esbuild/linux-arm@0.27.4':
-    optional: true
-
-  '@esbuild/linux-ia32@0.27.4':
-    optional: true
-
-  '@esbuild/linux-loong64@0.27.4':
-    optional: true
-
-  '@esbuild/linux-mips64el@0.27.4':
-    optional: true
-
-  '@esbuild/linux-ppc64@0.27.4':
-    optional: true
-
-  '@esbuild/linux-riscv64@0.27.4':
-    optional: true
-
-  '@esbuild/linux-s390x@0.27.4':
-    optional: true
-
-  '@esbuild/linux-x64@0.27.4':
-    optional: true
-
-  '@esbuild/netbsd-arm64@0.27.4':
-    optional: true
-
-  '@esbuild/netbsd-x64@0.27.4':
-    optional: true
-
-  '@esbuild/openbsd-arm64@0.27.4':
-    optional: true
-
-  '@esbuild/openbsd-x64@0.27.4':
-    optional: true
-
-  '@esbuild/openharmony-arm64@0.27.4':
-    optional: true
-
-  '@esbuild/sunos-x64@0.27.4':
-    optional: true
-
-  '@esbuild/win32-arm64@0.27.4':
-    optional: true
-
-  '@esbuild/win32-ia32@0.27.4':
-    optional: true
-
-  '@esbuild/win32-x64@0.27.4':
-    optional: true
-
   '@fastify/busboy@2.1.1': {}
 
   '@protobuf-ts/runtime-rpc@2.11.1':
@@ -778,6 +551,8 @@ snapshots:
     transitivePeerDependencies:
       - supports-color
 
+  '@vercel/ncc@0.38.3': {}
+
   abort-controller@3.0.0:
     dependencies:
       event-target-shim: 5.0.1
@@ -831,35 +606,6 @@ snapshots:
       has-tostringtag: 1.0.2
       hasown: 2.0.2
 
-  esbuild@0.27.4:
-    optionalDependencies:
-      '@esbuild/aix-ppc64': 0.27.4
-      '@esbuild/android-arm': 0.27.4
-      '@esbuild/android-arm64': 0.27.4
-      '@esbuild/android-x64': 0.27.4
-      '@esbuild/darwin-arm64': 0.27.4
-      '@esbuild/darwin-x64': 0.27.4
-      '@esbuild/freebsd-arm64': 0.27.4
-      '@esbuild/freebsd-x64': 0.27.4
-      '@esbuild/linux-arm': 0.27.4
-      '@esbuild/linux-arm64': 0.27.4
-      '@esbuild/linux-ia32': 0.27.4
-      '@esbuild/linux-loong64': 0.27.4
-      '@esbuild/linux-mips64el': 0.27.4
-      '@esbuild/linux-ppc64': 0.27.4
-      '@esbuild/linux-riscv64': 0.27.4
-      '@esbuild/linux-s390x': 0.27.4
-      '@esbuild/linux-x64': 0.27.4
-      '@esbuild/netbsd-arm64': 0.27.4
-      '@esbuild/netbsd-x64': 0.27.4
-      '@esbuild/openbsd-arm64': 0.27.4
-      '@esbuild/openbsd-x64': 0.27.4
-      '@esbuild/openharmony-arm64': 0.27.4
-      '@esbuild/sunos-x64': 0.27.4
-      '@esbuild/win32-arm64': 0.27.4
-      '@esbuild/win32-ia32': 0.27.4
-      '@esbuild/win32-x64': 0.27.4
-
   event-target-shim@5.0.1: {}
 
   events@3.3.0: {}
@@ -951,6 +697,8 @@ snapshots:
 
   parse-passwd@1.0.0: {}
 
+  pnpm@8.15.9: {}
+
   safe-buffer@5.2.1: {}
 
   sax@1.4.1: {}

pnpm-workspace.yaml

@@ -1,4 +0,0 @@
-packages:
-  - '.'
-allowBuilds:
-  esbuild: true

scripts/update-bootstrap.mjs

@@ -1,47 +0,0 @@
-#!/usr/bin/env node
-
-// Usage: node scripts/update-bootstrap.mjs [version]
-// If version is omitted, fetches the latest next-11 tag from npm.
-// Regenerates the bootstrap lockfiles used by action-setup to install pnpm via npm.
-
-import { execSync } from 'child_process'
-import { mkdtempSync, rmSync, readFileSync, writeFileSync } from 'fs'
-import { join } from 'path'
-import { tmpdir } from 'os'
-
-const BOOTSTRAP_DIR = new URL('../src/install-pnpm/bootstrap/', import.meta.url).pathname
-
-const version = process.argv[2] || resolveLatestVersion()
-
-console.log(`Updating bootstrap lockfiles to pnpm@${version} ...`)
-
-generateLock('pnpm-lock.json', { pnpm: version }, 'bootstrap-pnpm')
-generateLock('exe-lock.json', { '@pnpm/exe': version }, 'bootstrap-exe')
-
-console.log('Done!')
-
-function resolveLatestVersion() {
-  const json = execSync('npm view @pnpm/exe dist-tags --json', { encoding: 'utf8' })
-  const tags = JSON.parse(json)
-  const version = tags['next-11'] || tags['latest']
-  if (!version) {
-    console.error('Could not determine latest pnpm version from npm dist-tags')
-    process.exit(1)
-  }
-  return version
-}
-
-function generateLock(filename, dependencies, name) {
-  const tmp = mkdtempSync(join(tmpdir(), 'pnpm-bootstrap-'))
-  try {
-    writeFileSync(join(tmp, 'package.json'), JSON.stringify({ private: true, dependencies }))
-    execSync('npm install --package-lock-only --ignore-scripts', { cwd: tmp, stdio: 'pipe' })
-    const lock = readFileSync(join(tmp, 'package-lock.json'), 'utf8')
-    const parsed = JSON.parse(lock)
-    parsed.name = name
-    writeFileSync(join(BOOTSTRAP_DIR, filename), JSON.stringify(parsed, null, 2) + '\n')
-    console.log(`  ${filename} -> ${Object.values(dependencies)[0]}@${version}`)
-  } finally {
-    rmSync(tmp, { recursive: true, force: true })
-  }
-}

src/index.ts

@@ -8,30 +8,28 @@ import pnpmInstall from './pnpm-install'
 import pruneStore from './pnpm-store-prune'
 
 async function main() {
+  const inputs = getInputs()
+
   if (getState('is_post') === 'true') {
-    await runPost()
+    await runPost(inputs)
   } else {
-    await runMain()
+    await runMain(inputs)
   }
 }
 
-async function runMain() {
+async function runMain(inputs: Inputs) {
-  const inputs = getInputs()
-  saveState('inputs', inputs)
   saveState('is_post', 'true')
 
-  const binDest = await installPnpm(inputs)
+  await installPnpm(inputs)
-  if (binDest === undefined) return
   console.log('Installation Completed!')
-  setOutputs(inputs, binDest)
+  setOutputs(inputs)
 
   await restoreCache(inputs)
 
   pnpmInstall(inputs)
 }
 
-async function runPost() {
+async function runPost(inputs: Inputs) {
-  const inputs = JSON.parse(getState('inputs')) as Inputs
   pruneStore(inputs)
   await saveCache(inputs)
 }

src/install-pnpm/bootstrap/exe-lock.json

@@ -1,327 +0,0 @@
-{
-  "name": "bootstrap-exe",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {
-    "": {
-      "dependencies": {
-        "@pnpm/exe": "11.1.1"
-      }
-    },
-    "node_modules/@pnpm/exe": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/exe/-/exe-11.1.1.tgz",
-      "integrity": "sha512-5mQnDW1NCBRRWA+cnGhQO+tIrfSfWm3/IyGxU88LnT+tzNW5UrwwKfjsnnYJToyAjIfdfEJtJKUxCvP+mhA+nQ==",
-      "hasInstallScript": true,
-      "license": "MIT",
-      "dependencies": {
-        "@reflink/reflink": "0.1.19",
-        "detect-libc": "^2.0.3"
-      },
-      "bin": {
-        "pn": "pn",
-        "pnpm": "pnpm",
-        "pnpx": "pnpx",
-        "pnx": "pnx"
-      },
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      },
-      "optionalDependencies": {
-        "@pnpm/linux-arm64": "11.1.1",
-        "@pnpm/linux-x64": "11.1.1",
-        "@pnpm/linuxstatic-arm64": "11.1.1",
-        "@pnpm/linuxstatic-x64": "11.1.1",
-        "@pnpm/macos-arm64": "11.1.1",
-        "@pnpm/win-arm64": "11.1.1",
-        "@pnpm/win-x64": "11.1.1"
-      }
-    },
-    "node_modules/@pnpm/linux-arm64": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/linux-arm64/-/linux-arm64-11.1.1.tgz",
-      "integrity": "sha512-u9hs51XV0/gU5LLfNLoQsozGKIxNjxsh/0xPr+8Hny0M38psa4lBtwFvarL2bLToPIrtueQYi65LdlzRxITRyg==",
-      "cpu": [
-        "arm64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/linux-x64": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/linux-x64/-/linux-x64-11.1.1.tgz",
-      "integrity": "sha512-yQO9i57oyJmIG22BjV7sqLUT2syKQohiku8yNZRgp7M6wsVkikpVLLVSpBifQnrI/P/roueKnWSUEESH1aPaoA==",
-      "cpu": [
-        "x64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/linuxstatic-arm64": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/linuxstatic-arm64/-/linuxstatic-arm64-11.1.1.tgz",
-      "integrity": "sha512-FUZB8L9Z8L5m88G0RTx5AsHFr5yUQPW+28zQdTNUWxiLwj11FW/fOLodYdcNYHdNJFepsZyqt3aRnpiqIdZb2g==",
-      "cpu": [
-        "arm64"
-      ],
-      "libc": [
-        "musl"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/linuxstatic-x64": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/linuxstatic-x64/-/linuxstatic-x64-11.1.1.tgz",
-      "integrity": "sha512-I/z56hfa1zM5F/Unup/1NrgsA+dcptsKQ2TjJLFz3wHKDx0RLrfF7DB0Rkpnr5IoAZ33v0GFZjlGhkOtc9VFGw==",
-      "cpu": [
-        "x64"
-      ],
-      "libc": [
-        "musl"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/macos-arm64": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/macos-arm64/-/macos-arm64-11.1.1.tgz",
-      "integrity": "sha512-YQu6fC27F4jTIpXhF+4PdzOV7uSnVVG9KUxj5W+AFj0XFlUvBw+I1NsoPCY6uV1nccxWpIAZOTZtSj8+hWPb8w==",
-      "cpu": [
-        "arm64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/win-arm64": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/win-arm64/-/win-arm64-11.1.1.tgz",
-      "integrity": "sha512-2HvZut3IcKPxzIfOjBJ4677PaLIh57mWccL86O+q71QhO5emnQvht0CE19IoEyUIOEe1WjlN+Su/dD5k6CuGyg==",
-      "cpu": [
-        "arm64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@pnpm/win-x64": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@pnpm/win-x64/-/win-x64-11.1.1.tgz",
-      "integrity": "sha512-QXBIBErgPhGLovOVzTRIpHsejFKebyqlcF3fea/TfH87gkhN5yWH0WuTPRBoOWvpk6aNhjDW4RPUMx8RaPqxjw==",
-      "cpu": [
-        "x64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    },
-    "node_modules/@reflink/reflink": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink/-/reflink-0.1.19.tgz",
-      "integrity": "sha512-DmCG8GzysnCZ15bres3N5AHCmwBwYgp0As6xjhQ47rAUTUXxJiK+lLUxaGsX3hd/30qUpVElh05PbGuxRPgJwA==",
-      "license": "MIT",
-      "engines": {
-        "node": ">= 10"
-      },
-      "optionalDependencies": {
-        "@reflink/reflink-darwin-arm64": "0.1.19",
-        "@reflink/reflink-darwin-x64": "0.1.19",
-        "@reflink/reflink-linux-arm64-gnu": "0.1.19",
-        "@reflink/reflink-linux-arm64-musl": "0.1.19",
-        "@reflink/reflink-linux-x64-gnu": "0.1.19",
-        "@reflink/reflink-linux-x64-musl": "0.1.19",
-        "@reflink/reflink-win32-arm64-msvc": "0.1.19",
-        "@reflink/reflink-win32-x64-msvc": "0.1.19"
-      }
-    },
-    "node_modules/@reflink/reflink-darwin-arm64": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-darwin-arm64/-/reflink-darwin-arm64-0.1.19.tgz",
-      "integrity": "sha512-ruy44Lpepdk1FqDz38vExBY/PVUsjxZA+chd9wozjUH9JjuDT/HEaQYA6wYN9mf041l0yLVar6BCZuWABJvHSA==",
-      "cpu": [
-        "arm64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-darwin-x64": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-darwin-x64/-/reflink-darwin-x64-0.1.19.tgz",
-      "integrity": "sha512-By85MSWrMZa+c26TcnAy8SDk0sTUkYlNnwknSchkhHpGXOtjNDUOxJE9oByBnGbeuIE1PiQsxDG3Ud+IVV9yuA==",
-      "cpu": [
-        "x64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-linux-arm64-gnu": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-arm64-gnu/-/reflink-linux-arm64-gnu-0.1.19.tgz",
-      "integrity": "sha512-7P+er8+rP9iNeN+bfmccM4hTAaLP6PQJPKWSA4iSk2bNvo6KU6RyPgYeHxXmzNKzPVRcypZQTpFgstHam6maVg==",
-      "cpu": [
-        "arm64"
-      ],
-      "libc": [
-        "glibc"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-linux-arm64-musl": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-arm64-musl/-/reflink-linux-arm64-musl-0.1.19.tgz",
-      "integrity": "sha512-37iO/Dp6m5DDaC2sf3zPtx/hl9FV3Xze4xoYidrxxS9bgP3S8ALroxRK6xBG/1TtfXKTvolvp+IjrUU6ujIGmA==",
-      "cpu": [
-        "arm64"
-      ],
-      "libc": [
-        "musl"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-linux-x64-gnu": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-x64-gnu/-/reflink-linux-x64-gnu-0.1.19.tgz",
-      "integrity": "sha512-jbI8jvuYCaA3MVUdu8vLoLAFqC+iNMpiSuLbxlAgg7x3K5bsS8nOpTRnkLF7vISJ+rVR8W+7ThXlXlUQ93ulkw==",
-      "cpu": [
-        "x64"
-      ],
-      "libc": [
-        "glibc"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-linux-x64-musl": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-linux-x64-musl/-/reflink-linux-x64-musl-0.1.19.tgz",
-      "integrity": "sha512-e9FBWDe+lv7QKAwtKOt6A2W/fyy/aEEfr0g6j/hWzvQcrzHCsz07BNQYlNOjTfeytrtLU7k449H1PI95jA4OjQ==",
-      "cpu": [
-        "x64"
-      ],
-      "libc": [
-        "musl"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-win32-arm64-msvc": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-win32-arm64-msvc/-/reflink-win32-arm64-msvc-0.1.19.tgz",
-      "integrity": "sha512-09PxnVIQcd+UOn4WAW73WU6PXL7DwGS6wPlkMhMg2zlHHG65F3vHepOw06HFCq+N42qkaNAc8AKIabWvtk6cIQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/@reflink/reflink-win32-x64-msvc": {
-      "version": "0.1.19",
-      "resolved": "https://registry.npmjs.org/@reflink/reflink-win32-x64-msvc/-/reflink-win32-x64-msvc-0.1.19.tgz",
-      "integrity": "sha512-E//yT4ni2SyhwP8JRjVGWr3cbnhWDiPLgnQ66qqaanjjnMiu3O/2tjCPQXlcGc/DEYofpDc9fvhv6tALQsMV9w==",
-      "cpu": [
-        "x64"
-      ],
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">= 10"
-      }
-    },
-    "node_modules/detect-libc": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz",
-      "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==",
-      "license": "Apache-2.0",
-      "engines": {
-        "node": ">=8"
-      }
-    }
-  }
-}

src/install-pnpm/bootstrap/pnpm-lock.json

@@ -1,30 +0,0 @@
-{
-  "name": "bootstrap-pnpm",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {
-    "": {
-      "dependencies": {
-        "pnpm": "11.1.1"
-      }
-    },
-    "node_modules/pnpm": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/pnpm/-/pnpm-11.1.1.tgz",
-      "integrity": "sha512-0f319zxhe2T6GlaoHDyN/g6WbjOmAQqiVrUXrne+Idk+Ba/8DeGoOw5PKdVp9otEaujwaM1yR8C7PfD7TXvfmg==",
-      "license": "MIT",
-      "bin": {
-        "pn": "bin/pnpm.mjs",
-        "pnpm": "bin/pnpm.mjs",
-        "pnpx": "bin/pnpx.mjs",
-        "pnx": "bin/pnpx.mjs"
-      },
-      "engines": {
-        "node": ">=22.13"
-      },
-      "funding": {
-        "url": "https://opencollective.com/pnpm"
-      }
-    }
-  }
-}

src/install-pnpm/index.ts

@@ -4,15 +4,13 @@ import runSelfInstaller from './run'
 
 export { runSelfInstaller }
 
-export async function install(inputs: Inputs): Promise<string | undefined> {
+export async function install(inputs: Inputs) {
   startGroup('Running self-installer...')
-  const { exitCode, binDest } = await runSelfInstaller(inputs)
+  const status = await runSelfInstaller(inputs)
   endGroup()
-  if (exitCode) {
+  if (status) {
-    setFailed(`Something went wrong, self-installer exits with code ${exitCode}`)
+    return setFailed(`Something went wrong, self-installer exits with code ${status}`)
-    return undefined
   }
-  return binDest
 }
 
 export default install

src/install-pnpm/run.ts

@@ -1,168 +1,91 @@
 import { addPath, exportVariable } from '@actions/core'
 import { spawn } from 'child_process'
-import { rm, writeFile, mkdir, symlink } from 'fs/promises'
+import { rm, writeFile, mkdir, copyFile } from 'fs/promises'
-import { readFileSync, existsSync } from 'fs'
+import { readFileSync } from 'fs'
 import path from 'path'
+import { execPath } from 'process'
 import util from 'util'
 import { Inputs } from '../inputs'
 import { parse as parseYaml } from 'yaml'
-import pnpmLock from './bootstrap/pnpm-lock.json'
-import exeLock from './bootstrap/exe-lock.json'
 
-const BOOTSTRAP_PNPM_PACKAGE_JSON = JSON.stringify({ private: true, dependencies: { pnpm: pnpmLock.packages['node_modules/pnpm'].version } })
+export async function runSelfInstaller(inputs: Inputs): Promise<number> {
-const BOOTSTRAP_EXE_PACKAGE_JSON = JSON.stringify({ private: true, dependencies: { '@pnpm/exe': exeLock.packages['node_modules/@pnpm/exe'].version } })
+  const { version, dest, packageJsonFile, standalone } = inputs
+  const { GITHUB_WORKSPACE } = process.env
 
-export interface SelfInstallerResult {
+  // prepare self install
-  exitCode: number
-  binDest: string
-}
-
-export async function runSelfInstaller(inputs: Inputs): Promise<SelfInstallerResult> {
-  const { version, dest, packageJsonFile } = inputs
-
-  // pnpm v11 requires Node >= 22.13; use standalone (exe) bootstrap which
-  // bundles its own Node.js when the system Node is too old
-  const systemNode = await getSystemNodeVersion()
-  const standalone = inputs.standalone || systemNode.major < 22 || (systemNode.major === 22 && systemNode.minor < 13)
-
-  // Install bootstrap pnpm via npm (integrity verified by committed lockfile)
   await rm(dest, { recursive: true, force: true })
+  // create dest directory after removal
   await mkdir(dest, { recursive: true })
+  const pkgJson = path.join(dest, 'package.json')
+  // we have ensured the dest directory exists, we can write the file directly
+  await writeFile(pkgJson, JSON.stringify({ private: true }))
 
-  const lockfile = standalone ? exeLock : pnpmLock
+  // copy .npmrc if it exists to install from custom registry
-  const packageJson = standalone ? BOOTSTRAP_EXE_PACKAGE_JSON : BOOTSTRAP_PNPM_PACKAGE_JSON
+  if (GITHUB_WORKSPACE) {
-  await writeFile(path.join(dest, 'package.json'), packageJson)
+    try {
-  await writeFile(path.join(dest, 'package-lock.json'), JSON.stringify(lockfile))
+      await copyFile(path.join(GITHUB_WORKSPACE, '.npmrc'), path.join(dest, '.npmrc'))
-
+    } catch (error) {
-  // Append the action's node directory to PATH so npm's
+      // Swallow error if .npmrc doesn't exist
-  // `#!/usr/bin/env node` shebang resolves on runners (e.g. GHE
+      if (!util.types.isNativeError(error) || !('code' in error) || error.code !== 'ENOENT') throw error
-  // self-hosted) where node isn't already on PATH. Append (not
+    }
-  // prepend) so a user-installed toolchain on PATH — e.g. from a
-  // prior `setup-node` step — keeps precedence; otherwise the
-  // runner-bundled node would shadow it and pair the user's npm
-  // with a mismatched node version. npm itself is resolved via
-  // PATH — on the GitHub Actions runner it is not co-located with
-  // `process.execPath`.
-  const nodeDir = path.dirname(process.execPath)
-  // On Windows, the PATH key casing varies; search case-insensitively.
-  const pathKey = Object.keys(process.env).find(k => k.toUpperCase() === 'PATH') ?? 'PATH'
-  const currentPath = process.env[pathKey]
-  const npmEnv = { ...process.env, [pathKey]: currentPath ? currentPath + path.delimiter + nodeDir : nodeDir }
-  const npmExitCode = await runCommand('npm', ['ci'], { cwd: dest, env: npmEnv })
-  if (npmExitCode !== 0) {
-    return { exitCode: npmExitCode, binDest: path.join(dest, 'node_modules', '.bin') }
   }
 
-  // On Windows with standalone mode, npm's .bin shims can't properly
+  // prepare target pnpm
-  // execute the extensionless @pnpm/exe native binaries. Add the
+  const target = await readTarget({ version, packageJsonFile, standalone })
-  // @pnpm/exe directory directly to PATH so pnpm.exe is found natively.
+  const cp = spawn(execPath, [path.join(__dirname, 'pnpm.cjs'), 'install', target, '--no-lockfile'], {
-  const pnpmHome = standalone && process.platform === 'win32'
+    cwd: dest,
-    ? path.join(dest, 'node_modules', '@pnpm', 'exe')
+    stdio: ['pipe', 'inherit', 'inherit'],
-    : path.join(dest, 'node_modules', '.bin')
+  })
-  // PNPM_HOME/bin is where `pnpm self-update` places the target version
+
-  // binary. It must have higher PATH precedence than pnpmHome (which
+  const exitCode = await new Promise<number>((resolve, reject) => {
-  // contains the bootstrap binary) so the self-updated version is found
+    cp.on('error', reject)
-  // first. The bootstrap pnpm is invoked via absolute path, not PATH,
+    cp.on('close', resolve)
-  // so this ordering does not affect the bootstrap step.
+  })
+  if (exitCode === 0) {
+    const pnpmHome = path.join(dest, 'node_modules/.bin')
     addPath(pnpmHome)
     addPath(path.join(pnpmHome, 'bin'))
     exportVariable('PNPM_HOME', pnpmHome)
-
-  // Ensure pnpm bin link exists — npm ci sometimes doesn't create it
-  if (process.platform !== 'win32') {
-    const pnpmBinLink = path.join(dest, 'node_modules', '.bin', 'pnpm')
-    if (!existsSync(pnpmBinLink)) {
-      await mkdir(path.join(dest, 'node_modules', '.bin'), { recursive: true })
-      const target = standalone
-        ? path.join('..', '@pnpm', 'exe', 'pnpm')
-        : path.join('..', 'pnpm', 'bin', 'pnpm.mjs')
-      await symlink(target, pnpmBinLink)
   }
+  return exitCode
 }
 
-  const bootstrapPnpm = standalone
+async function readTarget(opts: {
-    ? path.join(dest, 'node_modules', '@pnpm', 'exe', process.platform === 'win32' ? 'pnpm.exe' : 'pnpm')
-    : path.join(dest, 'node_modules', 'pnpm', 'bin', 'pnpm.mjs')
-
-  // Self-update the bootstrap to the requested pnpm version. readTargetVersion
-  // either returns a value or throws, so this always runs.
-  const targetVersion = readTargetVersion({ version, packageJsonFile })
-  const cmd = standalone ? bootstrapPnpm : process.execPath
-  const args = standalone ? ['self-update', targetVersion] : [bootstrapPnpm, 'self-update', targetVersion]
-  const exitCode = await runCommand(cmd, args, { cwd: dest })
-  if (exitCode !== 0) {
-    return { exitCode, binDest: pnpmHome }
-  }
-  // self-update writes the target pnpm/pnpx into PNPM_HOME/bin, leaving
-  // the bootstrap symlinks in pnpmHome pointing at the old version. Use
-  // PNPM_HOME/bin so consumers of the bin_dest output (e.g.
-  // `${steps.pnpm.outputs.bin_dest}/pnpm`) invoke the requested version.
-  //
-  // When the requested version resolves to the bootstrap version, self-update
-  // is a no-op and PNPM_HOME/bin is not created — fall back to pnpmHome,
-  // whose symlinks already point at the right version.
-  const updatedBinDir = path.join(pnpmHome, 'bin')
-  return { exitCode: 0, binDest: existsSync(updatedBinDir) ? updatedBinDir : pnpmHome }
-}
-
-function readTargetVersion(opts: {
   readonly version?: string | undefined
   readonly packageJsonFile: string
-}): string {
+  readonly standalone: boolean
-  const { version, packageJsonFile } = opts
+}) {
+  const { version, packageJsonFile, standalone } = opts
   const { GITHUB_WORKSPACE } = process.env
 
-  let packageManager: string | undefined
+  let packageManager
-  let devEngines: { packageManager?: { name?: string; version?: string } } | undefined
 
   if (GITHUB_WORKSPACE) {
     try {
       const content = readFileSync(path.join(GITHUB_WORKSPACE, packageJsonFile), 'utf8');
-      const manifest = packageJsonFile.endsWith(".yaml")
+      ({ packageManager } = packageJsonFile.endsWith(".yaml")
         ? parseYaml(content, { merge: true })
         : JSON.parse(content)
-      packageManager = manifest.packageManager
+      )
-      devEngines = manifest.devEngines
     } catch (error: unknown) {
       // Swallow error if package.json doesn't exist in root
       if (!util.types.isNativeError(error) || !('code' in error) || error.code !== 'ENOENT') throw error
     }
   }
 
-  // packageManager is always exact `pnpm@<version>[+<integrity>]` per spec.
-  // Strip the integrity hash for self-update.
-  const packageManagerVersion =
-    typeof packageManager === 'string' && packageManager.startsWith('pnpm@')
-      ? packageManager.slice('pnpm@'.length).split('+')[0]
-      : undefined
-
   if (version) {
-    if (packageManagerVersion && packageManagerVersion !== version) {
+    if (
+      typeof packageManager === 'string' &&
+      packageManager.startsWith('pnpm@') &&
+      packageManager.replace('pnpm@', '') !== version
+    ) {
       throw new Error(`Multiple versions of pnpm specified:
   - version ${version} in the GitHub Action config with the key "version"
   - version ${packageManager} in the package.json with the key "packageManager"
 Remove one of these versions to avoid version mismatch errors like ERR_PNPM_BAD_PM_VERSION`)
     }
 
-    return version
+    return `${ standalone ? '@pnpm/exe' : 'pnpm' }@${version}`
-  }
-
-  // Self-update the bootstrap pnpm to the version pinned in package.json so
-  // PATH-resolved `pnpm` (and the bin_dest output) reflect the target
-  // version. Without this, `pnpm store path` runs as the bootstrap and
-  // reports a different STORE_VERSION than the one the user's actual
-  // install writes to — breaking cache: true and actions/setup-node's
-  // `cache: pnpm` on cold caches (issue #233).
-  //
-  // devEngines.packageManager takes priority over packageManager, matching
-  // pnpm's getWantedPackageManager logic. `pnpm self-update` accepts both
-  // exact versions and semver ranges, so we pass either through directly.
-  if (devEngines?.packageManager?.name === 'pnpm' && devEngines.packageManager.version) {
-    return devEngines.packageManager.version
-  }
-
-  if (packageManagerVersion) {
-    return packageManagerVersion
   }
 
   if (!GITHUB_WORKSPACE) {
@@ -172,37 +95,22 @@ please run the actions/checkout before pnpm/action-setup.
 Otherwise, please specify the pnpm version in the action configuration.`)
   }
 
+  if (typeof packageManager !== 'string') {
     throw new Error(`No pnpm version is specified.
 Please specify it by one of the following ways:
   - in the GitHub Action config with the key "version"
-  - in the package.json with the key "packageManager"
+  - in the package.json with the key "packageManager"`)
-  - in the package.json with the key "devEngines.packageManager"`)
   }
 
-function getSystemNodeVersion(): Promise<{ major: number; minor: number }> {
+  if (!packageManager.startsWith('pnpm@')) {
-  return new Promise((resolve) => {
+    throw new Error('Invalid packageManager field in package.json')
-    const cp = spawn('node', ['--version'], { stdio: ['pipe', 'pipe', 'pipe'], shell: process.platform === 'win32' })
-    let output = ''
-    cp.stdout.on('data', (data: Buffer) => { output += data.toString() })
-    cp.on('close', () => {
-      const match = output.match(/^v(\d+)\.(\d+)/)
-      resolve(match ? { major: parseInt(match[1], 10), minor: parseInt(match[2], 10) } : { major: 0, minor: 0 })
-    })
-    cp.on('error', () => resolve({ major: 0, minor: 0 }))
-  })
   }
 
-function runCommand(cmd: string, args: string[], opts: { cwd: string; env?: Record<string, string | undefined> }): Promise<number> {
+  if (standalone) {
-  return new Promise<number>((resolve, reject) => {
+    return packageManager.replace('pnpm@', '@pnpm/exe@')
-    const cp = spawn(cmd, args, {
+  }
-      cwd: opts.cwd,
+
-      env: opts.env,
+  return packageManager
-      stdio: ['pipe', 'inherit', 'inherit'],
-      shell: process.platform === 'win32',
-    })
-    cp.on('error', reject)
-    cp.on('close', resolve)
-  })
 }
 
 export default runSelfInstaller

src/outputs/index.ts

@@ -1,9 +1,10 @@
-import { setOutput } from '@actions/core'
+import { setOutput, addPath } from '@actions/core'
 import { Inputs } from '../inputs'
+import { getBinDest } from '../utils'
 
-export function setOutputs(inputs: Inputs, binDest: string) {
+export function setOutputs(inputs: Inputs) {
-  // NOTE: addPath is already called in installPnpm — do not call it again
+  const binDest = getBinDest(inputs)
-  // here, as a second addPath would shadow the correct entry on Windows.
+  addPath(binDest)
   setOutput('dest', inputs.dest)
   setOutput('bin_dest', binDest)
 }

src/pnpm-install/index.ts

@@ -1,8 +1,11 @@
 import { setFailed, startGroup, endGroup } from '@actions/core'
 import { spawnSync } from 'child_process'
 import { Inputs } from '../inputs'
+import { patchPnpmEnv } from '../utils'
 
 export function runPnpmInstall(inputs: Inputs) {
+  const env = patchPnpmEnv(inputs)
+
   for (const options of inputs.runInstall) {
     const args = ['install']
     if (options.recursive) args.unshift('recursive')
@@ -11,16 +14,11 @@ export function runPnpmInstall(inputs: Inputs) {
     const cmdStr = ['pnpm', ...args].join(' ')
     startGroup(`Running ${cmdStr}...`)
 
-    // spawnSync inherits process.env, which already has $PNPM_HOME/bin and
-    // $PNPM_HOME prepended via addPath() in install-pnpm. Do NOT pass a
-    // hand-patched env that adds node_modules/.bin to the front — on
-    // Windows standalone, .bin/pnpm.cmd is an npm shim pointing at the
-    // BOOTSTRAP pnpm, which would shadow the self-updated one and break
-    // newer-pnpm-only behavior.
     const { error, status } = spawnSync('pnpm', args, {
       stdio: 'inherit',
       cwd: options.cwd,
       shell: true,
+      env,
     })
 
     endGroup()

src/pnpm-store-prune/index.ts

@@ -1,6 +1,7 @@
 import { warning, startGroup, endGroup } from '@actions/core'
 import { spawnSync } from 'child_process'
 import { Inputs } from '../inputs'
+import { patchPnpmEnv } from '../utils'
 
 export function pruneStore(inputs: Inputs) {
   if (inputs.runInstall.length === 0) {
@@ -9,11 +10,10 @@ export function pruneStore(inputs: Inputs) {
   }
 
   startGroup('Running pnpm store prune...')
-  // spawnSync inherits process.env (which has the right PATH from addPath
-  // in install-pnpm). See pnpm-install/index.ts for the rationale.
   const { error, status } = spawnSync('pnpm', ['store', 'prune'], {
     stdio: 'inherit',
     shell: true,
+    env: patchPnpmEnv(inputs),
   })
   endGroup()
 

src/utils/index.ts

@@ -0,0 +1,10 @@
+import path from 'path'
+import process from 'process'
+import { Inputs } from '../inputs'
+
+export const getBinDest = (inputs: Inputs): string => path.join(inputs.dest, 'node_modules', '.bin')
+
+export const patchPnpmEnv = (inputs: Inputs): NodeJS.ProcessEnv => ({
+  ...process.env,
+  PATH: path.join(getBinDest(inputs), 'bin') + path.delimiter + getBinDest(inputs) + path.delimiter + process.env.PATH,
+})

tsconfig.json

@@ -1,19 +1,26 @@
+
 {
   "compilerOptions": {
     "target": "ES2022",
-    "module": "ESNext",
+    "module": "Node16",
-    "moduleResolution": "bundler",
     "resolveJsonModule": true,
     "lib": [
       "ES2023"
     ],
-    "noEmit": true,
+    "outDir": "./dist/tsc",
+    "preserveConstEnums": true,
+    "incremental": false,
+    "declaration": true,
+    "sourceMap": true,
+    "importHelpers": false,
     "strict": true,
     "pretty": true,
     "noUnusedLocals": true,
     "noUnusedParameters": true,
     "noImplicitReturns": true,
     "noFallthroughCasesInSwitch": true,
-    "esModuleInterop": true
+    "esModuleInterop": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true
   }
 }