From afd53819c1f2de5ccab6cbaee5247ceac7d40016 Mon Sep 17 00:00:00 2001
From: btea <2356281422@qq.com>
Date: Mon, 10 Nov 2025 09:19:18 +0800
Subject: [PATCH] Add `trustPolicy` to pnpm-workspace.json (#5118)

Co-authored-by: btea <btea@users.noreply.github.com>
---
 src/schemas/json/pnpm-workspace.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/schemas/json/pnpm-workspace.json b/src/schemas/json/pnpm-workspace.json
index eaf4d9f3e61..21b7e7671e1 100644
--- a/src/schemas/json/pnpm-workspace.json
+++ b/src/schemas/json/pnpm-workspace.json
@@ -796,6 +796,15 @@
     "preferOffline": {
       "description": "Bypass staleness checks for cached data. Missing data will still be requested from the server.",
       "type": "boolean"
+    },
+    "trustPolicy": {
+      "description": "When set to no-downgrade, pnpm will fail if a package's trust level has decreased compared to previous releases. For example, if a package was previously published by a trusted publisher but now only has provenance or no trust evidence, installation will fail. This helps prevent installing potentially compromised versions.",
+      "oneOf": [
+        {
+          "type": "string",
+          "enum": ["off", "no-downgrade"]
+        }
+      ]
     }
   },
   "additionalProperties": false