Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
lockfile-lint
Advanced tools
lockfile-lint - npm Package Compare versions
Comparing version 4.7.3 to 4.7.4
@@ -6,2 +6,10 @@ # Change Log | ||
| ## 4.7.4 (2022-03-13) | ||
| **Note:** Version bump only for package lockfile-lint | ||
| ## 4.7.3 (2022-03-10) | ||
@@ -8,0 +16,0 @@ |
| { | ||
| "name": "lockfile-lint", | ||
| "version": "4.7.3", | ||
| "version": "4.7.4", | ||
| "description": "A CLI to lint a lockfile for security policies", | ||
@@ -57,3 +57,3 @@ "bin": { | ||
| "debug": "^4.1.1", | ||
| "lockfile-lint-api": "^5.2.3", | ||
| "lockfile-lint-api": "^5.2.4", | ||
| "yargs": "^16.0.0" | ||
@@ -183,3 +183,3 @@ }, | ||
| }, | ||
| "gitHead": "50d25a29513e366ab7d32254918bb5fd5d12fe51" | ||
| "gitHead": "9b0b16715e4cfb77c7ec6ec180d9c1f1c8bcb8e6" | ||
| } |
@@ -79,13 +79,14 @@ <p align="center"><h1 align="center"> | ||
| | command line argument | description | implemented | | ||
| | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | | ||
| | `--path`, `-p` | path to the lockfile | ✅ | | ||
| | `--type`, `-t` | lockfile type, options are `npm` or `yarn` | ✅ | | ||
| | `--validate-https`, `-s` | validates the use of HTTPS as protocol schema for all resources in the lockfile | ✅ | | ||
| | `--allowed-hosts`, `-a` | validates a list of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively | ✅ | | ||
| | `--allowed-schemes`, `-o` | allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" | ✅ | | ||
| | `--allowed-urls`, `-u` | allowed URLs (e.g. `https://github.com/some-org/some-repo#some-hash`) | ✅ | | ||
| | `--empty-hostname`, `-e` | allow empty hostnames, or set to false if you wish for a stricter policy | ✅ | | ||
| | `--validate-checksum`, `-c` | check that all resources include a checksum | ❌ PRs welcome | | ||
| | `--validate-integrity`, `-i` | check that all resources include an integrity field | ❌ PRs welcome | | ||
| | command line argument | description | implemented | | ||
| | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | | ||
| | `--path`, `-p` | path to the lockfile | ✅ | | ||
| | `--type`, `-t` | lockfile type, options are `npm` or `yarn` | ✅ | | ||
| | `--validate-https`, `-s` | validates the use of HTTPS as protocol schema for all resources in the lockfile | ✅ | | ||
| | `--allowed-hosts`, `-a` | validates a list of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively | ✅ | | ||
| | `--allowed-schemes`, `-o` | allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" | ✅ | | ||
| | `--allowed-urls`, `-u` | allowed URLs (e.g. `https://github.com/some-org/some-repo#some-hash`) | ✅ | | ||
| | `--empty-hostname`, `-e` | allow empty hostnames, or set to false if you wish for a stricter policy | ✅ | | ||
| | `--validate-package-names`, `-n` | validates that the resolved URL matches the package name | ✅ | | ||
| | `--validate-checksum`, `-c` | check that all resources include a checksum | ❌ PRs welcome | | ||
| | `--validate-integrity`, `-i` | check that all resources include an integrity field | ❌ PRs welcome | | ||
@@ -92,0 +93,0 @@ # File-Based Configuration |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.94%
50573
- Number of lines in readme file
- increased by0.9%
112
Dependency changes
Updatedlockfile-lint-api@^5.2.4