@43081j/lockcheck
Determines changes in package-lock.json files
Last updated 5 months ago by 43081j .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install @43081j/lockcheck 
SYNC missed versions from official npm registry.

lockcheck

A tiny utility to analyze package-lock.json files for potential problems, inconsistencies and security issues.

Install

$ npm i -D @43081j/lockcheck

Use

$ npx lockcheck

Options

  -d, --dir <path>  Path to directory containing lock file. (default: ".")
  --diff [commit]   Enable diff mode on the specified gitcommit (default is
                    against unchanged file in current branch)
  -v, --verbose     Verbose output
  -h, --help        output usage information

Validators

lockcheck will analyze lock files for the following:

Insecure URIs - Any http URIs are considered unsafe and should be replaced with secure equivalents.

Duplicate versions - Multiple occurrences of a single package with different URLs is a sign of a possibly misconfigured lock file.

Manifest inconsistencies - Packages which exist in the lock file but do not match/satisfy the corresponding entry in package.json are likely misconfigured.

Registry inconsistencies - Unscoped packages in a lock file should all have the same registry. It is valid, however, to have scoped packages use a separate registry.

Diff mode

You can diff two lock files like so:

$ npx lockcheck --diff

This will attempt to use git in order to compare the lock file on disk and the original lock file in git (assuming there is a difference).

Alternatively, you can pipe a lock file into lockcheck to compare against:

$ git show :package-lock.json | npx lockcheck --diff

Or you can specify a commit-ish:

$ npx lockcheck --diff master

License

MIT

Current Tags

  • 0.0.8                                ...           latest (5 months ago)

6 Versions

  • 0.0.8                                ...           5 months ago
  • 0.0.5                                ...           5 months ago
  • 0.0.4                                ...           5 months ago
  • 0.0.3                                ...           5 months ago
  • 0.0.2                                ...           5 months ago
  • 0.0.1                                ...           5 months ago
Maintainers (1)
Downloads
Today 0
This Week 0
This Month 12
Last Day 0
Last Week 0
Last Month 12
Dependencies (3)
Dev Dependencies (16)
Dependents (0)
None

Copyright 2014 - 2016 © taobao.org |