lockfile-lint - npm Package Compare versions

Comparing version 4.3.6 to 4.3.7

CHANGELOG.md

		@@ -6,2 +6,13 @@ # Change Log

		## [4.3.7](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@4.3.6...lockfile-lint@4.3.7) (2020-06-24)


		### Bug Fixes

		* readme: update docs for allowed-schemes ([#97](https://github.com/lirantal/lockfile-lint/issues/97)) ([e763b99](https://github.com/lirantal/lockfile-lint/commit/e763b99)), closes [#91](https://github.com/lirantal/lockfile-lint/issues/91)





		## [4.3.6](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@4.3.5...lockfile-lint@4.3.6) (2020-05-14)
		@@ -8,0 +19,0 @@

package.json

		{
		"name": "lockfile-lint",
		"version": "4.3.6",
		"version": "4.3.7",
		"description": "A CLI to lint a lockfile for security policies",
		@@ -182,3 +182,3 @@ "bin": {
		},
		"gitHead": "b0914b6fbbbfe05367b7b827c9521dc5ef4338a9"
		"gitHead": "940d34f1cf0090e305bafb59518f6d7d466ac0f8"
		}

README.md

		@@ -66,3 +66,3 @@ <p align="center"><h1 align="center">
		- `--allowed-hosts` explicitly set to match github.com as a host and specifies `yarn` as the alias for yarn's official mirror host
		- `--allowed-schemes` overrides `validate-https` and so it explicitly allows both `https:` and `git+https:` for the github URL
		- `--allowed-schemes` is used instead of `validate-https` and it explicitly allows both `https:` and `git+https:` as the [HTTP Scheme](https://tools.ietf.org/html/rfc3986#section-3.1) for the github URL. Note that `--allowed-schemes` and `--validate-https` are mutually exclusive.

		@@ -85,3 +85,3 @@ Example 4: allow the lockfile to contain a package which resolves to a specific URL specified by the `--allowed-urls` option while all other packages must resolve to yarn as specified by `--allowed-hosts`
		\| `--validate-https`, `-s` \| validates the use of HTTPS as protocol schema for all resources in the lockfile \| ✅ \|
		\| `--allowed-hosts`, `-a` \| validates a whitelist of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively \| ✅ \|
		\| `--allowed-hosts`, `-a` \| validates a list of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively \| ✅ \|
		\| `--allowed-schemes`, `-o` \| allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" \| ✅ \|
		@@ -88,0 +88,0 @@ \| `--allowed-urls`, `-u` \| allowed URLs (e.g. `https://github.com/some-org/some-repo#some-hash`) \| ✅ \|

		@@ -66,3 +66,3 @@ <p align="center"><h1 align="center">
		- `--allowed-hosts` explicitly set to match github.com as a host and specifies `yarn` as the alias for yarn's official mirror host
		- `--allowed-schemes` overrides `validate-https` and so it explicitly allows both `https:` and `git+https:` for the github URL
		- `--allowed-schemes` is used instead of `validate-https` and it explicitly allows both `https:` and `git+https:` as the [HTTP Scheme](https://tools.ietf.org/html/rfc3986#section-3.1) for the github URL. Note that `--allowed-schemes` and `--validate-https` are mutually exclusive.

		@@ -85,3 +85,3 @@ Example 4: allow the lockfile to contain a package which resolves to a specific URL specified by the `--allowed-urls` option while all other packages must resolve to yarn as specified by `--allowed-hosts`
		\| `--validate-https`, `-s` \| validates the use of HTTPS as protocol schema for all resources in the lockfile \| ✅ \|
		\| `--allowed-hosts`, `-a` \| validates a whitelist of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively \| ✅ \|
		\| `--allowed-hosts`, `-a` \| validates a list of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively \| ✅ \|
		\| `--allowed-schemes`, `-o` \| allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" \| ✅ \|
		@@ -88,0 +88,0 @@ \| `--allowed-urls`, `-u` \| allowed URLs (e.g. `https://github.com/some-org/some-repo#some-hash`) \| ✅ \|

lockfile-lint - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics