Skip to content

chore: 🤖 Add strict .npmrc file #2211

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 5, 2025
Merged

chore: 🤖 Add strict .npmrc file #2211

merged 1 commit into from
Oct 5, 2025
+8 −0

Conversation

mfranzke
Copy link
Collaborator

@mfranzke mfranzke commented Oct 5, 2025

Add .npmrc with sane defaults

I tested for any packages that still needed scripts with the command npm i && npx can-i-ignore-scripts before introducing this.

@mfranzke
chore: 🤖 Add strict .npmrc file
d71366c 
Add `.npmrc` with sane defaults

I tested for any packages that still needed scripts with the command `npm i && npx can-i-ignore-scripts` before introducing this.
@mfranzke mfranzke self-assigned this Oct 5, 2025
@mfranzke mfranzke requested a review from nmerget as a code owner October 5, 2025 08:32
@github-project-automation github-project-automation bot moved this to 🏗 In progress in UX Engineering Team Backlog Oct 5, 2025
@mfranzke mfranzke moved this from 🏗 In progress to 🎁 Ready for review in UX Engineering Team Backlog Oct 5, 2025
@mfranzke mfranzke enabled auto-merge October 5, 2025 08:32
@mfranzke mfranzke requested review from Copilot and removed request for nmerget October 5, 2025 08:32
Copilot
Copilot AI reviewed Oct 5, 2025
View reviewed changes
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a strict .npmrc configuration file to enforce secure and deterministic npm behavior. The configuration includes security measures like disabling package scripts and using exact version pinning.

  • Adds package lock file enforcement for reproducible builds
  • Enables script ignoring for enhanced security
  • Enforces exact version pinning and strict engine compatibility

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@mfranzke mfranzke merged commit ea6ce93 into main Oct 5, 2025
5 of 6 checks passed
@mfranzke mfranzke deleted the mfranzke-patch-1 branch October 5, 2025 08:32
@github-project-automation github-project-automation bot moved this from 🎁 Ready for review to ✅ Done in UX Engineering Team Backlog Oct 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@mfranzke mfranzke

Labels
improvement
Projects
UX Engineering Team Backlog
Status: ✅ Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mfranzke