Read npm configuration from .npmrc files.
Checks for .npmrc in the project directory and home directory.
Environment variables take precedence over file configuration.
Summary
Functions
Whether HTTP redirects to different registry origins are allowed.
Registry origins allowed for packuments and tarballs.
Read the auth token.
Whether transitive git, file, and URL dependencies are blocked.
Path to the bundled seed database of known malicious package reports.
Read the global package cache directory.
Path to an OSV-format database of known malicious package reports.
Policy for compromised-package findings in security tasks.
Known-compromised package intelligence sources to use.
Allowed direct exotic dependency specs.
Gets a config value with fallback to defaults.
Read the runtime install directory for NPM.install/2.
Loads config from all levels: project .npmrc then user .npmrc. Project values override user values.
Merges multiple config maps (later overrides earlier).
Read the configured registry mirror URL.
Warn when a package was created fewer than this many days ago.
Parse an .npmrc file into a map of key-value pairs.
Read a value from .npmrc files.
Read the effective registry URL.
Returns the registry URL for a given scope, or the default.
Warn when a package version was published fewer than this many days ago.
Functions
@spec allow_registry_redirects?() :: boolean()
Whether HTTP redirects to different registry origins are allowed.
@spec allowed_registries() :: [String.t()]
Registry origins allowed for packuments and tarballs.
@spec auth_token() :: String.t() | nil
Read the auth token.
Priority: NPM_TOKEN env var > config :npm, :token > project .npmrc > home .npmrc.
@spec block_exotic_subdeps?() :: boolean()
Whether transitive git, file, and URL dependencies are blocked.
@spec bundled_compromised_db_path() :: String.t()
Path to the bundled seed database of known malicious package reports.
@spec cache_dir() :: String.t()
Read the global package cache directory.
@spec compromised_db_path() :: String.t()
Path to an OSV-format database of known malicious package reports.
@spec compromised_policy() :: :error | :warn | :off
Policy for compromised-package findings in security tasks.
@spec compromised_sources() :: [atom()]
Known-compromised package intelligence sources to use.
@spec exotic_deps() :: [String.t()]
Allowed direct exotic dependency specs.
Gets a config value with fallback to defaults.
Read the runtime install directory for NPM.install/2.
Loads config from all levels: project .npmrc then user .npmrc. Project values override user values.
Merges multiple config maps (later overrides earlier).
@spec mirror_url() :: String.t()
Read the configured registry mirror URL.
@spec package_age_warning_days() :: non_neg_integer()
Warn when a package was created fewer than this many days ago.
Parse an .npmrc file into a map of key-value pairs.
Read a value from .npmrc files.
Checks project-level first, then home-level.
@spec registry() :: String.t()
Read the effective registry URL.
Priority: NPM_REGISTRY env var > config :npm, :registry > project .npmrc > home .npmrc > default.
Returns the registry URL for a given scope, or the default.
@spec version_age_warning_days() :: non_neg_integer()
Warn when a package version was published fewer than this many days ago.