@yarnpkg/lockfile
Advanced tools
Comparing version 1.0.0 to 1.0.1
{ | ||
"name": "@yarnpkg/lockfile", | ||
"version": "1.0.0", | ||
"version": "1.0.1", | ||
"description": "The parser/stringifier for Yarn lockfiles.", | ||
"main": "index.js", | ||
"repository": "https://github.com/yarnpkg/yarn/blob/master/packages/lockfile", | ||
"keywords": [ | ||
"yarn", | ||
"yarnpkg", | ||
"lockfile", | ||
"dependency", | ||
"npm" | ||
], | ||
"license": "BSD-2-Clause" | ||
} |
# yarn-lockfile | ||
parse and/or write `yarn.lock` files | ||
## Usage Example | ||
Parse and/or write `yarn.lock` files | ||
## Usage Examples | ||
```js | ||
const fs = require('fs'); | ||
const lockfile = require('@yarnpkg/lockfile'); | ||
// or (es6) | ||
import fs from 'fs'; | ||
import * as lockfile from '@yarnpkg/lockfile'; | ||
@@ -10,0 +14,0 @@ let file = fs.readFileSync('yarn.lock', 'utf8'); |
Sorry, the diff of this file is too big to display
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
262302
8144
23
54