lockfile-lint - npm Package Compare versions

Comparing version 4.2.0 to 4.2.1

CHANGELOG.md

@@ -6,2 +6,13 @@ # Change Log
 
+## [4.2.1](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@4.2.0...lockfile-lint@4.2.1) (2020-03-24)
+
+
+### Bug Fixes
+
+* **readme:** update README with --allowed-urls option ([#83](https://github.com/lirantal/lockfile-lint/issues/83)) ([237b680](https://github.com/lirantal/lockfile-lint/commit/237b680))
+
+
+
+
+
 # [4.2.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@4.1.0...lockfile-lint@4.2.0) (2020-03-23)
@@ -8,0 +19,0 @@

package.json

 {
   "name": "lockfile-lint",
-  "version": "4.2.0",
+  "version": "4.2.1",
   "description": "A CLI to lint a lockfile for security policies",
@@ -57,3 +57,3 @@ "bin": {
     "debug": "^4.1.1",
-    "lockfile-lint-api": "^5.1.0",
+    "lockfile-lint-api": "^5.1.1",
     "yargs": "^15.0.2"
@@ -183,3 +183,3 @@ },
   },
-  "gitHead": "d30ce73a3e5977dede29450df1c79b09f02779b2"
+  "gitHead": "0623d327acf529c4b6302031e18dec5a0faf0342"
 }

README.md

@@ -35,3 +35,3 @@ <p align="center"><h1 align="center">
 ```bash
-lockfile-lint --type <yarn|npm> --path <path-to-lockfile> --validate-https --allowed-hosts <host-to-match>
+lockfile-lint --type <yarn|npm> --path <path-to-lockfile> --validate-https --allowed-hosts <host-to-match> --allowed-urls <urls-to-match>
 ```
@@ -69,2 +69,11 @@
 
+**Example 4**: allow the lockfile to contain a package which resolves to a specific URL specified by the `--allowed-urls` option while all other packages must resolve to yarn as specified by `--allowed-hosts`
+
+```bash
+lockfile-lint --path yarn.lock --allowed-hosts yarn --allowed-urls https://github.com/lirantal/lockfile-lint#d30ce73a3e5977dede29450df1c79b09f02779b2
+```
+
+- `--allowed-hosts` allows packages from yarn only
+- `--allowed-urls` overrides `allowed-hosts` and allows a specific Github URL to pass validation
+
 # CLI command options
@@ -79,2 +88,3 @@
 | `--allowed-schemes`, `-o`    | allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:"                                                                                                                                                               | ✅             |
+| `--allowed-urls`, `-u`       | allowed URLs (e.g. `https://github.com/some-org/some-repo#some-hash`)                                                                                                                                                                                                                      | ✅             |
 | `--empty-hostname`, `-e`     | allow empty hostnames, or set to false if you wish for a stricter policy                                                                                                                                                                                                                   | ✅             |
@@ -81,0 +91,0 @@ | `--validate-checksum`, `-c`  | check that all resources include a checksum                                                                                                                                                                                                                                                | ❌ PRs welcome |

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

43692

increased by2.86%

Number of lines in readme file

111

increased by9.9%

Dependency changes

• Updatedlockfile-lint-api@^5.1.1