Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
lockfile-lint
Advanced tools
lockfile-lint - npm Package Compare versions
Comparing version 4.9.4 to 4.9.5
@@ -48,3 +48,3 @@ #!/usr/bin/env node | ||
| ['allowed-urls', 'validateUrls'], | ||
| ['validate-integrity-sha512', 'validateIntegrity'] | ||
| ['validate-integrity', 'validateIntegrity'] | ||
| ]) | ||
@@ -51,0 +51,0 @@ |
@@ -6,2 +6,13 @@ # Change Log | ||
| ## 4.9.5 (2022-09-30) | ||
| ### Bug Fixes | ||
| * **integrity:** rename command-line argument from `--validate-integrity-sha512` to `--validate-integrity` ([#144](https://github.com/lirantal/lockfile-lint/issues/144)) ([a29d18b](https://github.com/lirantal/lockfile-lint/commit/a29d18b)) | ||
| ## 4.9.4 (2022-09-27) | ||
@@ -8,0 +19,0 @@ |
| { | ||
| "name": "lockfile-lint", | ||
| "version": "4.9.4", | ||
| "version": "4.9.5", | ||
| "description": "A CLI to lint a lockfile for security policies", | ||
@@ -58,3 +58,3 @@ "bin": { | ||
| "debug": "^4.1.1", | ||
| "lockfile-lint-api": "^5.4.4", | ||
| "lockfile-lint-api": "^5.4.5", | ||
| "yargs": "^16.0.0" | ||
@@ -184,3 +184,3 @@ }, | ||
| }, | ||
| "gitHead": "6d689bd463f3051c468e0d4a7091833c05fcfb40" | ||
| "gitHead": "cb38c109e093f2b44e81ece0edaf2cb157492a4c" | ||
| } |
@@ -79,15 +79,15 @@ <p align="center"><h1 align="center"> | ||
| | command line argument | description | implemented | | ||
| |--------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------| | ||
| | `--path`, `-p` | path to the lockfile | ✅ | | ||
| | `--type`, `-t` | lockfile type, options are `npm` or `yarn` | ✅ | | ||
| | `--format`, `-f` | sets what type of report output is desired, one of [ `pretty`, `plain` ] with `plain` removing colors & status symbols from output | ✅ | | ||
| | `--validate-https`, `-s` | validates the use of HTTPS as protocol schema for all resources in the lockfile | ✅ | | ||
| | `--allowed-hosts`, `-a` | validates a list of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively | ✅ | | ||
| | `--allowed-schemes`, `-o` | allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" | ✅ | | ||
| | `--allowed-urls`, `-u` | allowed URLs (e.g. `https://github.com/some-org/some-repo#some-hash`) | ✅ | | ||
| | `--empty-hostname`, `-e` | allow empty hostnames, or set to false if you wish for a stricter policy | ✅ | | ||
| | `--validate-package-names`, `-n` | validates that the resolved URL matches the package name | ✅ | | ||
| | `--validate-checksum`, `-c` | check that all resources include a checksum | ❌ PRs welcome | | ||
| | `--validate-integrity-sha512`, `-i` | validates the integrity field is a sha512 hash | ✅ | | ||
| | command line argument | description | implemented | | ||
| |----------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------| | ||
| | `--path`, `-p` | path to the lockfile | ✅ | | ||
| | `--type`, `-t` | lockfile type, options are `npm` or `yarn` | ✅ | | ||
| | `--format`, `-f` | sets what type of report output is desired, one of [ `pretty`, `plain` ] with `plain` removing colors & status symbols from output | ✅ | | ||
| | `--validate-https`, `-s` | validates the use of HTTPS as protocol schema for all resources in the lockfile | ✅ | | ||
| | `--allowed-hosts`, `-a` | validates a list of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively | ✅ | | ||
| | `--allowed-schemes`, `-o` | allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" | ✅ | | ||
| | `--allowed-urls`, `-u` | allowed URLs (e.g. `https://github.com/some-org/some-repo#some-hash`) | ✅ | | ||
| | `--empty-hostname`, `-e` | allow empty hostnames, or set to false if you wish for a stricter policy | ✅ | | ||
| | `--validate-package-names`, `-n` | validates that the resolved URL matches the package name | ✅ | | ||
| | `--validate-checksum`, `-c` | check that all resources include a checksum | ❌ PRs welcome | | ||
| | `--validate-integrity`, `-i` | validates the integrity field is a sha512 hash | ✅ | | ||
@@ -94,0 +94,0 @@ # File-Based Configuration |
@@ -56,3 +56,3 @@ 'use strict' | ||
| i: { | ||
| alias: ['validate-integrity-sha512'], | ||
| alias: ['validate-integrity'], | ||
| type: 'boolean', | ||
@@ -59,0 +59,0 @@ describe: 'validates that the integrity hash type is sha512' |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.4%
54215
Dependency changes
Updatedlockfile-lint-api@^5.4.5