By default, Renovate will only pass a limited set of environment variables to package managers.
By default, Renovate only passes a limited set of environment variables to package managers.
Potentially, there could be leaks of confidential data if a script you don't trust enumerates all values in env, so set this to true only if you trust the repositories which the bot runs against.
Confidential data can be leaked if a malicious script enumerates all environment variables.
Set `exposeAllEnv` to `true` only if you have reviewed (and trust) the repositories which Renovate bot runs against.
Setting this to true will also allow for variable substitution in `.npmrc` files.
Setting this to `true` will also allow for variable substitution in `.npmrc` files.
