26 lines
1.4 KiB
Text
26 lines
1.4 KiB
Text
|
# Copyright (c) 2016-present Sven Greb <development@svengreb.de>
|
||
|
|
# This source code is licensed under the MIT license found in the license file.
|
||
|
|
|
||
|
|
# Configurations for npm.
|
||
|
|
# See https://docs.npmjs.com/cli/v7/configuring-npm/npmrc for more details.
|
||
|
|
|
||
|
|
# Disable the vulnerability auditing and checks which includes often way too many false-positives, insignificant
|
||
|
|
# problems that are only for local development, and many other warnings that are overhelming.
|
||
|
|
# Use dedicated vulnerability tools instead to filter and identify issue that really impact the project.
|
||
|
|
# References:
|
||
|
|
# 1. https://docs.npmjs.com/cli/v9/commands/npm-audit
|
||
|
|
audit=false
|
||
|
|
|
||
|
|
# Only use a lockfile for single-consumer projects, like applications, but not for multi-consumer projects like
|
||
|
|
# libraries.
|
||
|
|
# It helps to pin dependency versions, improves the security through integrity checksums, prevents possible errors
|
||
|
|
# caused by updated transitive dependencies and allows to get deterministic build results, but it can hide problems in
|
||
|
|
# multi-consumer projects when any later versions of a used dependency, or its transitive dependencies, is not
|
||
|
|
# compatible with the own project anymore.
|
||
|
|
package-lock=true
|
||
|
|
|
||
|
|
# Do not resolve to the latest minor and patch updates.
|
||
|
|
# Automatically pin dependencies to exact versions instead of resolving to latest minor and patch updates.
|
||
|
|
# This prevents possible errors caused by updated transitive dependencies.
|
||
|
|
save-exact=true
|