# Copyright (c) 2016-present Sven Greb <development@svengreb.de>
# This source code is licensed under the MIT license found in the license file.

# Configurations for npm.
# See https://docs.npmjs.com/cli/v7/configuring-npm/npmrc for more details.

# Disable the vulnerability auditing and checks which includes often way too many false-positives, insignificant
# problems that are only for local development, and many other warnings that are overhelming.
# Use dedicated vulnerability tools instead to filter and identify issue that really impact the project.
# References:
#   1. https://docs.npmjs.com/cli/v9/commands/npm-audit
audit=false

# Only use a lockfile for single-consumer projects, like applications, but not for multi-consumer projects like
# libraries.
# It helps to pin dependency versions, improves the security through integrity checksums, prevents possible errors
# caused by updated transitive dependencies and allows to get deterministic build results, but it can hide problems in
# multi-consumer projects when any later versions of a used dependency, or its transitive dependencies, is not
# compatible with the own project anymore.
package-lock=true

# Do not resolve to the latest minor and patch updates.
# Automatically pin dependencies to exact versions instead of resolving to latest minor and patch updates.
# This prevents possible errors caused by updated transitive dependencies.
save-exact=true