@@ -219,6 +219,42 @@ run any pre- or post-scripts.
219219
220220
221221
222+ #### ` allow-directory `
223+
224+ * Default: "all"
225+ * Type: "all", "none", or "root"
226+
227+ Limits the ability for npm to install dependencies from directories. That
228+ is, dependencies that point to a directory instead of a version or semver
229+ range. Please note that this could leave your tree incomplete and some
230+ packages may not function as intended or designed. Changing this setting
231+ will not remove dependencies that are already installed.
232+
233+ ` all ` allows any directories to be installed. ` none ` prevents any
234+ directories from being installed. ` root ` only allows directories defined in
235+ your project's package.json to be installed. Also allows directory
236+ dependencies to be used for other commands like ` npm view `
237+
238+
239+
240+ #### ` allow-file `
241+
242+ * Default: "all"
243+ * Type: "all", "none", or "root"
244+
245+ Limits the ability for npm to install dependencies from tarball files. That
246+ is, dependencies that point to a local tarball file instead of a version or
247+ semver range. Please note that this could leave your tree incomplete and
248+ some packages may not function as intended or designed. Changing this
249+ setting will not remove dependencies that are already installed.
250+
251+ ` all ` allows any tarball file to be installed. ` none ` prevents any tarball
252+ file from being installed. ` root ` only allows tarball files defined in your
253+ project's package.json to be installed. Also allows tarball file
254+ dependencies to be used for other commands like ` npm view `
255+
256+
257+
222258#### ` allow-git `
223259
224260* Default: "all"
@@ -227,12 +263,31 @@ run any pre- or post-scripts.
227263Limits the ability for npm to fetch dependencies from git references. That
228264is, dependencies that point to a git repo instead of a version or semver
229265range. Please note that this could leave your tree incomplete and some
230- packages may not function as intended or designed.
266+ packages may not function as intended or designed. Changing this setting
267+ will not remove dependencies that are already installed.
231268
232269` all ` allows any git dependencies to be fetched and installed. ` none `
233270prevents any git dependencies from being fetched and installed. ` root ` only
234271allows git dependencies defined in your project's package.json to be fetched
235- installed. Also allows git dependencies to be fetched for other commands
272+ and installed. Also allows git dependencies to be fetched for other commands
273+ like ` npm view `
274+
275+
276+
277+ #### ` allow-remote `
278+
279+ * Default: "all"
280+ * Type: "all", "none", or "root"
281+
282+ Limits the ability for npm to fetch dependencies from urls. That is,
283+ dependencies that point to a tarball url instead of a version or semver
284+ range. Please note that this could leave your tree incomplete and some
285+ packages may not function as intended or designed. Changing this setting
286+ will not remove dependencies that are already installed.
287+
288+ ` all ` allows any url to be installed. ` none ` prevents any url from being
289+ installed. ` root ` only allows urls defined in your project's package.json to
290+ be installed. Also allows url dependencies to be used for other commands
236291like ` npm view `
237292
238293
@@ -264,7 +319,13 @@ If the requested version is a `dist-tag` and the given tag does not pass the
264319will be used. For example, ` foo@latest ` might install ` foo@1.2 ` even though
265320` latest ` is ` 2.0 ` .
266321
267- This config cannot be used with: ` min-release-age `
322+ If ` before ` and ` min-release-age ` are both set in the same source, ` before `
323+ wins (an explicit absolute date overrides a relative window). Across
324+ sources, the standard precedence applies (cli > env > project > user >
325+ global), so a higher-priority source can always relax or override a
326+ lower-priority one.
327+
328+
268329
269330#### ` min-release-age `
270331
@@ -277,9 +338,11 @@ are no versions available for the current set of dependencies, the command
277338will error.
278339
279340This flag is a complement to ` before ` , which accepts an exact date instead
280- of a relative number of days.
281-
282- This config cannot be used with: ` before `
341+ of a relative number of days. The two may coexist (e.g. ` min-release-age ` in
342+ your ` .npmrc ` is preserved when npm internally spawns a sub-process with
343+ ` --before ` while preparing a ` git: ` or ` github: ` dependency); when both
344+ apply, ` before ` wins within a single source and across sources the standard
345+ precedence rules apply.
283346
284347This value is not exported to the environment for child processes.
285348
0 commit comments