CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/npm-lockfile-lint

A CLI to lint a lockfile for security policies

Pending
Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

SecuritybySnyk

Pending

The risk profile of this skill

Overview
Eval results
Files

integration-patterns.mddocs/reference/

Integration Patterns

CI/CD Integration

GitHub Actions

- name: Lint Lockfile
  run: npx lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm --format plain

GitLab CI

lockfile-security:
  script:
    - npm install lockfile-lint
    - npx lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm --format plain

CircleCI

- run:
    name: Validate Lockfile Security
    command: npx lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm --format plain

Jenkins Pipeline

stage('Lockfile Security') {
    steps {
        sh 'npx lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm --format plain'
    }
}

Pre-commit Hooks

Using husky

{
  "husky": {
    "hooks": {
      "pre-commit": "lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm"
    }
  }
}

Using husky v5+

// .husky/pre-commit
#!/usr/bin/env sh
. "$(dirname -- "$0")/_/husky.sh"

npx lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm

Using lint-staged

{
  "lint-staged": {
    "package-lock.json": [
      "lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm"
    ]
  }
}

NPM Scripts

{
  "scripts": {
    "lint:lockfile": "lockfile-lint --path package-lock.json --validate-https --allowed-hosts npm",
    "pretest": "npm run lint:lockfile",
    "prepublishOnly": "npm run lint:lockfile"
  }
}

docs

reference

cli-options.md

configuration.md

error-handling.md

integration-patterns.md

index.md

tile.json