Test Porting Plan

Scope: Stage 1 from pnpm/pacquet#299. The target behavior is pacquet install --frozen-lockfile matching pnpm install --frozen-lockfile. The TypeScript repo is the source of truth. This Rust repo should port these tests before or alongside the corresponding behavior.

Unless otherwise noted, TypeScript paths are relative to the TypeScript repo root, and Rust commands are run from this Rust repo root. Line numbers point at the TypeScript tests as found during this audit. Some tests are not frozen-lockfile tests themselves, but they exercise shared code or invariants that the frozen/headless installer must preserve.

Do not stop at the per-package test/ directories. Each TypeScript package has its own unit and integration tests under directories such as installing/deps-installer/test/, installing/deps-restorer/test/, network/auth-header/test/, and config/reader/test/. In addition to those, the upstream repo has a top-level pnpm/test/ directory. That directory contains CLI-level, end-to-end integration tests for almost every feature in pnpm, including install, monorepo and workspaces, lifecycle scripts, lockfile, global virtual store, runtime install, publish, link, store, prune, audit, dedupe, exec, and run. These tests drive the real pnpm CLI binary and exercise behaviors that the per-package tests do not, such as end-to-end config resolution, exit codes, stdout and stderr formatting, and multi-step CLI flows. When porting any feature, you must:

1. Look in the per-package test/ directory for that feature's package, and
2. Look in pnpm/test/ for matching CLI-level coverage (e.g. pnpm/test/install/, pnpm/test/monorepo/, pnpm/test/install/lifecycleScripts.ts, pnpm/test/install/globalVirtualStore.ts, pnpm/test/install/runtimeOnFail.ts, etc.).

This plan already cites a handful of pnpm/test/... files inline next to the feature they belong to, but those citations are not exhaustive. Treat pnpm/test/ as a parallel test tree that must be audited for every feature you port, not just the ones it is already mentioned under. Skipping pnpm/test/ is the single most common way a port misses behavioral coverage.

Expected-failing test ports should live under a known_failures test module and use pacquet_testing_utils::allow_known_failure! at the not-yet-implemented subject-under-test boundary. List all expected failures with just known-failures.

Test the tests before marking them ported. After porting a test, temporarily modify the relevant implementation path so the test should fail, run that test, and verify it fails for the expected reason. Revert the temporary breakage before committing. This guards against porting tests that execute but do not actually detect the behavior they claim to cover. See https://github.com/pnpm/pacquet/issues/299#issuecomment-4323032648.

Having more tests than pnpm is a plus, but it is not strictly required. The lists in this plan are a floor, not a ceiling. Porting the upstream coverage is the minimum bar for behavioral parity. Beyond that minimum, pacquet-only tests that exercise edge cases, regressions, or invariants the upstream suite does not cover are welcome and encouraged, but contributors are not obligated to add them. Do not hold back extra coverage just to keep the two suites symmetric.

.modules.yaml Write And Verify

Primary tests:

• TypeScript repo: installing/modules-yaml/test/index.ts:10 writeModulesManifest() and readModulesManifest()
• TypeScript repo: installing/modules-yaml/test/index.ts:42 backward compatible read of .modules.yaml created with shamefully-hoist=true
• TypeScript repo: installing/modules-yaml/test/index.ts:55 backward compatible read of .modules.yaml created with shamefully-hoist=false
• TypeScript repo: installing/modules-yaml/test/index.ts:68 readModulesManifest() should create a node_modules directory
• TypeScript repo: installing/modules-yaml/test/index.ts:96 readModulesManifest does not fail on empty file

Frozen/headless install coverage:

• TypeScript repo: installing/deps-restorer/test/index.ts:54 installing a simple project verifies headless install writes a modules manifest.
• TypeScript repo: installing/deps-restorer/test/index.ts:819 installing with no symlinks but with PnP verifies .modules.yaml still exists when symlinks are disabled.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:24 should hoist dependencies verifies hoistedDependencies is preserved on repeat frozen install.
• TypeScript repo: installing/deps-installer/test/install/modulesCache.ts:52 the modules cache is pruned when it expires and headless install is used verifies prunedAt is read, rewritten, and honored by headless install.
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:74 skip optional dependency that does not support the current OS verifies skipped survives frozen reinstall.
• TypeScript repo: installing/deps-installer/test/lockfile.ts:614 pendingBuilds gets updated if install removes packages verifies .modules.yaml.pendingBuilds is rewritten after pruning.
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:205 GVS re-links when allowBuilds changes verifies GVS-related allowBuilds state is updated in .modules.yaml.
• TypeScript repo: pnpm/test/monorepo/index.ts:1467 custom virtual store directory in a workspace with not shared lockfile verifies frozen reinstall preserves custom virtualStoreDir serialization.
• TypeScript repo: pnpm/test/monorepo/index.ts:1514 custom virtual store directory in a workspace with shared lockfile verifies frozen reinstall preserves root virtualStoreDir serialization.

Rust port notes:

• Start with pure read/write tests before install tests.
• Copy the TypeScript legacy fixtures from TypeScript repo: installing/modules-yaml/test/fixtures/.
• Assert raw serialized virtualStoreDir where the TS test checks serialization, not normalized path resolution.

Proper Support Of optionalDependencies

Primary frozen/headless tests:

• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:74 skip optional dependency that does not support the current OS removes node_modules, reinstalls with frozenLockfile: true, and verifies skipped packages remain skipped.
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:283 optional subdependency is skipped includes forced headless install with force: true, frozenLockfile: true and verifies incompatible optional subdependency handling.
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:359 only that package is skipped which is an optional dependency only and not installable removes node_modules, reinstalls frozen, and guards optional/non-optional overlap.
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:594 install optional dependency for the supported architecture set by the user (nodeLinker=%s) includes nodeLinker variants and frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:665 optional dependency is hardlinked to the store if it does not require a build includes frozen reinstall and import-method parity.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:540 hoisting should not create a broken symlink to a skipped optional dependency covers public hoist plus skipped optional dependency in headless behavior.

Supporting tests:

• TypeScript repo: installing/deps-restorer/test/index.ts:300 installing only optional deps covers headless include filtering when only optional dependencies are selected.
• TypeScript repo: installing/deps-restorer/test/index.ts:323 not installing optional deps covers headless include filtering.
• TypeScript repo: installing/deps-restorer/test/index.ts:340 skipping optional dependency if it cannot be fetched verifies a failed optional fetch does not fail headless install and still writes install state.
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:21 successfully install optional dependency with subdependencies
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:27 skip failing optional dependencies
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:34 skip failing optional peer dependencies
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:45 skip non-existing optional dependency
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:143 skip optional dependency that does not support the current Node version
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:169 do not skip optional dependency that does not support the current pnpm version
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:199 don't skip optional dependency that does not support the current OS when forcing
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:213 optional subdependency is not removed from current lockfile when new dependency added
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:344 optional subdependency of newly added optional dependency is skipped
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:391 not installing optional dependencies when optional is false
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:419 optional dependency has bigger priority than regular dependency
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:436 only skip optional dependencies
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:470 skip optional dependency that does not support the current OS, when doing install on a subset of workspace projects
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:540 do not fail on unsupported dependency of optional dependency
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:552 fail on unsupported dependency of optional dependency
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:563 do not fail on an optional dependency that has a non-optional dependency with a failing postinstall script
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:574 fail on a package with failing postinstall if the package is both an optional and non-optional dependency
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:618 remove optional dependencies that are not used
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:633 remove optional dependencies that are not used, when hoisted node linker is used
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:648 remove optional dependencies if supported architectures have changed and a new dependency is added
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:703 complex scenario with same optional dependencies appearing in many places of the dependency graph
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:712 dependency that is both optional and non-optional is installed, when optional dependencies should be skipped
• TypeScript repo: resolving/npm-resolver/test/optionalDependencies.test.ts:27 optional dependencies receive full metadata with libc field ensures optional dependency metadata includes platform/libc fields.
• TypeScript repo: resolving/npm-resolver/test/optionalDependencies.test.ts:73 abbreviated and full metadata are cached separately prevents regular dependency metadata cache from hiding optional metadata.
• TypeScript repo: installing/package-requester/test/index.ts:852 do not fetch an optional package that is not installable covers cold-store requester behavior for unsupported optional packages.
• TypeScript repo: installing/package-requester/test/index.ts:1205 should pass optional flag to resolve function ensures resolver receives optional: true.

Rust port notes:

• Separate platform/architecture skip semantics from the generic optional dependency group filtering.
• These tests depend on .modules.yaml.skipped, so port that field first.

Hoisting (hoistPattern, publicHoistPattern)

Primary tests:

• TypeScript repo: installing/deps-installer/test/install/hoist.ts:24 should hoist dependencies repeats install with hoistPattern: '*' and frozenLockfile: true. Single-importer subset ported as private_hoist_default_pattern_hoists_transitives in crates/cli/tests/hoist.rs. Repeat-install map preservation lives in the known_failures module (blocked on partial install, pnpm/pacquet#433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:53 should hoist dependencies to the root of node_modules when publicHoistPattern is used covers baseline public hoist behavior. Ported as public_hoist_star_hoists_to_root_node_modules.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:71 public hoist should not override directories that are already in the root of node_modules. Stubbed in known_failures::public_hoist_preserves_existing_root_directories — pacquet's symlink_package does the conservative EEXIST swallow but not upstream's external-symlink introspection.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:89 should hoist some dependencies to the root of node_modules when publicHoistPattern is used and others to the virtual store directory covers combined private and public hoist patterns. Stubbed in known_failures::combined_public_and_private_hoist_patterns_split_targets — pacquet's algo handles it (covered by public_pattern_wins_ties unit test) but the upstream test uses package set the registry mock doesn't carry.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:107 should hoist dependencies by pattern covers pattern-specific private hoisting. Ported as private_hoist_pattern_filters_aliases.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:121 should remove hoisted dependencies. Stubbed in known_failures::should_remove_hoisted_dependencies (partial install, #433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:137 should not override root packages with hoisted dependencies. Stubbed in known_failures::should_not_override_root_packages_with_hoisted_deps (#433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:148 should rehoist when uninstalling a package. Stubbed (#433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:169 should rehoist after running a general install. Stubbed (#433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:201 should not override aliased dependencies. Stubbed (#433 + alias-aware install plumbing).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:209 hoistPattern=* throws exception when executed on node_modules installed w/o the option. Stubbed (#433 — pattern-change detection across .modules.yaml reads).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:220 hoistPattern=undefined throws exception when executed on node_modules installed with hoist-pattern=*. Stubbed (#433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:233 hoist by alias. Stubbed in known_failures::hoist_by_alias — algo is correct (unit-tested) but end-to-end exercises alias plumbing not all wired.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:249 should remove aliased hoisted dependencies. Stubbed (#433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:272 should update .modules.yaml when pruning if we are flattening. Stubbed (#433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:288 should rehoist after pruning. Stubbed (#433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:320 should hoist correctly peer dependencies. Stubbed in known_failures::should_hoist_correctly_peer_dependencies — multi-variant peer install path not exercised.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:327 should uninstall correctly peer dependencies. Stubbed (#433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:341 hoist-pattern: hoist all dependencies to the virtual store node_modules covers workspace install followed by frozen reinstall. Basic workspace shape ported as workspace_hoist_walks_every_importer; the upstream test additionally asserts preservation across re-installs which still needs partial install (#433) — stubbed in known_failures::workspace_hoist_all_to_virtual_store_node_modules.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:423 hoist when updating in one of the workspace projects. Stubbed in known_failures::workspace_hoist_when_updating_one_project — needs pnpm add-equivalent manifest mutation.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:514 should recreate node_modules with hoisting. Stubbed (#433).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:540 hoisting should not create a broken symlink to a skipped optional dependency covers hoisting with skipped optional packages. Stubbed in known_failures::hoisting_skips_broken_symlink_for_skipped_optional — pacquet doesn't yet skip optional deps on platform constraints.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:567 the hoisted packages should not override the bin files of the direct dependencies covers public hoist bin precedence after frozen reinstall. Stubbed in known_failures::hoisted_packages_dont_override_direct_dep_bins — bin-conflict resolution rules not implemented.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:587 hoist packages which is in the dependencies tree of the selected projects. Stubbed in known_failures::workspace_hoist_packages_in_selected_projects_tree — needs --filter selected-projects install, which workspace install (#443) didn't implement.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:682 only hoist packages which is in the dependencies tree of the selected projects with sub dependencies. Stubbed (--filter selected-projects install).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:790 should add extra node paths to command shims. Stubbed in known_failures::should_add_extra_node_paths_to_command_shims — extendNodePath not implemented.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:799 should not add extra node paths to command shims, when extend-node-path is set to false. Stubbed (extendNodePath).
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:813 hoistWorkspacePackages should hoist all workspace projects covers workspace package hoisting and frozen reinstall. Stubbed in known_failures::hoist_workspace_packages_hoists_all_workspace_projects — needs the hoistedWorkspacePackages shape pacquet doesn't model yet (links workspace projects themselves into the hoist tree).

Headless module-manifest checks:

• TypeScript repo: installing/deps-restorer/test/index.ts:569 installing with hoistPattern=* asserts private hoistedDependencies in .modules.yaml. Ported as modules_yaml_records_hoisted_dependencies and private_hoist_links_bins in crates/cli/tests/hoist.rs.
• TypeScript repo: installing/deps-restorer/test/index.ts:628 installing with publicHoistPattern=* asserts public hoistedDependencies in .modules.yaml. Ported as public_hoist_star_hoists_to_root_node_modules and public_hoist_bin_is_linked_via_root_bin_dir.
• TypeScript repo: installing/deps-restorer/test/index.ts:690 installing with publicHoistPattern=* in a project with external lockfile covers headless public hoist with an external lockfile/project root split.
• TypeScript repo: installing/deps-installer/test/install/sideEffects.ts:50 caching side effects of native package when hoisting is used is skipped upstream but documents side-effects cache behavior under private hoisting.

Rust port notes:

• Port the module-manifest assertions with hoisting; otherwise later behavior can appear to work while install state is wrong.

Support patchedDependencies

Primary frozen/headless tests:

• TypeScript repo: installing/deps-installer/test/install/patch.ts:24 patch package with exact version verifies patched package lockfile/snapshot/side-effects, then frozen reinstall and frozen hoisted reinstall.
• TypeScript repo: installing/deps-installer/test/install/patch.ts:120 patch package with version range covers range selector patches with frozen and hoisted frozen reinstalls.
• TypeScript repo: installing/deps-installer/test/install/patch.ts:297 patch package when scripts are ignored covers patches with ignored scripts and frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/patch.ts:386 patch package when the package is not in allowBuilds list verifies patches apply even when builds are disallowed, including frozen and hoisted frozen paths.

Supporting tests:

• TypeScript repo: installing/deps-restorer/test/index.ts:848 installing with no modules directory and a patched dependency covers headless patched dependency behavior when enableModulesDir: false.
• TypeScript repo: installing/deps-installer/test/install/patch.ts:216 patch package reports warning if not all patches are applied and allowUnusedPatches is set
• TypeScript repo: installing/deps-installer/test/install/patch.ts:246 patch package throws an exception if not all patches are applied
• TypeScript repo: installing/deps-installer/test/install/patch.ts:269 the patched package is updated if the patch is modified
• TypeScript repo: installing/deps-installer/test/install/patch.ts:475 patch package when the patched package has no dependencies and appears multiple times
• TypeScript repo: installing/deps-installer/test/install/patch.ts:508 patch package should fail when the exact version patch fails to apply
• TypeScript repo: installing/deps-installer/test/install/patch.ts:530 patch package should fail when the version range patch fails to apply
• TypeScript repo: installing/deps-installer/test/install/patch.ts:552 patch package should fail when the name-only range patch fails to apply

Rust port notes:

• The primary tests are enough for the frozen installer milestone.
• The supporting tests belong with patch parser/application correctness and should be ported when Rust has a patching subsystem.

Support Building Dependencies

Primary frozen/headless tests:

• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:331 lifecycle scripts run before linking bins removes node_modules, reinstalls frozen, and verifies generated bins are executable.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:351 hoisting does not fail on commands that will be created by lifecycle scripts on a later stage covers hoistPattern: '*' and frozen install.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:372 bins are linked even if lifecycle scripts are ignored verifies bin linking after frozen reinstall with ignored scripts.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:408 dependency should not be added to current lockfile if it was not built successfully during headless install covers failed build during frozen/headless install.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:445 selectively ignore scripts in some dependencies by allowBuilds (not others) covers frozen reinstall with selective build policy.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:466 selectively allow scripts in some dependencies by allowBuilds covers frozen reinstall and ignored script reporting.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:504 selectively allow scripts in some dependencies by allowBuilds using exact versions covers exact-version allow list.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:552 lifecycle scripts run after linking root dependencies verifies builds can require root dependencies during frozen install.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:724 build dependencies that were not previously built after allowBuilds changes covers rebuilding newly allowed dependencies with frozen install.
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:1902 link the bin file of a workspace project that is created by a lifecycle script covers workspace build-created bin behavior and frozen reinstall.

Supporting tests:

• TypeScript repo: installing/deps-restorer/test/index.ts:362 run pre/postinstall scripts verifies headless build execution and pendingBuilds when scripts are ignored.
• TypeScript repo: pnpm/test/install/lifecycleScripts.ts:245 the list of ignored builds is preserved after a repeat install covers CLI-level .modules.yaml.ignoredBuilds persistence.
• TypeScript repo: pnpm/test/install/lifecycleScripts.ts:303 strictDepBuilds fails for packages with cached side-effects (#11035) ensures cached side effects do not bypass build approval.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:26 run pre/postinstall scripts
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:60 return the list of packages that should be build
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:121 run install scripts
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:175 installation fails if lifecycle script fails
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:303 run lifecycle scripts of dependent packages after running scripts of their deps

Rust port notes:

• Port the frozen/headless tests before broad lifecycle coverage.
• Current-lockfile behavior on failed build should be paired with the current-lockfile TODO.

Support Side-Effects Cache

Primary side-effects tests:

• TypeScript repo: installing/deps-installer/test/install/sideEffects.ts:79 using side effects cache covers side-effects read/write. The test intentionally removes pnpm-lock.yaml to avoid headless, so it is cache-first rather than frozen-first.
• TypeScript repo: installing/deps-installer/test/install/sideEffects.ts:166 uploading errors do not interrupt installation verifies cache upload errors do not fail install.
• TypeScript repo: installing/deps-installer/test/install/sideEffects.ts:189 a postinstall script does not modify the original sources added to the store verifies side effects stay separate from original CAFS files.
• TypeScript repo: installing/deps-installer/test/install/sideEffects.ts:225 a corrupted side-effects cache is ignored verifies fallback when cache contents are invalid.

Frozen/headless cross-coverage:

• TypeScript repo: installing/deps-installer/test/install/sideEffects.ts:50 caching side effects of native package when hoisting is used is skipped upstream but relevant to hoisting plus side-effects cache.
• TypeScript repo: installing/deps-installer/test/install/patch.ts:24 patch package with exact version
• TypeScript repo: installing/deps-installer/test/install/patch.ts:120 patch package with version range
• TypeScript repo: installing/deps-installer/test/install/patch.ts:297 patch package when scripts are ignored
• TypeScript repo: installing/deps-installer/test/install/patch.ts:386 patch package when the package is not in allowBuilds list
• TypeScript repo: installing/deps-restorer/test/index.ts:706 using side effects cache with nodeLinker=%s covers headless side-effects behavior for isolated and hoisted linkers.
• TypeScript repo: installing/deps-restorer/test/index.ts:761 using side effects cache and hoistPattern=* is skipped upstream but documents intended headless plus hoisting coverage.
• TypeScript repo: pnpm/test/install/lifecycleScripts.ts:303 strictDepBuilds fails for packages with cached side-effects (#11035) verifies build approval semantics even when side effects are cached.

Rust port notes:

• Do not block side-effects cache porting on patches; port the standalone sideEffects.ts tests first.
• The patch tests become important once patched builds and side-effects cache both exist.

Support Workspaces

Primary frozen/headless tests:

• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:438 dependencies of other importers are not pruned when (headless) installing for a subset of importers
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:208 install only the dependencies of the specified importer. The current lockfile has importers that do not exist anymore covers stale importer entries in the current lockfile.
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:730 current lockfile contains only installed dependencies when adding a new importer to workspace with shared lockfile asserts filtered current lockfile contents.
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:540 headless install is used when package linked to another package in the workspace
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:598 headless install is used with an up-to-date lockfile when package references another package via workspace: protocol
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:656 headless install is used when packages are not linked from the workspace (unless workspace ranges are used)
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:865 partial installation in a monorepo does not remove dependencies of other workspace projects when lockfile is frozen
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:1427 resolve a subdependency from the workspace includes frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:1563 resolve a subdependency from the workspace, when it uses the workspace protocol includes frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:1768 symlink local package from the location described in its publishConfig.directory when linkDirectory is true includes frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:1902 link the bin file of a workspace project that is created by a lifecycle script includes frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:341 hoist-pattern: hoist all dependencies to the virtual store node_modules covers workspace hoisting and frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:813 hoistWorkspacePackages should hoist all workspace projects covers workspace package hoisting and frozen reinstall.

Headless restorer tests:

• TypeScript repo: installing/deps-restorer/test/index.ts:789 installing in a workspace
• TypeScript repo: installing/deps-restorer/test/index.ts:873 installing in a workspace with node-linker=hoisted
• TypeScript repo: installing/deps-restorer/test/index.ts:897 installing a package deeply installs all required dependencies

CLI-level frozen workspace tests:

• TypeScript repo: pnpm/test/monorepo/index.ts:734 recursive install with shared-workspace-lockfile builds workspace projects in correct order includes recursive frozen reinstall.
• TypeScript repo: pnpm/test/monorepo/index.ts:1281 dependencies of workspace projects are built during headless installation runs CLI install --frozen-lockfile after lockfile-only generation.
• TypeScript repo: pnpm/test/monorepo/index.ts:1317 linking the package's bin to another workspace package in a monorepo deletes workspace node_modules and runs frozen reinstall.
• TypeScript repo: pnpm/test/monorepo/index.ts:1467 custom virtual store directory in a workspace with not shared lockfile verifies workspace-local custom virtual store on frozen reinstall.
• TypeScript repo: pnpm/test/monorepo/index.ts:1514 custom virtual store directory in a workspace with shared lockfile verifies root custom virtual store on frozen reinstall.

Rust port notes:

• Start with single root workspace lockfile and direct workspace links.
• Add subset/partial install tests only after Rust has project selection semantics.

Support nodeLinker=hoisted

Primary tests:

• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:16 installing with hoisted node-linker
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:45 installing with hoisted node-linker and no lockfile
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:61 overwriting ([email protected] with is-positive@latest)
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:83 overwriting existing files in node_modules
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:97 preserve subdeps on update
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:119 adding a new dependency to one of the workspace projects
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:172 installing the same package with alias and no alias
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:187 run pre/postinstall scripts. bin files should be linked in a hoisted node_modules
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:210 running install scripts in a workspace that has no root project
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:229 hoistingLimits should prevent packages to be hoisted
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:247 externalDependencies should prevent package from being hoisted to the root
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:264 linking bins of local projects when node-linker is set to hoisted
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:314 peerDependencies should be installed when autoInstallPeers is set to true and nodeLinker is set to hoisted
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:329 installing with hoisted node-linker a package that is a peer dependency of itself
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:87 install only the dependencies of the specified importer, when node-linker is hoisted is workspace subset coverage for hoisted linker.

Frozen/headless cross-coverage:

• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:594 install optional dependency for the supported architecture set by the user (nodeLinker=%s) includes hoisted frozen install.
• TypeScript repo: installing/deps-installer/test/install/patch.ts:24 patch package with exact version includes frozen hoisted reinstall.
• TypeScript repo: installing/deps-installer/test/install/patch.ts:120 patch package with version range includes frozen hoisted reinstall.
• TypeScript repo: installing/deps-installer/test/install/patch.ts:297 patch package when scripts are ignored includes frozen hoisted reinstall.
• TypeScript repo: installing/deps-installer/test/install/patch.ts:386 patch package when the package is not in allowBuilds list includes frozen hoisted reinstall.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:579 run pre/postinstall scripts in a workspace that uses node-linker=hoisted
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:686 run pre/postinstall scripts in a project that uses node-linker=hoisted. Should not fail on repeat install
• TypeScript repo: installing/deps-restorer/test/index.ts:859 installing with node-linker=hoisted
• TypeScript repo: installing/deps-restorer/test/index.ts:873 installing in a workspace with node-linker=hoisted

Rust port notes:

• Treat hoisted linker as its own milestone. Its tests overlap with optional deps, patches, lifecycle scripts, bins, and workspaces.

Support The Global Virtual Store Dir

Primary tests:

• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:21 using a global virtual store includes reinstall with frozenLockfile: true.
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:63 reinstall from warm global virtual store after deleting node_modules deletes node_modules, keeps GVS warm, and reinstalls frozen.
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:107 modules are correctly updated when using a global virtual store
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:132 GVS hashes are engine-agnostic for packages not in allowBuilds
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:172 GVS hashes are stable when allowBuilds targets an unrelated package
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:205 GVS re-links when allowBuilds changes
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:250 GVS successful build creates package directory with build artifacts
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:290 GVS: approve-builds scenario — install with no builds, then reinstall with allowBuilds
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:338 GVS build failure cleans up broken package directory
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:367 GVS rebuilds successfully after simulated build failure cleanup
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:411 GVS .pnpm-needs-build marker triggers re-import on next install
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:461 injected local packages work with global virtual store
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:539 virtualStoreOnly populates standard virtual store without importer symlinks is the standard-store counterpart for virtual-store-only behavior.
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:559 virtualStoreOnly with enableModulesDir=false throws config error (standard virtual store) is the negative counterpart to GVS behavior.
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:571 virtualStoreOnly with enableModulesDir=false works when GVS is enabled
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:605 virtualStoreOnly with GVS populates global virtual store without importer links
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:635 virtualStoreOnly with frozenLockfile populates virtual store without importer symlinks
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:677 virtualStoreOnly with frozenLockfile populates standard virtual store without importer symlinks
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:708 virtualStoreOnly suppresses hoisting even with explicit hoistPattern

CLI-level tests:

• TypeScript repo: pnpm/test/install/globalVirtualStore.ts:11 using a global virtual store
• TypeScript repo: pnpm/test/install/globalVirtualStore.ts:34 approve-builds updates GVS symlinks and runs builds at correct hash directory
• TypeScript repo: pnpm/test/install/globalVirtualStore.ts:80 warm GVS reinstall skips internal linking

Rust port notes:

• Separate GVS path layout from build/allowBuilds behavior.
• The first frozen target should be warm GVS reinstall after deleting node_modules.

Link Dependency Binaries

Primary frozen/headless tests:

• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:331 lifecycle scripts run before linking bins verifies generated bins after frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:372 bins are linked even if lifecycle scripts are ignored verifies direct and nested bins after frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:567 the hoisted packages should not override the bin files of the direct dependencies verifies public hoist bin precedence after frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:1902 link the bin file of a workspace project that is created by a lifecycle script verifies workspace bin link after frozen reinstall.

Supporting tests:

• TypeScript repo: installing/deps-restorer/test/index.ts:54 installing a simple project verifies .bin/rimraf in headless install.
• TypeScript repo: installing/deps-restorer/test/index.ts:569 installing with hoistPattern=* verifies private hoisted .bin/hello-world-js-bin.
• TypeScript repo: installing/deps-restorer/test/index.ts:628 installing with publicHoistPattern=* verifies public .bin/hello-world-js-bin.
• TypeScript repo: installing/deps-installer/test/install/misc.ts:1130 installing with no symlinks with PnP verifies .bin exists with no symlink layout.
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:187 run pre/postinstall scripts. bin files should be linked in a hoisted node_modules
• TypeScript repo: installing/deps-installer/test/hoistedNodeLinker/install.ts:264 linking bins of local projects when node-linker is set to hoisted

Rust port notes:

• Port direct dependency bins first.
• Then add hoisted-bin precedence and lifecycle-created bins.

Existing node_modules With Existing Packages

Primary frozen/headless tests:

• TypeScript repo: installing/deps-restorer/test/index.ts:237 installing non-prod deps then all deps verifies headless repeat install adds missing dependency groups and updates install state.
• TypeScript repo: installing/deps-installer/test/install/misc.ts:844 reinstalls missing packages to node_modules during headless install starts with existing install, removes package links/store locations, and verifies install repairs node_modules.
• TypeScript repo: installing/deps-installer/test/lockfile.ts:547 repeat install with no inner lockfile should not rewrite packages in node_modules verifies reinstall keeps existing packages usable when node_modules/.pnpm/lock.yaml is absent.
• TypeScript repo: installing/deps-installer/test/install/hoist.ts:24 should hoist dependencies verifies repeat installs preserve existing hoisted packages under frozen/headless install.
• TypeScript repo: installing/deps-installer/test/packageImportMethods.ts:31 packages are updated in node_modules, when packageImportMethod is set to copy and modules manifest and current lockfile are incorrect corrupts both install-state files and verifies node_modules is repaired.

Supporting tests:

• TypeScript repo: installing/deps-installer/test/install/misc.ts:784 rewrites node_modules created by npm is relevant to pre-existing node_modules, but not frozen/headless.
• TypeScript repo: installing/deps-restorer/test/index.ts:432 available packages are used when node_modules is not clean is headless-restorer behavior around dirty node_modules.
• TypeScript repo: installing/deps-restorer/test/index.ts:469 available packages are relinked during forced install covers force-path relinking with existing packages.
• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:63 reinstall from warm global virtual store after deleting node_modules repairs project links from a warm GVS.
• TypeScript repo: pnpm/test/install/globalVirtualStore.ts:80 warm GVS reinstall skips internal linking is CLI-level existing-node_modules/warm-GVS coverage.

Rust port notes:

• First test target: do not assume clean node_modules.
• Preserve user/unrelated files and repair missing package links without rewriting everything unnecessarily.

Write And Update Current Lockfile At node_modules/.pnpm/lock.yaml

Primary tests:

• TypeScript repo: installing/deps-installer/test/install/globalVirtualStore.ts:21 using a global virtual store verifies node_modules/.pnpm/lock.yaml exists after install and frozen reinstall.
• TypeScript repo: installing/deps-installer/test/install/packageExtensions.ts:16 manifests are extended with fields specified by packageExtensions verifies wanted lockfile checksum matches current lockfile, including after frozen install.
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:408 dependency should not be added to current lockfile if it was not built successfully during headless install verifies failed build does not update current lockfile.
• TypeScript repo: installing/deps-installer/test/install/optionalDependencies.ts:74 skip optional dependency that does not support the current OS verifies current lockfile package set matches wanted lockfile while skipped packages are tracked.
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:208 install only the dependencies of the specified importer. The current lockfile has importers that do not exist anymore covers stale current-lockfile importers.
• TypeScript repo: installing/deps-installer/test/install/multipleImporters.ts:730 current lockfile contains only installed dependencies when adding a new importer to workspace with shared lockfile verifies filtered current lockfile content.
• TypeScript repo: installing/deps-installer/test/packageImportMethods.ts:31 packages are updated in node_modules, when packageImportMethod is set to copy and modules manifest and current lockfile are incorrect covers incorrect current lockfile repair.
• TypeScript repo: installing/deps-installer/test/lockfile.ts:368 subdeps are updated on repeat install if outer pnpm-lock.yaml does not match the inner one tests wanted/current lockfile divergence.
• TypeScript repo: installing/deps-installer/test/lockfile.ts:547 repeat install with no inner lockfile should not rewrite packages in node_modules covers missing current lockfile on repeat install.
• TypeScript repo: installing/deps-installer/test/lockfile.ts:1007 use current pnpm-lock.yaml as initial wanted one, when wanted was removed covers recovering from current lockfile when wanted lockfile is gone.
• TypeScript repo: installing/deps-installer/test/lockfile.ts:1351 a broken private lockfile is ignored covers malformed node_modules/.pnpm/lock.yaml.
• TypeScript repo: installing/deps-installer/test/lockfile.ts:1324 a lockfile with duplicate keys causes an exception, when frozenLockfile is true covers frozen lockfile parse/validation failure.

Supporting tests:

• TypeScript repo: installing/deps-restorer/test/index.ts:54 installing a simple project verifies current lockfile exists after headless install.
• TypeScript repo: installing/deps-restorer/test/index.ts:165 installing with package manifest ignored verifies filtered current lockfile package contents.
• TypeScript repo: installing/deps-restorer/test/index.ts:189 installing only prod package with package manifest ignored verifies filtered current lockfile package contents.
• TypeScript repo: installing/deps-restorer/test/index.ts:213 installing only dev package with package manifest ignored verifies filtered current lockfile package contents.
• TypeScript repo: installing/deps-restorer/test/index.ts:789 installing in a workspace verifies current lockfile is filtered after subset workspace headless install.

Rust port notes:

• Port the simple write first, then filtered lockfiles, then negative failed-build behavior.

Progress Reporting Matching pnpm

Reporter unit tests:

• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:25 prints progress beginning
• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:50 prints progress without added packages stats
• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:78 prints all progress stats
• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:119 prints progress beginning of node_modules from not cwd
• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:144 prints progress beginning of node_modules from not cwd, when progress prefix is hidden
• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:172 prints progress beginning when appendOnly is true
• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:200 prints progress beginning during recursive install
• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:228 prints progress on first download
• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:262 moves fixed line to the end
• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:307 prints "Already up to date"
• TypeScript repo: cli/default-reporter/test/reportingProgress.ts:324 prints progress of big files download

Install reporter coverage:

• TypeScript repo: installing/deps-restorer/test/index.ts:54 installing a simple project asserts headless reporter events: stats, stage, package-manifest, and resolved logs.

Rust port notes:

• Port event-shape tests separately from terminal rendering.
• For terminal rendering, snapshot exact text only after event parity exists.

Support Proper Auth

Install tests:

• TypeScript repo: installing/deps-installer/test/install/auth.ts:14 a package that need authentication
• TypeScript repo: installing/deps-installer/test/install/auth.ts:52 installing a package that need authentication, using password
• TypeScript repo: installing/deps-installer/test/install/auth.ts:73 a package that need authentication, legacy way
• TypeScript repo: installing/deps-installer/test/install/auth.ts:94 a scoped package that need authentication specific to scope
• TypeScript repo: installing/deps-installer/test/install/auth.ts:142 a scoped package that need legacy authentication specific to scope
• TypeScript repo: installing/deps-installer/test/install/auth.ts:190 a package that need authentication reuses authorization tokens for tarball fetching
• TypeScript repo: installing/deps-installer/test/install/auth.ts:216 a package that need authentication reuses authorization tokens for tarball fetching when meta info is cached

Auth header tests:

• TypeScript repo: network/auth-header/test/getAuthHeadersFromConfig.test.ts:32 should convert auth token to Bearer header
• TypeScript repo: network/auth-header/test/getAuthHeadersFromConfig.test.ts:42 should convert basicAuth to Basic header
• TypeScript repo: network/auth-header/test/getAuthHeadersFromConfig.test.ts:50 should handle default registry auth (empty key)
• TypeScript repo: network/auth-header/test/getAuthHeadersFromConfig.test.ts:58 should execute tokenHelper
• TypeScript repo: network/auth-header/test/getAuthHeadersFromConfig.test.ts:66 should prepend Bearer to raw token from tokenHelper
• TypeScript repo: network/auth-header/test/getAuthHeadersFromConfig.test.ts:74 should throw an error if the token helper fails
• TypeScript repo: network/auth-header/test/getAuthHeadersFromConfig.test.ts:79 should throw an error if the token helper returns an empty token
• TypeScript repo: network/auth-header/test/getAuthHeaderByURI.ts:11 getAuthHeaderByURI()
• TypeScript repo: network/auth-header/test/getAuthHeaderByURI.ts:22 getAuthHeaderByURI() basic auth without settings
• TypeScript repo: network/auth-header/test/getAuthHeaderByURI.ts:30 getAuthHeaderByURI() basic auth with settings
• TypeScript repo: network/auth-header/test/getAuthHeaderByURI.ts:41 getAuthHeaderByURI() https port 443 checks
• TypeScript repo: network/auth-header/test/getAuthHeaderByURI.ts:49 getAuthHeaderByURI() when default ports are specified
• TypeScript repo: network/auth-header/test/getAuthHeaderByURI.ts:61 getAuthHeaderByURI() when the registry has pathnames
• TypeScript repo: network/auth-header/test/getAuthHeaderByURI.ts:72 getAuthHeaderByURI() with default registry auth

Auth config parsing and precedence tests:

• TypeScript repo: config/reader/test/index.ts:481 auth tokens from pnpm auth file override ~/.npmrc
• TypeScript repo: config/reader/test/index.ts:523 workspace .npmrc overrides pnpm auth file
• TypeScript repo: config/reader/test/parseCreds.test.ts:15 authToken
• TypeScript repo: config/reader/test/parseCreds.test.ts:23 authPairBase64
• TypeScript repo: config/reader/test/parseCreds.test.ts:49 authUsername and authPassword
• TypeScript repo: config/reader/test/parseCreds.test.ts:69 tokenHelper

Fetcher tests:

• TypeScript repo: fetching/tarball-fetcher/test/fetch.ts:349 throw error when accessing private package w/o authorization
• TypeScript repo: fetching/tarball-fetcher/test/fetch.ts:409 accessing private packages
• TypeScript repo: network/fetch/test/fetchFromRegistry.test.ts:62 authorization headers are removed before redirection if the target is on a different host
• TypeScript repo: network/fetch/test/fetchFromRegistry.test.ts:90 authorization headers are not removed before redirection if the target is on the same host
• TypeScript repo: resolving/npm-resolver/test/index.ts:934 error is thrown when package needs authorization

Rust port notes:

• Frozen install still fetches tarballs when the store is cold, so auth applies even without resolution.
• Header matching and token helper behavior should be ported below install-level tests.

Support pnpm Proxy Settings

Proxy dispatcher tests:

• TypeScript repo: network/fetch/test/dispatcher.test.ts:62 returns ProxyAgent for httpProxy with http target
• TypeScript repo: network/fetch/test/dispatcher.test.ts:69 returns ProxyAgent for httpsProxy with https target
• TypeScript repo: network/fetch/test/dispatcher.test.ts:76 adds protocol prefix when proxy URL has none
• TypeScript repo: network/fetch/test/dispatcher.test.ts:84 throws PnpmError for invalid proxy URL
• TypeScript repo: network/fetch/test/dispatcher.test.ts:92 proxy with authentication credentials
• TypeScript repo: network/fetch/test/dispatcher.test.ts:101 returns Agent (not ProxyAgent) for socks5 proxy
• TypeScript repo: network/fetch/test/dispatcher.test.ts:111 returns Agent for socks4 proxy
• TypeScript repo: network/fetch/test/dispatcher.test.ts:119 returns Agent for socks proxy with https target
• TypeScript repo: network/fetch/test/dispatcher.test.ts:127 SOCKS proxy dispatchers are cached
• TypeScript repo: network/fetch/test/dispatcher.test.ts:134 SOCKS proxy can connect through a real SOCKS5 server
• TypeScript repo: network/fetch/test/dispatcher.test.ts:192 bypasses proxy when noProxy matches hostname
• TypeScript repo: network/fetch/test/dispatcher.test.ts:202 bypasses proxy when noProxy matches domain suffix
• TypeScript repo: network/fetch/test/dispatcher.test.ts:211 does not bypass proxy when noProxy does not match
• TypeScript repo: network/fetch/test/dispatcher.test.ts:219 bypasses proxy when noProxy is true
• TypeScript repo: network/fetch/test/dispatcher.test.ts:228 handles comma-separated noProxy list

Config tests:

• TypeScript repo: config/reader/test/index.ts:978 getConfig() converts noproxy to noProxy
• TypeScript repo: config/reader/test/index.ts:1514 reads proxy settings from global config.yaml
• TypeScript repo: config/reader/test/index.ts:1540 proxy settings from global config.yaml override .npmrc
• TypeScript repo: config/reader/test/index.ts:1567 CLI flags override proxy settings from global config.yaml
• TypeScript repo: config/reader/test/index.ts:1592 proxy settings are still read from .npmrc
• TypeScript repo: config/commands/test/configSet.test.ts:875 config set --global https-proxy writes to config.yaml, not auth.ini
• TypeScript repo: config/commands/test/configSet.test.ts:902 config set --global httpProxy writes to config.yaml
• TypeScript repo: config/commands/test/configSet.test.ts:928 config set --global no-proxy writes to config.yaml

Rust port notes:

• No direct frozen/headless install proxy test was found. Use these as the parity map for config and network plumbing.
• Add an install-level cold-store frozen test after the Rust fetcher supports proxy injection.

Installation Of Runtimes

Node runtime tests:

• TypeScript repo: installing/deps-installer/test/install/nodeRuntime.ts:209 installing Node.js runtime includes frozen/offline reinstall after deleting node_modules.
• TypeScript repo: installing/deps-installer/test/install/nodeRuntime.ts:332 installing node.js runtime fails if offline mode is used and node.js not found locally
• TypeScript repo: installing/deps-installer/test/install/nodeRuntime.ts:339 installing Node.js runtime from RC channel
• TypeScript repo: installing/deps-installer/test/install/nodeRuntime.ts:346 installing Node.js runtime fails if integrity check fails verifies frozen integrity failure.
• TypeScript repo: installing/deps-installer/test/install/nodeRuntime.ts:400 installing Node.js runtime for the given supported architecture includes frozen reinstall for target architecture.
• TypeScript repo: installing/deps-installer/test/install/nodeRuntime.ts:422 installing Node.js runtime, when it is set via the engines field of a dependency

Deno runtime tests:

• TypeScript repo: installing/deps-installer/test/install/denoRuntime.ts:111 installing Deno runtime includes frozen/offline reinstall.
• TypeScript repo: installing/deps-installer/test/install/denoRuntime.ts:217 installing Deno runtime fails if offline mode is used and Deno not found locally
• TypeScript repo: installing/deps-installer/test/install/denoRuntime.ts:224 installing Deno runtime fails if integrity check fails

Bun runtime tests:

• TypeScript repo: installing/deps-installer/test/install/bunRuntime.ts:128 installing Bun runtime includes frozen/offline reinstall.
• TypeScript repo: installing/deps-installer/test/install/bunRuntime.ts:215 installing Bun runtime fails if offline mode is used and Bun not found locally
• TypeScript repo: installing/deps-installer/test/install/bunRuntime.ts:222 installing Bun runtime fails if integrity check fails

Command-level tests:

• TypeScript repo: installing/commands/test/install.ts:124 install Node.js when devEngines runtime is set with onFail=download
• TypeScript repo: installing/commands/test/install.ts:160 do not install Node.js when devEngines runtime is not set to onFail=download
• TypeScript repo: pnpm/test/install/runtimeOnFail.ts:8 runtimeOnFail=download causes Node.js to be downloaded even when the manifest does not set onFail
• TypeScript repo: pnpm/test/install/runtimeOnFail.ts:31 runtimeOnFail=ignore prevents Node.js download even when manifest sets onFail=download

Runtime manifest/config conversion tests:

• TypeScript repo: config/reader/test/index.ts:85 nodeVersion from config takes priority over devEngines.runtime
• TypeScript repo: config/reader/test/index.ts:109 runtimeOnFail=download overrides devEngines.runtime.onFail and adds node to devDependencies
• TypeScript repo: config/reader/test/index.ts:138 runtimeOnFail=ignore overrides an existing onFail=download and removes node from devDependencies
• TypeScript repo: workspace/project-manifest-reader/test/index.ts:37 readProjectManifest() converts devEngines runtime to devDependencies
• TypeScript repo: workspace/project-manifest-reader/test/index.ts:68 readProjectManifest() converts engines runtime to dependencies

Rust port notes:

• Treat Node, Deno, and Bun as separate subfeatures.
• Frozen/offline reinstall is the most relevant Stage 1 assertion.

Installation Of Git-Hosted Packages

Install tests:

• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:31 from a github repo
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:48 from a github repo through URL
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:61 from a github repo with different name via named installation
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:105 from a github repo with different name
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:150 a subdependency is from a github repo with different name
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:174 from a git repo
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:206 from a github repo that has no package.json file — covered at fetcher level by crates/git-fetcher/src/fetcher/tests.rs::fetcher_handles_repo_without_package_json. Full install-level test deferred until a non-resolver lockfile fixture lands.
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:276 re-adding a git repo with a different tag
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:323 should not update when adding unrelated dependency
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:354 git-hosted repository is not added to the store if it fails to be built
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:366 from subdirectories of a git repo — covered at fetcher level by fetcher_packs_subfolder_when_path_set. Full install-level test deferred (Stage 2 resolver dependency).
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:389 no hash character for github subdirectory install
• TypeScript repo: installing/deps-installer/test/install/lifecycleScripts.ts:311 run prepare script for git-hosted dependencies

Fetcher/resolver/store tests:

• TypeScript repo: fetching/git-fetcher/test/index.ts:50 fetch — crates/git-fetcher/src/fetcher/tests.rs::fetcher_imports_package_into_cas.
• TypeScript repo: fetching/git-fetcher/test/index.ts:69 fetch a package from Git sub folder — fetcher_packs_subfolder_when_path_set.
• TypeScript repo: fetching/git-fetcher/test/index.ts:87 prevent directory traversal attack when using Git sub folder — prepare_package::tests::safe_join_path_rejects_escapes + cas_io::tests::materialize_into_rejects_traversal.
• TypeScript repo: fetching/git-fetcher/test/index.ts:108 prevent directory traversal attack when using Git sub folder #2 — same coverage as above (join_checked rejects every non-Normal component variant).
• TypeScript repo: fetching/git-fetcher/test/index.ts:129 fetch a package from Git that has a prepare script — fetcher::tests::fetcher_runs_prepare_script_when_allowed. The test calls node/npm directly; under-provisioned hosts fail loudly via the existing .unwrap() calls (see the "No 'tolerant' tests for missing tools" rule in pacquet/AGENTS.md).
• TypeScript repo: fetching/git-fetcher/test/index.ts:150 fetch a package without a package.json — fetcher_handles_repo_without_package_json.
• TypeScript repo: fetching/git-fetcher/test/index.ts:169 fetch a big repository — perf benchmark, not a correctness test; skip from the porting plan.
• TypeScript repo: fetching/git-fetcher/test/index.ts:183 still able to shallow fetch for allowed hosts — fetcher::tests::fetcher_uses_shallow_fetch_for_allowed_hosts (Unix only). A /bin/sh shim at <tempdir>/shim/git logs every invocation and fakes rev-parse HEAD; PATH is prepended for the test body via unsafe { std::env::set_var } (safe under cargo nextest's one-process-per-test isolation) and the log is parsed to assert the init / remote add origin <url> / fetch --depth 1 origin <commit> sequence. The mirror fetcher_clones_when_host_not_in_shallow_list pins the non-shallow branch so the gate's polarity can't drift.
• TypeScript repo: fetching/git-fetcher/test/index.ts:212 fail when preparing a git-hosted package — fetcher::tests::fetcher_surfaces_prepare_failure. node -e "process.exit(1)" as the prepare script; expects GitFetcherError::Prepare(PreparePackageError::LifecycleFailed) carrying ERR_PNPM_PREPARE_PACKAGE.
• TypeScript repo: fetching/git-fetcher/test/index.ts:230 fail when preparing a git-hosted package with a partial commit — Stage 2 (resolver concern).
• TypeScript repo: fetching/git-fetcher/test/index.ts:247 do not build the package when scripts are ignored — fetcher_skips_build_when_ignore_scripts.
• TypeScript repo: fetching/git-fetcher/test/index.ts:263 block git package with prepare script — fetcher_blocks_build_when_not_allowed.
• TypeScript repo: fetching/git-fetcher/test/index.ts:280 allow git package with prepare script — fetcher::tests::fetcher_runs_prepare_when_allow_build_returns_true. Mirror of the existing block-test (index.ts:263) with a per-(name, version) allow_build closure returning true; asserts the prepare script's marker file lands in cas_paths.
• TypeScript repo: fetching/git-fetcher/test/index.ts:304 fetch only the included files — tarball_fetcher::tests::filters_files_outside_files_field (same packlist code path).
• TypeScript repo: fetching/tarball-fetcher/test/fetch.ts:455 fetch a big repository — perf benchmark, not a correctness test; skip.
• TypeScript repo: fetching/tarball-fetcher/test/fetch.ts:472 fail when preparing a git-hosted package — needs a real failing prepare script. Deferred.
• TypeScript repo: fetching/tarball-fetcher/test/fetch.ts:490 take only the files included in the package, when fetching a git-hosted package — tarball_fetcher::tests::filters_files_outside_files_field.
• TypeScript repo: fetching/tarball-fetcher/test/fetch.ts:534 do not build the package when scripts are ignored — git-fetcher equivalent covered (fetcher_skips_build_when_ignore_scripts); a tarball-side mirror is straightforward but not yet written.
• TypeScript repo: fetching/tarball-fetcher/test/fetch.ts:580 use the subfolder when path is present — tarball_fetcher::tests::path_field_packs_only_subdirectory.
• TypeScript repo: fetching/tarball-fetcher/test/fetch.ts:610 prevent directory traversal attack when path is present — tarball_path_traversal_attack_is_rejected.
• TypeScript repo: fetching/tarball-fetcher/test/fetch.ts:637 fail when path is not exists — tarball_path_to_missing_subdir_is_rejected.
• TypeScript repo: resolving/git-resolver/test/index.ts:188 resolveFromGit() with sub folder
• TypeScript repo: resolving/git-resolver/test/index.ts:211 resolveFromGit() with both sub folder and branch
• TypeScript repo: resolving/git-resolver/test/index.ts:482 resolve a private repository using the HTTPS protocol without auth token
• TypeScript repo: resolving/git-resolver/test/index.ts:526 resolve a private repository using the HTTPS protocol and an auth token
• TypeScript repo: installing/package-requester/test/index.ts:884 fetch a git package without a package.json — covered alongside fetching/git-fetcher/test/index.ts:150 via fetcher_handles_repo_without_package_json.
• TypeScript repo: installing/deps-installer/test/install/peerDependencies.ts:30 don't fail when peer dependency is fetched from GitHub
• TypeScript repo: installing/deps-installer/test/lockfile.ts:600 updating package that has a github-hosted dependency
• TypeScript repo: store/pkg-finder/test/readPackageFileMap.test.ts:67 should resolve git-hosted tarball packages (no type, has tarball) — write side covered by tarball_fetcher::tests::writes_index_row_when_writer_provided; read side reuses the existing tarball-warm prefetch (no git-specific code path).
• TypeScript repo: store/pkg-finder/test/readPackageFileMap.test.ts:84 should resolve git dependencies with type "git" and return readable file paths — same coverage: the write side produces a gitHostedStoreIndexKey row at pkg_id\tbuilt (see create_virtual_store::tests::snapshot_cache_key_for_git_resolution_uses_git_hosted_key for the read-side key shape pin).

Skipped upstream tests to track:

• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:186 from a non-github git repo
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:232 from a github repo that needs to be built. isolated node linker is used
• TypeScript repo: installing/deps-installer/test/install/fromRepo.ts:252 from a github repo that needs to be built. hoisted node linker is used

Rust port notes:

• Frozen install should not resolve git specs, but it must materialize git-hosted package entries from the lockfile.
• Port store/fetcher handling before resolver tests if Stage 1 stays strictly lockfile-driven.

Lockfile Verification Gate (minimumReleaseAge, trustPolicy)

The gate ported in pacquet/#11722 re-applies the resolver's policy checks to every lockfile entry before resolution or fetch, so a lockfile resolved elsewhere can't reach the install path under a weaker policy. Spans three new crates (pacquet-resolving-resolver-base, pacquet-resolving-npm-resolver, pacquet-lockfile-verification) plus install-side wiring in pacquet-package-manager. Reference: upstream 2a9bd897bf.

Trust check (failIfTrustDowngraded)

• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:8 returns "trustedPublisher" when _npmUser.trustedPublisher exists — pacquet-resolving-npm-resolver: implicit in trust_checks::tests::trusted_publisher_to_provenance_downgrade_fails (covers the rank assignment).
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:28 returns "trustedPublisher" even when attestations.provenance exists — same coverage as above (the rank function prefers trustedPublisher).
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:53 returns true when provenance exists — trust_checks::tests::provenance_to_unsigned_downgrade_fails exercises the same rank path.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:70 returns undefined when provenance and attestations are undefined — covered by trust_checks::tests::first_version_passes_with_no_history.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:100 succeeds when no versions have attestation — trust_checks::tests::first_version_passes_with_no_history.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:132 succeeds for version published before first attested version — trust_checks::tests::later_publish_does_not_downgrade_earlier_version.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:169 throws an error when downgrading from provenance to none — trust_checks::tests::provenance_to_unsigned_downgrade_fails.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:215 does not throw an error when only prerelease versions had provenance — trust_checks::tests::stable_version_ignores_prerelease_history.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:261 throws an error when downgrading from trustedPublisher to provenance — trust_checks::tests::trusted_publisher_to_provenance_downgrade_fails.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:315 throws an error when downgrading from trustedPublisher to none — covered by the same trusted_publisher_to_provenance_downgrade_fails plus provenance_to_unsigned_downgrade_fails rank logic.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:364 succeeds when maintaining same trust level — trust_checks::tests::equal_rank_passes.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:421 throws an error when version time is missing — trust_checks::tests::missing_time_surfaces_trust_check_failed.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:459 allows downgrade when package@version is in exclude list — trust_checks::tests::exclude_exact_version_short_circuits_check.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:501 allows downgrade when package name is in exclude list (all versions) — trust_checks::tests::exclude_any_version_short_circuits_check.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:542 does not fail with ERR_PNPM_MISSING_TIME when package@version is excluded and time field is missing — exclude-then-missing-time interplay isn't pinned yet; an upstream-style test still needs to land in trust_checks::tests.
• TypeScript repo: resolving/npm-resolver/test/trustChecks.test.ts:564 does not fail with ERR_PNPM_MISSING_TIME when package name is excluded and time field is missing — same as above (name-pattern variant).

Attestation publish-time fetcher

• TypeScript repo: resolving/npm-resolver/test/fetchAttestationPublishedAt.test.ts:35 returns an ISO timestamp built from tlogEntries[].integratedTime — fetch_attestation_published_at::tests::finds_publish_time_from_single_bundle.
• TypeScript repo: resolving/npm-resolver/test/fetchAttestationPublishedAt.test.ts:75 returns undefined when the registry has no attestations for the package (404) — fetch_attestation_published_at::tests::returns_none_on_404.
• TypeScript repo: resolving/npm-resolver/test/fetchAttestationPublishedAt.test.ts:86 returns undefined on 5xx — caller falls back to full metadata — fetch_attestation_published_at::tests::returns_none_on_5xx.
• TypeScript repo: resolving/npm-resolver/test/fetchAttestationPublishedAt.test.ts:110 returns undefined when the body is malformed JSON — fetch_attestation_published_at::tests::returns_none_on_malformed_body.
• TypeScript repo: resolving/npm-resolver/test/fetchAttestationPublishedAt.test.ts:153 picks the earliest integratedTime across multiple attestations — fetch_attestation_published_at::tests::earliest_wins_across_multiple_bundles.
• TypeScript repo: resolving/npm-resolver/test/fetchAttestationPublishedAt.test.ts:169 accepts integratedTime as a number too (defensive against schema drift) — fetch_attestation_published_at::tests::accepts_integrated_time_as_number.
• TypeScript repo: resolving/npm-resolver/test/fetchAttestationPublishedAt.test.ts:198 strips a trailing slash on the registry URL — fetch_attestation_published_at::tests::trims_trailing_slash_from_registry_root.

createNpmResolutionVerifier

• TypeScript repo: resolving/npm-resolver/test/createNpmResolutionVerifier.test.ts:48 createNpmResolutionVerifier() returns undefined when no policy is active — create_npm_resolution_verifier::tests::returns_none_when_no_policy_active (plus the returns_none_when_min_age_is_zero / returns_none_when_trust_policy_off siblings that pin the off-by-one cases).
• TypeScript repo: resolving/npm-resolver/test/createNpmResolutionVerifier.test.ts:52 createNpmResolutionVerifier() flags a trustedPublisher → provenance downgrade — create_npm_resolution_verifier::tests::trust_downgrade_publisher_to_provenance_fails.
• TypeScript repo: resolving/npm-resolver/test/createNpmResolutionVerifier.test.ts:99 createNpmResolutionVerifier() passes a same-evidence-level version — create_npm_resolution_verifier::tests::trust_downgrade_pass_when_no_weaker_evidence.
• TypeScript repo: resolving/npm-resolver/test/createNpmResolutionVerifier.test.ts:141 abbreviated shortcut requires the pinned version to be in metadata — the abbreviated-modified shortcut is deferred (Phase 4 stubs that layer); rerun when Phase 5+ ports fetchAbbreviatedMetadataCached.
• TypeScript repo: resolving/npm-resolver/test/createNpmResolutionVerifier.test.ts:187 ignoreMissingTimeField passes the entry when no source surfaces a timestamp — create_npm_resolution_verifier::tests::min_age_missing_time_passes_when_ignored (plus the fail-closed sibling min_age_missing_time_fails_closed_by_default).
• TypeScript repo: resolving/npm-resolver/test/createNpmResolutionVerifier.test.ts:220 canTrustPastCheck rejects when the trust-exclude list shrinks — create_npm_resolution_verifier::tests::can_trust_past_check_rejects_changed_exclude_list (covers any shape change, not only shrinkage; matches the stricter upstream contract).

Cached full-metadata fetcher

• cold cache → 200 → mirror written — fetch_full_metadata_cached::tests::cold_cache_writes_mirror_on_200.
• warm cache → 304 → mirror used — fetch_full_metadata_cached::tests::warm_cache_serves_from_mirror_on_304.
• stale cache → 200 → mirror overwritten — fetch_full_metadata_cached::tests::stale_cache_refreshes_mirror_on_200.
• no cache directory → straight fetch — fetch_full_metadata_cached::tests::no_cache_dir_skips_mirror_io.
• read-only cache directory → call still succeeds — fetch_full_metadata_cached::tests::read_only_cache_dir_does_not_fail_the_call.

verifyLockfileResolutions runner

• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:35 no-op when the verifier list is empty — verify_lockfile_resolutions::tests::no_verifiers_is_a_noop.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:42 no-op when lockfile has no packages — verify_lockfile_resolutions::tests::no_packages_section_is_a_noop.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:47 passes when every entry is verified ok — verify_lockfile_resolutions::tests::all_ok_emits_started_then_done.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:55 throws with the verifier-supplied code and reason on a single failure — verify_lockfile_resolutions::tests::single_violation_picks_per_policy_variant.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:71 throws a generic code with per-entry codes in the breakdown when violations span policies — verify_lockfile_resolutions::tests::mixed_code_batch_escalates.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:94 lists violations in stable order across multiple failures — implicit in verify_lockfile_resolutions::tests::mixed_code_batch_escalates (asserts alphabetical name ordering in the breakdown).
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:109 caps printed violations at 20 with an "…and N more" summary — errors::tests::over_cap_adds_and_n_more_summary.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:127 dedupes peer/patch-suffix variants and invokes the verifier once per (name, version) — verify_lockfile_resolutions::tests::one_packages_entry_yields_one_verification.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:183 keeps the per-policy code when every violation in the batch shares it — verify_lockfile_resolutions::tests::single_violation_picks_per_policy_variant.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:202 runs every active verifier per entry and stops at the first failure — verify_lockfile_resolutions::tests::per_candidate_fan_out_stops_at_first_failure.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:232 skips the verifier when the cache holds an unchanged lockfile + matching policy — verify_lockfile_resolutions::tests::second_run_with_cache_skips_fan_out.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:143 does not collapse same (name, version) with different resolutions — pacquet's collector keys by (name, version, JSON(resolution)) (see collect_candidates in verify_lockfile_resolutions.rs), but a regression test pinning that contract is not yet written.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:166 the verifier sees the resolution shape verbatim — same gap (the protocol-pass-through is exercised today only via the npm-verifier's own tarball-vs-registry tests).
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutions.ts:264 does not write a cache record when verification rejects — currently relies on inspection of the cache file being absent; a dedicated test still needs to land in cache::tests.

Cache (tryLockfileVerificationCache, recordVerification)

• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:46 miss when the cache file does not exist — cache::tests::cold_cache_misses_with_populated_stat.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:69 stat-only hit when size, mtime, and inode all match — cache::tests::stat_shortcut_hits_same_path_same_stat.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:132 miss when a verifier rejects the cached policy — cache::tests::policy_invalidation_misses_even_when_stat_matches.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:205 hit at a new path when the content matches a cached hash (worktree case) — cache::tests::content_hash_lookup_finds_same_lockfile_at_different_path.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:256 malformed lines are ignored, not propagated — cache::tests::malformed_lines_are_tolerated_on_read.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:273 writes a JSONL record with a merged policy bag — cache::tests::record_verification_merges_policies.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:341 appends without rewriting previous lines — cache::tests::append_only_log_records_each_call.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:55 miss when the lockfile path is not in the cache — implicitly covered by cold_cache_misses_with_populated_stat, but an upstream-style explicit test is missing.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:80 stat shortcut bails on size mismatch and falls through to hash lookup — not yet ported.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:97 hash-fallback hit when size matches but mtime/inode were reset — not yet ported.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:116 miss when content changed even if size happens to match — not yet ported.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:144 hit when a verifier accepts the cached policy — implicit in the round-trip tests; explicit upstream-style test missing.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:176 hit when every verifier trusts its share of the merged cached policy — multi-verifier merge happy-path is not yet pinned.
• TypeScript repo: installing/deps-installer/test/install/verifyLockfileResolutionsCache.ts:193 miss when the lockfile no longer exists — missing-lockfile branch returns hit: false, not yet pinned.
• cache compaction past 1.5 MB — cache::tests::compaction_dedupes_by_path_and_hash.

recordLockfileVerified wrapper

• TypeScript repo: installing/deps-installer/test/install/recordLockfileVerified.ts:62 no-op when cacheDir is undefined — record_lockfile_verified short-circuits on cache_dir.is_none(); pinned indirectly via the runner's second_run_with_cache_skips_fan_out (which exercises the recorder when caching is on).
• TypeScript repo: installing/deps-installer/test/install/recordLockfileVerified.ts:72 no-op when resolutionVerifiers is empty — same shape as the cache-dir guard.
• TypeScript repo: installing/deps-installer/test/install/recordLockfileVerified.ts:103 records the load-equivalent hash — matches what the next install computes off-disk — would benefit from a dedicated round-trip test that loads a written lockfile and reads it back; pacquet's hash_lockfile::tests::key_order_in_yaml_does_not_affect_hash is close but not the same path.
• TypeScript repo: installing/deps-installer/test/install/recordLockfileVerified.ts:141 respects the caller-supplied lockfilePath — git-branch-suffixed lockfile case is not yet pinned.

minimumReleaseAge install-side behavior

• TypeScript repo: installing/deps-installer/test/install/minimumReleaseAge.ts:15 prevents installation of versions that do not meet the required publish date cutoff — covered end-to-end by pacquet-package-manager::install::tests::frozen_lockfile_gate_rejects_under_huge_minimum_release_age and the CLI integration test cli::lockfile_verification::install_fails_under_huge_minimum_release_age.
• TypeScript repo: installing/deps-installer/test/install/minimumReleaseAge.ts:23 ignored for packages in the minimumReleaseAgeExclude array — create_npm_resolution_verifier::tests::verify_skips_age_check_when_package_excluded.
• TypeScript repo: installing/deps-installer/test/install/minimumReleaseAge.ts:128 throws error when semver range is used in minimumReleaseAgeExclude — pacquet-package-manager::install::tests::install_rejects_invalid_minimum_release_age_exclude_pattern.
• TypeScript repo: installing/deps-installer/test/install/minimumReleaseAge.ts:32 ignored using a pattern — wildcard exclude (foo-*) isn't pinned in pacquet's tests today; the exclude policy supports it.
• TypeScript repo: installing/deps-installer/test/install/minimumReleaseAge.ts:41 ignored for specific exact versions in minimumReleaseAgeExclude — version-union excludes ([email protected] || 1.1.0) aren't pinned end-to-end yet.
• TypeScript repo: installing/deps-installer/test/install/minimumReleaseAge.ts:68 falls back to immature version when no mature version satisfies the range (non-strict mode) — the fall-back-on-non-strict path lives in the resolver, which pacquet doesn't have yet; out of scope until the resolver lands.
• TypeScript repo: installing/deps-installer/test/install/minimumReleaseAge.ts:86 strict minimumReleaseAge surfaces every immature pick via handleResolutionPolicyViolations, then aborts — same gating; resolver-dependent.
• TypeScript repo: installing/deps-installer/test/install/minimumReleaseAge.ts:140 enforced on an existing lockfile entry that does not meet the cutoff — partially covered by the existing e2e tests (the gate runs from a lockfile); a closer mirror of upstream's fixture-with-timestamps shape isn't ported yet.

Version-policy parser

• TypeScript repo: config/version-policy/test/index.ts:8 createPackageVersionPolicy() — pacquet-config::version_policy::tests exhaustive coverage of the parsing + matcher contract.
• TypeScript repo: config/version-policy/test/index.ts:57 createPackageVersionPolicyOrThrow() rewraps parser errors with INVALID_<KEY> — handled at the install boundary in pacquet-package-manager::build_resolution_verifiers (wraps VersionPolicyError → BuildVerifiersError::InvalidMinimumReleaseAgeExclude / InvalidTrustPolicyExclude).

Rust port notes:

• The abbreviated-modified shortcut and the on-disk local_meta layer are stubbed in Phase 4 / Phase 5 (no fetchAbbreviatedMetadataCached port yet). Upstream tests that depend on those layers stay unchecked until the abbreviated-cache fetcher lands.
• The cache cross-stack contract is content-divergent on hash format only — pacquet writes sha256-hex where pnpm writes sha256-base64 (object-hash's default). Each stack reads its own records out of the shared JSONL; cross-stack hits aren't expected and aren't tested.
• The end-to-end CLI test uses a 100-year minimumReleaseAge to sidestep the mocked registry's real-world time field. A finer-grained fixture with controlled time values lives in the unit tests (fetch_full_metadata_cached::tests, create_npm_resolution_verifier::tests).