lockfile-lint-api
Lint an npm or yarn lockfile to analyze and detect issues
About
Lints an npm or yarn lockfile to analyze and detect issues
NOTE: currently only yarn's yarn.lock
is supported. PRs to support npm's package-lock.json
are welcome 🤗
Install
npm install --save lockfile-lint-api
Usage
lockfile-lint-api
exposes a set of validator APIs that can be used for programmatic use-cases, such as being employed by other tools and programs if needed.
Validators
The following lockfile validators are supported
Validator API | description | implemented |
---|
ValidateHttps | validates the use of HTTPS as protocol schema for all resources | ✅ |
ValidateHost | validates a whitelist of allowed hosts to be used for resources in the lockfile | ✅ |
Example
const {ValidateHost, ParseLockFile} = require('lockfile-lint-api')
const yarnLockFilePath = '/path/to/my/yarn.lock'
const options = {
lockFilePath: yarnLockFilePath
}
const parser = new ParseLockFile(options)
const lockfile = parser.parseSync()
const validator = new ValidateHost({packages: lockfile.object})
try {
validator.validate(['npm'])
} catch (error) {
}
Contributing
Please consult CONTIRBUTING for guidelines on contributing to this project.
Author
lockfile-lint-api © Liran Tal, Released under the Apache-2.0 License.