Currently we block all access ~/.npmrc for security reasons (explained in the main readme).
It could be convenient to automatically allow access to that file when publishing related package manager commands are invoked.
To make that as secure as possible we could parse the package.json and make sure there's no lifecycle events present (prepublish, etc) that could run scripts that might steal the npm credentials.
Currently we block all access
~/.npmrcfor security reasons (explained in the main readme).It could be convenient to automatically allow access to that file when publishing related package manager commands are invoked.
To make that as secure as possible we could parse the
package.jsonand make sure there's no lifecycle events present (prepublish, etc) that could run scripts that might steal the npm credentials.