|0.2.0||Sep 5, 2021|
|0.1.1||May 21, 2021|
|0.1.0||May 19, 2021|
#638 in Command line utilities
A tool to lint npm's package-lock.json files at a basic level since they're impossible to review manually.
$ package-lock-lint /my/package-lock.json
- Matches overall schema
- Dependencies resolve to valid URLs (catches T278857)
- Dependencies are downloaded over secure channels (HTTPS or SSH)
-is not depended upon (typo)
See T242058: Add some form of static analysis for package-lock.json for discussion and inspiration that let to this tool.
(C) 2021 Kunal Mehta, under the GPL v3 or any later version.