Skip to content

v6.0.9 - ERR_PNPM_PNPM_ENGINE_IDENTITY_MISMATCH #268

Description

@furcan

Context

This PR,

and the associated release,

Creates a regression on my workflows.

Details

I am using PNPM action on central workflows that without providing any with: version due to respecting each project's package.json:engines and package.json:packageManager versions,

since its setting up for 11 at first, then downgrades to 10 for instance

Switching pnpm from v11.7.0 to v10.XX.X...

And in case this extra detail needed, I am also giving the pnpm scope to public npmjs registry via npmrc instead of my private registry due to binary package limitations and so on.

@pnpm:registry=https://registry.npmjs.org/

Until 6.0.8, this setup was working but with 6.0.9, I get

[ERR_PNPM_PNPM_ENGINE_IDENTITY_MISMATCH] Refusing to run pnpm@10.XX.XX: its npm registry signature 
could not be verified (pnpm@10.XX.X: pnpm@10.XX.X has no registry signature). 
The bytes selected by this project's lockfile/registry do not match a published, signed pnpm release.
This can indicate a tampered lockfile or a malicious/unreachable registry. 
Set `pmOnFail` to `ignore` to skip the version switch if this is unexpected.

Any ideas?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions