From 3c5666845e3b573e11cf15a3602d860f363a96cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Ad=C3=A1mek?= <banan23@gmail.com>
Date: Mon, 11 May 2026 15:57:16 +0200
Subject: [PATCH] fix: drop only-allow preinstall, enforce pnpm via devEngines

The "preinstall": "npx only-allow pnpm" script ships in the published
npm tarball and fires when downstream consumers install this package
via npm/yarn. In the `npm install -g apify-cli` flow the npx bootstrap
of only-allow fails to put the binary on PATH in time, breaking the
global install (exit 127 on Linux, exit 1 on Windows).

Replaces with devEngines.packageManager (Node 22+/npm 10+) with
onFail:warn. This keeps the developer-visible signal that pnpm is
expected without breaking CI steps that indirectly invoke npm
(pnpm v10 shells to npm for `pnpm version`, `pnpm config`, etc.).

devEngines is only checked at the package's own repo root, never on
transitive installs, so downstream consumers stay unaffected.

Mirrors apify/apify-client-js#895 + #896.
---
 package.json | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/package.json b/package.json
index f58b284a70..5d1c4d7dfd 100644
--- a/package.json
+++ b/package.json
@@ -46,8 +46,7 @@
         "test:academy": "bats --print-output-on-failure -r .",
         "test:llms-size": "node ./scripts/checkLlmsSize.mjs",
         "postinstall": "patch-package",
-        "postbuild": "node ./scripts/joinLlmsFiles.mjs && node ./scripts/indentLlmsFile.mjs",
-        "preinstall": "npx only-allow pnpm"
+        "postbuild": "node ./scripts/joinLlmsFiles.mjs && node ./scripts/indentLlmsFile.mjs"
     },
     "devDependencies": {
         "@apify/oxlint-config": "^0.2.5",
@@ -110,5 +109,12 @@
     "engines": {
         "node": ">=18.0.0"
     },
-    "packageManager": "pnpm@10.24.0"
+    "packageManager": "pnpm@10.33.4",
+    "devEngines": {
+        "packageManager": {
+            "name": "pnpm",
+            "version": "10.33.4",
+            "onFail": "warn"
+        }
+    }
 }