0x80 · 0x80 · Nov 27, 2025 · Nov 27, 2025 · Nov 27, 2025 · Nov 27, 2025
diff --git a/src/isolate.ts b/src/isolate.ts
@@ -22,6 +22,7 @@ import {
 } from "./lib/output";
 import { detectPackageManager, shouldUsePnpmPack } from "./lib/package-manager";
 import { getVersion } from "./lib/package-manager/helpers/infer-from-files";
+import { copyPatches } from "./lib/patches/copy-patches";
 import { createPackagesRegistry, listInternalPackages } from "./lib/registry";
 import type { PackageManifest } from "./lib/types";
 import {
@@ -211,6 +212,28 @@ export function createIsolator(config?: IsolateConfig) {
       config,
     });
 
+    /** Copy patch files if includePatchedDependencies is enabled */
+    const copiedPatches = await copyPatches({
+      workspaceRootDir,
+      targetPackageManifest,
+      isolateDir,
+      includePatchedDependencies: config.includePatchedDependencies,
+      includeDevDependencies: config.includeDevDependencies,
+    });
+
+    /** Add copied patches to the isolated package.json */
+    if (Object.keys(copiedPatches).length > 0) {
+      const manifest = await readManifest(isolateDir);
+      if (!manifest.pnpm) {
+        manifest.pnpm = {};
+      }
+      manifest.pnpm.patchedDependencies = copiedPatches;
+      await writeManifest(isolateDir, manifest);
+      log.debug(
+        `Added ${Object.keys(copiedPatches).length} patches to isolated package.json`
+      );
+    }
+
     if (usedFallbackToNpm) {
       /**
        * When we fall back to NPM, we set the manifest package manager to the

diff --git a/src/lib/lockfile/helpers/generate-pnpm-lockfile.ts b/src/lib/lockfile/helpers/generate-pnpm-lockfile.ts
@@ -13,11 +13,86 @@ import {
 import { pruneLockfile as pruneLockfile_v8 } from "pnpm_prune_lockfile_v8";
 import { pruneLockfile as pruneLockfile_v9 } from "pnpm_prune_lockfile_v9";
 import { pick } from "remeda";
+import type { Logger } from "~/lib/logger";
 import { useLogger } from "~/lib/logger";
 import type { PackageManifest, PackagesRegistry } from "~/lib/types";
 import { getErrorMessage, isRushWorkspace } from "~/lib/utils";
 import { pnpmMapImporter } from "./pnpm-map-importer";
 
+/**
+ * Extracts the package name from a package spec like "[email protected]" or
+ * "@firebase/[email protected]"
+ */
+function getPackageName(packageSpec: string): string {
+  if (packageSpec.startsWith("@")) {
+    // Scoped packages: @scope/package@version -> @scope/package
+    const parts = packageSpec.split("@");
+    return `@${parts[1] ?? ""}`;
+  }
+  // Regular packages: package@version -> package
+  return packageSpec.split("@")[0] ?? "";
+}
+
+/**
+ * Filters patched dependencies to only include patches for packages that will
+ * actually be present in the isolated lockfile based on dependency type.
+ */
+function filterPatchedDependencies<T>(
+  patchedDependencies: Record<string, T> | undefined,
+  targetPackageManifest: PackageManifest,
+  includeDevDependencies: boolean,
+  log: Logger
+): Record<string, T> | undefined {
+  if (!patchedDependencies || typeof patchedDependencies !== "object") {
+    return undefined;
+  }
+
+  const filteredPatches: Record<string, T> = {};
+  let includedCount = 0;
+  let excludedCount = 0;
+
+  for (const [packageSpec, patchInfo] of Object.entries(patchedDependencies)) {
+    const packageName = getPackageName(packageSpec);
+
+    // Check if it's a production dependency
+    if (targetPackageManifest.dependencies?.[packageName]) {
+      filteredPatches[packageSpec] = patchInfo;
+      includedCount++;
+      log.debug(
+        `Including production dependency patch in lockfile: ${packageSpec}`
+      );
+      continue;
+    }
+
+    // Check if it's a dev dependency and we should include dev dependencies
+    if (targetPackageManifest.devDependencies?.[packageName]) {
+      if (includeDevDependencies) {
+        filteredPatches[packageSpec] = patchInfo;
+        includedCount++;
+        log.debug(`Including dev dependency patch in lockfile: ${packageSpec}`);
+      } else {
+        excludedCount++;
+        log.debug(
+          `Excluding dev dependency patch from lockfile: ${packageSpec}`
+        );
+      }
+      continue;
+    }
+
+    // Package not found in dependencies or devDependencies
+    log.debug(
+      `Excluding patch from lockfile: ${packageSpec} (package "${packageName}" not found in target dependencies)`
+    );
+    excludedCount++;
+  }
+
+  log.debug(
+    `Filtered patched dependencies: ${includedCount} included, ${excludedCount} excluded`
+  );
+
+  return Object.keys(filteredPatches).length > 0 ? filteredPatches : undefined;
+}
+
 export async function generatePnpmLockfile({
   workspaceRootDir,
   targetPackageDir,
@@ -163,13 +238,18 @@ export async function generatePnpmLockfile({
     }
 
     /**
-     * Don't know how to map the patched dependencies yet, so we just include
-     * them but I don't think it would work like this. The important thing for
-     * now is that they are omitted by default, because that is the most common
-     * use case.
+     * Filter patched dependencies to only include patches for packages that
+     * will actually be present in the isolated lockfile based on dependency
+     * type. We read patchedDependencies from workspace root lockfile, but
+     * filter based on target package dependencies.
      */
     const patchedDependencies = includePatchedDependencies
-      ? lockfile.patchedDependencies
+      ? filterPatchedDependencies(
+          lockfile.patchedDependencies,
+          targetPackageManifest,
+          includeDevDependencies,
+          log
+        )
       : undefined;
 
     if (useVersion9) {

diff --git a/src/lib/patches/copy-patches.ts b/src/lib/patches/copy-patches.ts
@@ -0,0 +1,126 @@
+import fs from "fs-extra";
+import path from "node:path";
+import { useLogger } from "~/lib/logger";
+import type { PackageManifest } from "~/lib/types";
+import { getRootRelativeLogPath, readTypedJson } from "~/lib/utils";
+
+/**
+ * Extracts the package name from a package spec like "[email protected]" or
+ * "@firebase/[email protected]"
+ */
+function getPackageName(packageSpec: string): string {
+  if (packageSpec.startsWith("@")) {
+    // Scoped packages: @scope/package@version -> @scope/package
+    const parts = packageSpec.split("@");
+    return `@${parts[1] ?? ""}`;
+  }
+  // Regular packages: package@version -> package
+  return packageSpec.split("@")[0] ?? "";
+}
+
+export async function copyPatches({
+  workspaceRootDir,
+  targetPackageManifest,
+  isolateDir,
+  includePatchedDependencies,
+  includeDevDependencies,
+}: {
+  workspaceRootDir: string;
+  targetPackageManifest: PackageManifest;
+  isolateDir: string;
+  includePatchedDependencies: boolean;
+  includeDevDependencies: boolean;
+}): Promise<Record<string, string>> {
+  const log = useLogger();
+
+  if (!includePatchedDependencies) {
+    log.debug("Skipping patch copying (includePatchedDependencies is false)");
+    return {};
+  }
+
+  let workspaceRootManifest: PackageManifest;
+  try {
+    workspaceRootManifest = await readTypedJson<PackageManifest>(
+      path.join(workspaceRootDir, "package.json")
+    );
+  } catch (error) {
+    log.warn(
+      `Could not read workspace root package.json: ${error instanceof Error ? error.message : String(error)}`
+    );
+    return {};
+  }
+
+  const patchedDependencies = workspaceRootManifest.pnpm?.patchedDependencies;
+
+  if (!patchedDependencies || Object.keys(patchedDependencies).length === 0) {
+    log.debug("No patched dependencies found in workspace root package.json");
+    return {};
+  }
+
+  const patchesDir = path.join(isolateDir, "patches");
+  await fs.ensureDir(patchesDir);
+
+  log.debug(
+    `Found ${Object.keys(patchedDependencies).length} patched dependencies in workspace`
+  );
+
+  const filteredPatches = Object.entries(patchedDependencies).filter(
+    ([packageSpec]) => {
+      const packageName = getPackageName(packageSpec);
+
+      // Check if it's a production dependency
+      if (targetPackageManifest.dependencies?.[packageName]) {
+        log.debug(`Including production dependency patch: ${packageSpec}`);
+        return true;
+      }
+
+      // Check if it's a dev dependency and we should include dev dependencies
+      if (targetPackageManifest.devDependencies?.[packageName]) {
+        if (includeDevDependencies) {
+          log.debug(`Including dev dependency patch: ${packageSpec}`);
+          return true;
+        }
+        log.debug(
+          `Excluding dev dependency patch: ${packageSpec} (includeDevDependencies=false)`
+        );
+        return false;
+      }
+
+      log.debug(
+        `Excluding patch ${packageSpec}: package "${packageName}" not found in target dependencies`
+      );
+      return false;
+    }
+  );
+
+  log.debug(
+    `Copying ${filteredPatches.length} patches (filtered from ${Object.keys(patchedDependencies).length})`
+  );
+
+  const copiedPatches: Record<string, string> = {};
+
+  for (const [packageSpec, patchPath] of filteredPatches) {
+    const sourcePatchPath = path.resolve(workspaceRootDir, patchPath);
+    const targetPatchPath = path.join(patchesDir, path.basename(patchPath));
+
+    if (!fs.existsSync(sourcePatchPath)) {
+      log.warn(
+        `Patch file not found: ${getRootRelativeLogPath(sourcePatchPath, workspaceRootDir)}`
+      );
+      continue;
+    }
+
+    await fs.copy(sourcePatchPath, targetPatchPath);
+    log.debug(`Copied patch for ${packageSpec}: ${path.basename(patchPath)}`);
+
+    copiedPatches[packageSpec] = `patches/${path.basename(patchPath)}`;
+  }
+
+  if (Object.keys(copiedPatches).length > 0) {
+    log.debug(
+      `Patches copied to ${getRootRelativeLogPath(patchesDir, isolateDir)}`
+    );
+  }
+
+  return copiedPatches;
+}
diff --git a/src/lib/types.ts b/src/lib/types.ts
@@ -2,6 +2,10 @@ import type { PackageManifest as PnpmPackageManifest } from "@pnpm/types";
 
 export type PackageManifest = PnpmPackageManifest & {
   packageManager?: string;
+  pnpm?: {
+    patchedDependencies?: Record<string, string>;
+    [key: string]: unknown;
+  };
 };
 
 export type WorkspacePackageInfo = {