From e3f54a8313bc66ab110b5a90bc7fd80f9b19cd12 Mon Sep 17 00:00:00 2001
From: btea <2356281422@qq.com>
Date: Wed, 17 Dec 2025 19:14:31 +0800
Subject: [PATCH] Add `blockExoticSubdeps` to pnpm-workspace.json (#5227)

Co-authored-by: danielbayley <danielbayley@users.noreply.github.com>
---
 src/schemas/json/pnpm-workspace.json | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/schemas/json/pnpm-workspace.json b/src/schemas/json/pnpm-workspace.json
index 8cc5aca7085..5d4ce16d209 100644
--- a/src/schemas/json/pnpm-workspace.json
+++ b/src/schemas/json/pnpm-workspace.json
@@ -817,6 +817,10 @@
     "allowBuilds": {
       "description": "A map of package matchers to explicitly allow (`true`) or disallow (`false`) script execution. This field replaces `onlyBuiltDependencies` and `ignoredBuiltDependencies` (which are also deprecated by this new setting), providing a single source of truth.",
       "type": "object"
+    },
+    "blockExoticSubdeps": {
+      "description": "When set to true, it prevents the resolution of exotic protocols (like git+ssh: or direct https: tarballs) in transitive dependencies. Only direct dependencies are allowed to use exotic sources.",
+      "type": "boolean"
     }
   },
   "additionalProperties": false