From 75973f760b2605b3c32b45a240558e692e470b62 Mon Sep 17 00:00:00 2001
From: Tom King <mobilemind@users.noreply.github.com>
Date: Fri, 30 Jan 2026 22:08:47 -0800
Subject: [PATCH] chore(npmrc): harden even more

---
 .npmrc | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/.npmrc b/.npmrc
index 3112944..5af31d4 100644
--- a/.npmrc
+++ b/.npmrc
@@ -1,22 +1,31 @@
 # NPM Configuration for text2datauri
 
-# Enforce engine requirements
+# enforce engine compatibility - fail if Node.js/npm version doesn't match
 engine-strict=true
 
-# Always use https for registry
+# save exact versions (no ^ or ~ ranges) for better reproducibility
+save-exact=true
+
+# use public registry
 registry=https://registry.npmjs.org/
 
-# Configure audit checks during install
-audit-level=high
+# force SSL/TLS key validation
+strict-ssl=true
+
+# set audit to block on low+ vulnerabilities
+audit-level=low
 
 # security: block automatic lifecycle scripts (preinstall, postinstall, & prepare)
 ignore-scripts=true
 
-# Speed up CI by preferring cache
+# prefer offline - use cache when possible for faster installs
 prefer-offline=true
 
-# Reduce noise in CI logs
+# disable fund messages for cleaner CI logs
+fund=false
+
+# disable progress bar for cleaner CI logs
 progress=false
 
-# Timeout settings (1 min v 5 min)
-fetch-timeout=60000
+# timeout settings (40s v 1min)
+fetch-timeout=40000