-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.npmrc
26 lines (22 loc) · 1.51 KB
/
.npmrc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# Copyright (c) 2016-present Sven Greb <[email protected]>
# This source code is licensed under the Creative Commons Attribution-ShareAlike 4.0 International license found in the license file.
# Configurations for npm.
# See https://docs.npmjs.com/cli/v7/configuring-npm/npmrc for more details.
# Disable the vulnerability auditing and checks which includes often way too many false-positives, insignificant
# problems that are only for local development, and many other warnings that are overhelming.
# Use dedicated vulnerability tools instead to filter and identify issue that really impact the project.
# References:
# 1. https://docs.npmjs.com/cli/v9/commands/npm-audit
audit=false
# Only use a lockfile for single-consumer projects, like applications, but not for multi-consumer projects like
# libraries.
# It helps to pin dependency versions, improves the security through integrity checksums, prevents possible errors
# caused by updated transitive dependencies and allows to get deterministic build results, but it can hide problems in
# multi-consumer projects when any later versions of a used dependency, or its transitive dependencies, is not
# compatible with the own project anymore.
# See https://github.com/svengreb/tmpl/issues/70 for more details.
package-lock=true
# Do not resolve to the latest minor and patch updates.
# Automatically pin dependencies to exact versions instead of resolving to latest minor and patch updates.
# This prevents possible errors caused by updated transitive dependencies.
save-exact=true