- Dependabot stops automatically generating .npmrc settings for private npm registries.
- The previous inference from lockfile URLs is removed due to reliability issues with lockfile formats.
- Users must now provide explicit .npmrc configuration for private package access.
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.