Practise vocabulary for .npmrc, pyproject.toml, Cargo.toml, private registries, and package manager configuration.
0 / 5 completed
1 / 5
In an .npmrc file, the 'registry' field controls:
.npmrc registry configuration: registry=https://artifactory.company.com/npm/ redirects all npm installs to the internal registry. Scope-specific overrides: @company:registry=... applies only to @company/* packages, allowing mixed public/private package resolution.
2 / 5
The phrase 'we mirror public npm packages to our internal Artifactory registry to ensure build reproducibility' means:
The 2016 left-pad incident (package unpublished from npm, breaking thousands of builds worldwide) highlighted the risk of direct dependency on public registries. Internal mirrors/caches provide availability guarantees and security scanning before packages reach developers.
3 / 5
In pyproject.toml, the difference between [project.dependencies] and [project.optional-dependencies] is:
Optional dependency groups (extras) allow: pip install mypackage installs only core deps; pip install mypackage[dev] also installs testing/linting tools; pip install mypackage[docs] installs documentation tools. Users only install what they need.
4 / 5
In Cargo.toml, the [features] section is used to:
Cargo features are compile-time conditional compilation. Example: serde feature = include serde serialisation support. cargo build --features serde enables it; without the flag, that code path is excluded. This reduces binary size and compile time for consumers who don't need every feature.
5 / 5
A private package registry vocabulary exercise: 'scoped packages in GitHub Packages require authentication'. This means:
GitHub Packages (unlike public npm) requires a Personal Access Token (PAT) with read:packages scope for downloading. Configuration: //npm.pkg.github.com/:_authToken=${GITHUB_TOKEN} in .npmrc. CI pipelines pass GITHUB_TOKEN as a secret.