CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-lockfile-lint

A CLI to lint a lockfile for security policies

Pending
Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

quick-start.mddocs/guides/

Quick Start Guide

Installation

Local Installation

npm install lockfile-lint

Global Installation

npm install -g lockfile-lint

Using npx (No Installation Required)

npx lockfile-lint --path package-lock.json --validate-https

Basic Usage

Validate HTTPS Only

lockfile-lint --path package-lock.json --validate-https

Validate Allowed Hosts

lockfile-lint --path yarn.lock --allowed-hosts npm yarn

Multiple Validations

lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm --validate-integrity

Plain Output for CI/CD

lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm --format plain

Common Workflows

Basic Security Check

The most common security check validates HTTPS and restricts to npm registry:

lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm --format plain

With Integrity Validation

Add integrity hash validation for complete protection:

lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm --validate-integrity --format plain

Monorepo Validation

Validate multiple lockfiles in a monorepo:

lockfile-lint --path "packages/**/package-lock.json" --validate-https --allowed-hosts npm

Next Steps

  • See CLI Options Reference for all available options
  • See Real-World Scenarios for comprehensive examples
  • See Configuration Reference for file-based configuration

docs

guides

quick-start.md

index.md

tile.json