lockfile linting

lockfile-lint is a security tool that helps validate npm and Yarn lockfiles to prevent malicious dependency injections. It checks for common security issues such as package integrity violations and unauthorized registry usage.

Features

Validates npm and Yarn lockfiles for security issues
Detects unauthorized registries to prevent supply chain attacks
Checks package integrity by verifying package sources
Supports CI/CD pipelines for automated security enforcement
Lightweight and fast execution with minimal overhead
Helps enforce security policies by restricting dependency sources

Project Samples

Project Activity

See All Activity >

License

Apache License V2.0

Follow lockfile linting

lockfile linting Web Site

Other Useful Business Software

Train ML Models With SQL You Already Know

BigQuery automates data prep, analysis, and predictions with built-in AI assistance.

Build and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.

Try Free

Rate This Project

User Reviews

Be the first to post a review of lockfile linting!

Additional Project Details

Operating Systems

Linux, Mac, Windows

Programming Language

JavaScript

Related Categories

JavaScript Package Managers

Registered

2025-02-28

Similar Business Software

eAuditor Cloud

eAuditor Cloud is a comprehensive SaaS platform for IT asset management, monitoring, security, and data protection. With more than 20 years of experience in corporate and public sector environments, it combines proven functionality with the accessibility and scalability of the cloud. The system...

See Software
npm

We're npm, Inc., the company behind Node package manager, the npm Registry, and npm CLI. We offer those to the community for free, but our day job is building and selling useful tools for developers like you. Get started today for free, or step up to npm Pro to enjoy a premium JavaScript...

See Software
AWS CodeArtifact

Store and share artifacts across accounts, with appropriate levels of access granted to your teams and build systems. Reduce overhead from setup and maintenance of an artifact server or infrastructure with a fully managed service. Only pay for software packages stored, number of requests made,...

See Software
Yarn

Yarn is a package manager which doubles down as project manager. Whether you work on one-shot projects or large monorepos, as a hobbyist or an enterprise user, we've got you covered. Split your project into sub-components kept within a single repository. Yarn guarantees that an install that...

See Software
Google Cloud Artifact Registry

Artifact Registry is Google Cloud’s unified, fully managed package and container registry designed for high-performance artifact storage and dependency management. It centralizes hosting of container images (Docker/OCI), Helm charts, language packages (Java/Maven, Node.js/npm, Python), and OS...

See Software
Cargo

Cargo is the Rust package manager. Cargo downloads your Rust package's dependencies, compiles your packages, makes distributable packages, and uploads them to crates.io, the Rust community’s package registry. You can contribute to this book on GitHub. To get started with Cargo, install Cargo...

See Software

Report inappropriate content

lockfile linting

Lint an npm or yarn lockfile to analyze and detect security issues

Get an email when there's a new version of lockfile linting

Features

Project Samples

Project Activity

Categories

License

Follow lockfile linting

User Reviews

Additional Project Details

Operating Systems

Programming Language

Related Categories

Registered