Verify latest release

• I verified that the issue exists in the latest pnpm release

pnpm version

9.12.3

Which area(s) of pnpm are affected? (leave empty if unsure)

Dependencies resolver

Link to the code that reproduces this issue or a replay of the bug

No response

Reproduction steps

1. Have a workspaces monorepo.
2. Have a package that uses catalog: in its dependencies (Let's name it @acme/auth).
3. Have another app/package that uses @acme/auth with @acme/auth being injected.
4. Run pnpm i.

Example:

// apps/my-app/package.json
"dependencies": {
  "@acme/auth": "workspace:*",
},
"dependenciesMeta": {
  "@acme/auth": {
    "injected": true
  },
}

// packages/auth/package.json
"dependencies": {
  "react": "catalog:",
}

Describe the Bug

Here @acme/auth is injected in the app and uses catalogs in its dependencies. Replacing all catalog instances with an actual version fixes the issue. It only happens when @acme/auth uses catalogs directly. There is no problem for its dependencies using catalogs.

Expected Behavior

Resolve this correctly.

Which Node.js version are you using?

22.11.0

Which operating systems have you used?

• macOS
• Windows
• Linux

If your OS is a Linux based, which one it is? (Include the version if relevant)

No response