Rules Hub
Coding Rules Library
← Back to all rules
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
backend ruleP0universalStack: node
secretsnpmsecurityconfiguration
Keep personal auth tokens in the user-level config, not project files
Place personal registry/auth tokens in your global ~/.npmrc (or shell env), never in the project-tracked .npmrc.
PR: hegnar-web · org-mining-hist-2026-06Created: Jun 19, 2026
Bad example
Old codeini
| 1 | # project .npmrc (committed) |
| 2 | //registry.example.com/:_authToken=ghp_myPersonalToken |
Explanation (EN)
Objašnjenje (HR)
Good example
New codeini
| 1 | # project .npmrc |
| 2 | //registry.example.com/:_authToken=${NPM_AUTH_TOKEN} |
| 3 | # token lives in ~/.npmrc or shell env |
Explanation (EN)
Objašnjenje (HR)