Commits on Sep 4, 2024

1. Silence audit and funding messages from npm …

   While reviewing some logs, I noticed the following:
   ```shell
   added 1 package, changed 30 packages, and audited 382 packages in 6s
   
   58 packages are looking for funding
     run `npm fund` for details
   
   found 0 vulnerabilities
   ```
   
   While I'm not against security, nor supporting OSS maintainers (I
   co-maintain 10+ projects myself!), I am against noisy logs that add no
   value.
   
   So let's silence these:
   
   1. When they appear in CI, they add no value.
   1. We've got our own security tools for vulnerable deps, which we rely
      on instead of `npm audit` results.
   1. When I'm skimming logs looking for debug information, these just get
      in my way.
   1. There may be a speed boost if the audit/fix metadata requires an additional API call, 
      and silencing actually skips that rather than merely silencing it.
   
   There's multiple ways to silence these: https://benjamincrozat.com/disable-packages-are-looking-for-funding
   
   Originally I tackled this by adding `--no-audit --no-fund` flags, but
   there's a lot of different entrypoints and workflows that call `npm ci`
   or `npm install`. Even if I do manage to get them all, there's always a
   risk someone will come along later and add another entrypoint. So that's
   why I went the `.npmrc` route.
   
   After this change, the logs are much better:
   ```shell
   added 1 package, changed 30 packages, and audited 382 packages in 6s
   ```

   

   jeffwidman authored Sep 4, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for b26880a
   • Browse repository at this point

   Copy the full SHA

   b26880a View commit details

   Browse the repository at this point in the history