From 9c85bcb30dcd536e9fa208bd1ff89933db735da5 Mon Sep 17 00:00:00 2001
From: Yongmin Hong <revi@omglol.email>
Date: Fri, 21 Jun 2024 16:07:00 +0900
Subject: [PATCH] CI(NPM): .npmrc audit=false, fund=false

Summary:
Handled by dependabot.

Ref D375.

Signed-off-by: Yongmin Hong <revi@omglol.email>

Test Plan: land it, do npm ci or watch GitHub Actions log without audit/fund data.

Reviewers: O1 revi & automations, revi

Reviewed By: O1 revi & automations, revi

Differential Revision: https://issuetracker.revi.xyz/D384
---
 .github/workflows/npm-pub.yml | 2 +-
 .npmrc                        | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 .npmrc

diff --git a/.github/workflows/npm-pub.yml b/.github/workflows/npm-pub.yml
index 38c7b5e..e8f8661 100644
--- a/.github/workflows/npm-pub.yml
+++ b/.github/workflows/npm-pub.yml
@@ -25,7 +25,7 @@ jobs:
           node-version: '20.x'
           registry-url: 'https://registry.npmjs.org'
       - name: 'Install dependencies'
-        run: npm ci --fund=false
+        run: npm ci
       - name: 'Publish to npm'
         run: npm publish --provenance --access public
         working-directory: './npm/eslint-config'
diff --git a/.npmrc b/.npmrc
new file mode 100644
index 0000000..601c99b
--- /dev/null
+++ b/.npmrc
@@ -0,0 +1,8 @@
+# For 15-25% faster npm install
+# https://www.peterbe.com/plog/benchmarking-npm-install-with-or-without-audit
+# Also we have Dependabot alerts configured in the GitHub repo.
+# Moral attribution: Copyright 2024 GitHub
+# SPDX-License-Identifier: MIT
+# See also D375
+audit=false
+fund=false