diff --git a/renovate.json5 b/renovate.json5
index e0ed4c93e3..6a41a18661 100644
--- a/renovate.json5
+++ b/renovate.json5
@@ -9,20 +9,21 @@
   ],
   commitMessagePrefix: "deps:",
   commitMessageAction: "update",
+  prConcurrentLimit: 1,
   addLabels: [ "dependencies" ],
   postUpdateOptions: [
     "gomodTidy",
     "gomodUpdateImportPaths",
   ],
-  prConcurrentLimit: 1,
   nix: { enabled: true },
+  npm: { enabled: true },
   lockFileMaintenance: {
     enabled: true,
     schedule: [ "before 4am" ],
   },
   packageRules: [
     {
-      // Group lockfile maintenance updates by manager
+      // Group lockfile maintenance updates by manager.
       // https://github.com/renovatebot/renovate/discussions/28068
       matchUpdateTypes: [ "lockFileMaintenance" ],
       additionalBranchPrefix: "{{manager}}-",
@@ -30,18 +31,24 @@
       commitMessageExtra: "{{manager}} lock file",
     },
     {
+      // Enable update of indirect Go dependencies.
+      // This rule should not be confused with the grouping of
+      // indirect Go dependencies further down.
       matchManagers: [ "gomod" ],
       matchDepTypes: [ "indirect" ],
       enabled: true,
     },
     {
+      // Group update of indirect Go dependencies.
       groupName: "Go indirect dependencies",
       matchManagers: [ "gomod" ],
       matchDepTypes: [ "indirect" ],
       dependencyDashboardApproval: true,
+      // Lower priority due to higher risk of causing breakage.
       prPriority: -30,
     },
     {
+      // Group update of direct Go dependencies.
       groupName: "Go dependencies",
       matchManagers: [ "gomod" ],
       matchDepTypes: [ "require" ],
@@ -57,6 +64,7 @@
       ],
     },
     {
+      // Group update of GitHub actions dependencies.
       matchManagers: [ "github-actions" ],
       groupName: "GitHub action dependencies",
       matchUpdateTypes: [