pnpm install fails in CI/downstream builds: [ERR_PNPM_IGNORED_BUILDS] for esbuild

[ismet]

Describe the bug

pnpm install exits non-zero from a fresh checkout or release tarball.
This breaks downstream packaging (AUR, Nix, Docker) and any CI using set -e.

[ERR_PNPM_IGNORED_BUILDS] Ignored build scripts: esbuild@0.25.8

Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts.

To reproduce

curl -sL https://github.com/Fission-AI/OpenSpec/archive/v1.4.1.tar.gz | tar xz
cd OpenSpec-1.4.1
pnpm install

Expected behavior

pnpm install exits 0.

Root cause

The repository has no pnpm-workspace.yaml. In pnpm 10+, build scripts for
all dependencies are blocked by default unless explicitly approved via
allowBuilds in the workspace config.

esbuild@0.25.8 (transitive dependency of vitest → vite) has a
postinstall script that downloads a platform-specific binary. Since no
config authorizes it, pnpm blocks it and exits with
ERR_PNPM_IGNORED_BUILDS. The TypeScript compilation itself does not need
esbuild, but pnpm treats the unapproved script as a fatal condition.

The file is not gitignored (.gitignore only ignores .pnpm-store/), so
it can be safely committed.

Suggested fix

Commit this pnpm-workspace.yaml to the repository root:

allowBuilds:
  esbuild: true

Environment

• pnpm: 11.5.2 (also 10.x)
• Node: >=20.19.0
• Package: OpenSpec v1.4.1

[ismet]

Linked downstream packaging issue: M0Rf30/PKGBUILD#446 / PR #447 — the AUR PKGBUILD currently needs a workaround for this. A fix here will unblock package maintainers.

[ismet]

PR submitted: #1196