diff --git a/websites/api.rushstack.io/data/api_nav.json b/websites/api.rushstack.io/data/api_nav.json
index 5453c9c12..34f9b3d36 100644
--- a/websites/api.rushstack.io/data/api_nav.json
+++ b/websites/api.rushstack.io/data/api_nav.json
@@ -6452,6 +6452,21 @@
"label": "strictPeerDependencies",
"id": "pages/rush-lib.pnpmoptionsconfiguration.strictpeerdependencies"
},
+ {
+ "type": "doc",
+ "label": "trustPolicy",
+ "id": "pages/rush-lib.pnpmoptionsconfiguration.trustpolicy"
+ },
+ {
+ "type": "doc",
+ "label": "trustPolicyExclude",
+ "id": "pages/rush-lib.pnpmoptionsconfiguration.trustpolicyexclude"
+ },
+ {
+ "type": "doc",
+ "label": "trustPolicyIgnoreAfterMinutes",
+ "id": "pages/rush-lib.pnpmoptionsconfiguration.trustpolicyignoreafterminutes"
+ },
{
"type": "doc",
"label": "unsupportedPackageJsonSettings",
@@ -6489,6 +6504,11 @@
"label": "PnpmStoreOptions",
"id": "pages/rush-lib.pnpmstoreoptions"
},
+ {
+ "type": "doc",
+ "label": "PnpmTrustPolicy",
+ "id": "pages/rush-lib.pnpmtrustpolicy"
+ },
{
"type": "category",
"label": "ProjectChangeAnalyzer",
@@ -15287,6 +15307,11 @@
"label": "pnpmInstallFolder",
"id": "pages/package-extractor.iextractorsubspace.pnpminstallfolder"
},
+ {
+ "type": "doc",
+ "label": "pnpmNodeModulesHoistingEnabled",
+ "id": "pages/package-extractor.iextractorsubspace.pnpmnodemoduleshoistingenabled"
+ },
{
"type": "doc",
"label": "subspaceName",
diff --git a/websites/api.rushstack.io/docs/pages/package-extractor.iextractorsubspace.md b/websites/api.rushstack.io/docs/pages/package-extractor.iextractorsubspace.md
index 46ef0ac54..ff66e5f61 100644
--- a/websites/api.rushstack.io/docs/pages/package-extractor.iextractorsubspace.md
+++ b/websites/api.rushstack.io/docs/pages/package-extractor.iextractorsubspace.md
@@ -59,6 +59,25 @@ string
_(Optional)_ The folder where the PNPM "node\_modules" folder is located. This is used to resolve packages linked to the PNPM virtual store.
+
+|
+
+[pnpmNodeModulesHoistingEnabled?](./package-extractor.iextractorsubspace.pnpmnodemoduleshoistingenabled.md)
+
+
+ |
+
+
+ |
+
+boolean
+
+
+ |
+
+_(Optional)_ Whether PNPM hoisting is enabled for this subspace. When set to `false`<>, the extractor will skip looking for hoisted packages in the PNPM virtual store, since no hoisting symlinks will exist. Default is `true`<>.
+
+
|
|
diff --git a/websites/api.rushstack.io/docs/pages/package-extractor.iextractorsubspace.pnpmnodemoduleshoistingenabled.md b/websites/api.rushstack.io/docs/pages/package-extractor.iextractorsubspace.pnpmnodemoduleshoistingenabled.md
new file mode 100644
index 000000000..31139cfd4
--- /dev/null
+++ b/websites/api.rushstack.io/docs/pages/package-extractor.iextractorsubspace.pnpmnodemoduleshoistingenabled.md
@@ -0,0 +1,19 @@
+---
+hide_title: true
+custom_edit_url: null
+pagination_prev: null
+pagination_next: null
+---
+
+
+[Home](./index.md) > [@rushstack/package-extractor](./package-extractor.md) > [IExtractorSubspace](./package-extractor.iextractorsubspace.md) > [pnpmNodeModulesHoistingEnabled](./package-extractor.iextractorsubspace.pnpmnodemoduleshoistingenabled.md)
+
+## IExtractorSubspace.pnpmNodeModulesHoistingEnabled property
+
+Whether PNPM hoisting is enabled for this subspace. When set to `false`<>, the extractor will skip looking for hoisted packages in the PNPM virtual store, since no hoisting symlinks will exist. Default is `true`<>.
+
+**Signature:**
+
+```typescript
+pnpmNodeModulesHoistingEnabled?: boolean;
+```
diff --git a/websites/api.rushstack.io/docs/pages/rush-lib.md b/websites/api.rushstack.io/docs/pages/rush-lib.md
index e4115e186..26e666b27 100644
--- a/websites/api.rushstack.io/docs/pages/rush-lib.md
+++ b/websites/api.rushstack.io/docs/pages/rush-lib.md
@@ -1296,6 +1296,17 @@ This represents the available PNPM store options
|
+ |
+|
+
+[PnpmTrustPolicy](./rush-lib.pnpmtrustpolicy.md)
+
+
+ |
+
+Possible values for the `trustPolicy` setting in Rush's pnpm-config.json file.
+
+
|
diff --git a/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.md b/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.md
index 95dfea2e0..bfb307e9a 100644
--- a/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.md
+++ b/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.md
@@ -522,6 +522,69 @@ boolean
If true, then Rush will add the "--strict-peer-dependencies" option when invoking PNPM.
+
+|
+
+[trustPolicy](./rush-lib.pnpmoptionsconfiguration.trustpolicy.md)
+
+
+ |
+
+`readonly`
+
+
+ |
+
+[PnpmTrustPolicy](./rush-lib.pnpmtrustpolicy.md) \| undefined
+
+
+ |
+
+The trust policy controls whether pnpm should block installation of package versions where the trust level has decreased (e.g., a package previously published with provenance is now published without it). Setting this to `"no-downgrade"` enables the protection.
+
+
+ |
+|
+
+[trustPolicyExclude](./rush-lib.pnpmoptionsconfiguration.trustpolicyexclude.md)
+
+
+ |
+
+`readonly`
+
+
+ |
+
+string\[\] \| undefined
+
+
+ |
+
+List of package names or patterns that are excluded from the trust policy check. These packages will be allowed to install even if their trust level has decreased.
+
+
+ |
+|
+
+[trustPolicyIgnoreAfterMinutes](./rush-lib.pnpmoptionsconfiguration.trustpolicyignoreafterminutes.md)
+
+
+ |
+
+`readonly`
+
+
+ |
+
+number \| undefined
+
+
+ |
+
+The number of minutes after which pnpm will ignore trust level downgrades. Packages published longer ago than this threshold will not be blocked even if their trust level has decreased.
+
+
|
|
diff --git a/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.trustpolicy.md b/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.trustpolicy.md
new file mode 100644
index 000000000..f5cd3f015
--- /dev/null
+++ b/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.trustpolicy.md
@@ -0,0 +1,26 @@
+---
+hide_title: true
+custom_edit_url: null
+pagination_prev: null
+pagination_next: null
+---
+
+
+[Home](./index.md) > [@microsoft/rush-lib](./rush-lib.md) > [PnpmOptionsConfiguration](./rush-lib.pnpmoptionsconfiguration.md) > [trustPolicy](./rush-lib.pnpmoptionsconfiguration.trustpolicy.md)
+
+## PnpmOptionsConfiguration.trustPolicy property
+
+The trust policy controls whether pnpm should block installation of package versions where the trust level has decreased (e.g., a package previously published with provenance is now published without it). Setting this to `"no-downgrade"` enables the protection.
+
+**Signature:**
+
+```typescript
+readonly trustPolicy: PnpmTrustPolicy | undefined;
+```
+
+## Remarks
+
+(SUPPORTED ONLY IN PNPM 10.21.0 AND NEWER)
+
+PNPM documentation: https://pnpm.io/settings\#trustpolicy
+
diff --git a/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.trustpolicyexclude.md b/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.trustpolicyexclude.md
new file mode 100644
index 000000000..aaae597fe
--- /dev/null
+++ b/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.trustpolicyexclude.md
@@ -0,0 +1,28 @@
+---
+hide_title: true
+custom_edit_url: null
+pagination_prev: null
+pagination_next: null
+---
+
+
+[Home](./index.md) > [@microsoft/rush-lib](./rush-lib.md) > [PnpmOptionsConfiguration](./rush-lib.pnpmoptionsconfiguration.md) > [trustPolicyExclude](./rush-lib.pnpmoptionsconfiguration.trustpolicyexclude.md)
+
+## PnpmOptionsConfiguration.trustPolicyExclude property
+
+List of package names or patterns that are excluded from the trust policy check. These packages will be allowed to install even if their trust level has decreased.
+
+**Signature:**
+
+```typescript
+readonly trustPolicyExclude: string[] | undefined;
+```
+
+## Remarks
+
+(SUPPORTED ONLY IN PNPM 10.22.0 AND NEWER)
+
+PNPM documentation: https://pnpm.io/settings\#trustpolicyexclude
+
+Example: \["webpack", "react", "<>@<>myorg/\*"\]
+
diff --git a/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.trustpolicyignoreafterminutes.md b/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.trustpolicyignoreafterminutes.md
new file mode 100644
index 000000000..6d490fd9d
--- /dev/null
+++ b/websites/api.rushstack.io/docs/pages/rush-lib.pnpmoptionsconfiguration.trustpolicyignoreafterminutes.md
@@ -0,0 +1,26 @@
+---
+hide_title: true
+custom_edit_url: null
+pagination_prev: null
+pagination_next: null
+---
+
+
+[Home](./index.md) > [@microsoft/rush-lib](./rush-lib.md) > [PnpmOptionsConfiguration](./rush-lib.pnpmoptionsconfiguration.md) > [trustPolicyIgnoreAfterMinutes](./rush-lib.pnpmoptionsconfiguration.trustpolicyignoreafterminutes.md)
+
+## PnpmOptionsConfiguration.trustPolicyIgnoreAfterMinutes property
+
+The number of minutes after which pnpm will ignore trust level downgrades. Packages published longer ago than this threshold will not be blocked even if their trust level has decreased.
+
+**Signature:**
+
+```typescript
+readonly trustPolicyIgnoreAfterMinutes: number | undefined;
+```
+
+## Remarks
+
+(SUPPORTED ONLY IN PNPM 10.27.0 AND NEWER)
+
+PNPM documentation: https://pnpm.io/settings\#trustpolicyignoreafter
+
diff --git a/websites/api.rushstack.io/docs/pages/rush-lib.pnpmtrustpolicy.md b/websites/api.rushstack.io/docs/pages/rush-lib.pnpmtrustpolicy.md
new file mode 100644
index 000000000..326ec28b4
--- /dev/null
+++ b/websites/api.rushstack.io/docs/pages/rush-lib.pnpmtrustpolicy.md
@@ -0,0 +1,24 @@
+---
+hide_title: true
+custom_edit_url: null
+pagination_prev: null
+pagination_next: null
+---
+
+
+[Home](./index.md) > [@microsoft/rush-lib](./rush-lib.md) > [PnpmTrustPolicy](./rush-lib.pnpmtrustpolicy.md)
+
+## PnpmTrustPolicy type
+
+Possible values for the `trustPolicy` setting in Rush's pnpm-config.json file.
+
+**Signature:**
+
+```typescript
+export type PnpmTrustPolicy = 'no-downgrade' | 'off';
+```
+
+## Remarks
+
+These values correspond to PNPM's `trust-policy` setting, which is documented here: [https://pnpm.io/settings\#trustpolicy](https://pnpm.io/settings#trustpolicy)
+
|