# npm Configuration Template
# Place at project root: .npmrc

# ===========================================
# Registry Settings
# ===========================================

# Default registry (npm)
registry=https://registry.npmjs.org/

# Scoped packages (GitHub Packages example)
@mycompany:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=${NPM_TOKEN}

# Alternative: Artifactory/Nexus
# @mycompany:registry=https://artifactory.example.com/artifactory/api/npm/npm-local/
# //artifactory.example.com/artifactory/api/npm/npm-local/:_authToken=${ARTIFACTORY_TOKEN}

# ===========================================
# Version Management
# ===========================================

# Save exact versions (recommended for production)
save-exact=true

# Don't add ^ or ~ prefix
save-prefix=""

# Alternative: Allow patch updates
# save-exact=false
# save-prefix="~"

# ===========================================
# Installation Behavior
# ===========================================

# Generate package-lock.json
package-lock=true

# Use package-lock.json strictly in CI
# (Use 'npm ci' command instead of 'npm install')

# Enforce Node.js version from package.json
engine-strict=true

# Prefer offline mode (use cache)
prefer-offline=true

# Prefer online (always fetch fresh)
# prefer-online=true

# ===========================================
# Security
# ===========================================

# Audit level (fail on moderate or higher)
audit-level=moderate

# Options: info, low, moderate, high, critical, none

# Ignore specific audit issues
# audit-ignore=GHSA-xxxx-xxxx-xxxx,GHSA-yyyy-yyyy-yyyy

# ===========================================
# Performance
# ===========================================

# Cache directory (default: ~/.npm)
# cache=${HOME}/.npm

# Cache minimum time (in seconds)
cache-min=86400

# Fetch retries
fetch-retries=5

# Retry timeout (in milliseconds)
fetch-retry-mintimeout=10000
fetch-retry-maxtimeout=60000

# Concurrent connections
maxsockets=20

# ===========================================
# Workspace Settings (Monorepo)
# ===========================================

# Link workspace packages
# link-workspace-packages=true

# Hoist dependencies
# hoist=true

# ===========================================
# Output & Logging
# ===========================================

# Log level: silent, error, warn, notice, http, timing, info, verbose, silly
loglevel=warn

# Disable progress bar
progress=false

# Disable funding messages
fund=false

# Disable update notifications
update-notifier=false

# ===========================================
# Miscellaneous
# ===========================================

# Ignore scripts (for security)
# ignore-scripts=true

# Save as devDependency by default
# save-dev=false

# Save as optionalDependency
# save-optional=false

# Allow installation of packages with engines mismatch
# force=false

# Strict SSL
# strict-ssl=true

# User agent
# user-agent="npm/{npm-version} node/{node-version} {platform} {arch}"

# ===========================================
# Private Package Scope (Example)
# ===========================================

# For GitHub Packages
# @mycompany:registry=https://npm.pkg.github.com/
# //npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}

# For Azure Artifacts
# @mycompany:registry=https://pkgs.dev.azure.com/myorg/_packaging/myfeed/npm/registry/
# //pkgs.dev.azure.com/myorg/_packaging/myfeed/npm/registry/:_authToken=${AZURE_TOKEN}

# For AWS CodeArtifact (use 'aws codeartifact login')
# @mycompany:registry=https://my-domain-123456789012.d.codeartifact.us-east-1.amazonaws.com/npm/my-repo/

# ===========================================
# CI/CD Specific Settings
# ===========================================

# In CI: use 'npm ci' instead of 'npm install'
# npm ci uses package-lock.json exactly
# Faster and more reliable in CI

# Example GitHub Actions:
# - run: npm ci
#   env:
#     NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
