package-lock-lint
| Crates.io | package-lock-lint |
| lib.rs | package-lock-lint |
| version | 0.2.5 |
| created_at | 2021-05-19 18:44:04.106269+00 |
| updated_at | 2024-05-21 05:18:48.16869+00 |
| description | linter for npm's package-lock.json |
| homepage | |
| repository | https://gitlab.com/legoktm/package-lock-lint |
| max_upload_size | |
| id | 399704 |
| size | 51,183 |
Kunal Mehta (legoktm)
documentation
README
package-lock-lint
A tool to lint npm's package-lock.json files at a basic level since they're impossible to review manually.
$ package-lock-lint /my/package-lock.json
Current checks:
- Matches overall schema
- Dependencies resolve to valid URLs (catches T278857)
- Dependencies are downloaded over secure channels (HTTPS or SSH)
- Package
-is not depended upon (typo)
See T242058: Add some form of static analysis for package-lock.json for discussion and inspiration that let to this tool.
(C) 2021 Kunal Mehta, under the GPL v3 or any later version.