From my experience you should have no problem storing sensitive information in .npmrc. As you have found out yourself, it is not copied when you remix the project, and there are no ways to access it on a public project.
Keep in mind, though, just because a file / directory is hidden in the editor does not mean that it will be excluded from remixes. This includes dot files / directories.
I have tried in the past, but sadly I have not been able to find a list of files / directories that are excluded from remixes, so you will have to manually check when needed. However, if you are interested, some of Glitch’s other block lists are available, via the editor, in the following files:
Hmmm we can test the hypothesis that they copy using git by adding files to their .gitignore unless their file copier also reads .gitignore. Maybe the entire project container is duplicated but that’s least likely since they would have to also write code to erase .data and scrub .env. The support team also tells people to remix their projects if one of them breaks iirc
Hi there, so I double-checked on this and yes we do prevent .npmrc from being included in the remix. I’ll make sure we get this in the Help Center soon, but the following directories/files are handled the same way and are not copied into remixes: