Should .npmrc be ignored?

7.8k Views Asked by orome At 12 April 2025 at 21:03

The Fontawesome Pro instructions describe placing a secret key in a .npmrc file but it is unclear how this file should be managed. Specifically, should this file be ignored by Git?

Original Q&A

There are 2 best solutions below

orome On 25 May 2022 at 14:52 BEST ANSWER

The Fontawesome Pro instructions are correct as an example of the general approach to managing sensitive information in a .nmprc file :

all sensitive values there should be replaced by environment variables, and
those variables should then be defined as managed secrets in whatever environment the repo will be pushed to.

David Saintloth On 25 May 2022 at 14:39

My answer would say it's best to ignore it and not push to repo. as if you have multiple Engineers contributing changes to a generated package for push to the registry each developer will have to have their own .npmrc file and it' unlikely that you'd ever want that pushed to the repo as each attempt would overwrite/conflict.

I could imagine a scenario where you'd like to automate by using a single credential for all devs and thus one global .npmrc file but that is an obvious security faux pas in my view.

Should .npmrc be ignored?

There are 2 best solutions below

Related Questions in REACT-NATIVE

Related Questions in FONT-AWESOME

Related Questions in .NPMRC

Trending Questions

Popular # Hahtags

Popular Questions