pnpm frozen-lockfile: Respecting the Flag During Config Dependency Migration

Problem

When pnpm install ran with --frozen-lockfile, it would still migrate config dependencies to the lockfile if they weren't present. This violated the user's expectation that --frozen-lockfile means zero modifications to the lockfile.

Solution

Moved the frozenLockfile check from migrateConfigDepsToLockfile() to normalizeForInstall(), minimizing the number of check points. Added unit tests for all frozenLockfile code paths:

• installConfigDeps: migration fails with frozenLockfile
• resolveAndInstallConfigDeps: old-format migration, new-format resolution, up-to-date success
• resolveConfigDeps: fails with frozenLockfile

Also consolidated duplicate frozenLockfile throw statements in resolveAndInstallConfigDeps.

Result

--frozen-lockfile now properly prevents any lockfile modification, including config dependency migration.

Commit: pnpm/pnpm@d8be970
PR: #11067