{"id":25902,"library":"lockfile-lint-api","title":"lockfile-lint-api","description":"Programmatic API for linting npm or yarn lockfiles to detect security and policy issues. Current stable version is 5.9.2, released as part of the lockfile-lint monorepo. It provides validators for HTTPS scheme, allowed hosts, package name consistency, URI schemes, and integrity hash types. Outputs structured success/error objects. Requires Node >=16.0.0.","status":"active","version":"5.9.2","language":"javascript","source_language":"en","source_url":"https://github.com/lirantal/lockfile-lint","tags":["javascript","lockfile","lock","file","lint","linter","parse","npm","yarn"],"install":[{"cmd":"npm install lockfile-lint-api","lang":"bash","label":"npm"},{"cmd":"yarn add lockfile-lint-api","lang":"bash","label":"yarn"},{"cmd":"pnpm add lockfile-lint-api","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"ESM imports are supported; CommonJS require also works.","wrong":"const { ValidateHost } = require('lockfile-lint-api')","symbol":"ValidateHost","correct":"import { ValidateHost } from 'lockfile-lint-api'"},{"note":"ValidateHttps is a named export, not default.","wrong":"import ValidateHttps from 'lockfile-lint-api'","symbol":"ValidateHttps","correct":"import { ValidateHttps } from 'lockfile-lint-api'"},{"note":"Used to parse lockfile content before validation.","wrong":"","symbol":"ParseLockfile","correct":"import { ParseLockfile } from 'lockfile-lint-api'"}],"quickstart":{"code":"import { ParseLockfile, ValidateHost } from 'lockfile-lint-api';\nimport fs from 'fs';\n\nconst lockfilePath = 'package-lock.json';\nconst lockfileContent = fs.readFileSync(lockfilePath, 'utf8');\nconst parser = new ParseLockfile(lockfileContent);\nconst lockfile = parser.parse();\n\nconst validator = new ValidateHost({ packages: lockfile.object });\ntry {\n  const result = validator.validate(['npm']);\n  console.log(result.type === 'success' ? 'Valid' : 'Invalid');\n} catch (err) {\n  console.error('Validation error:', err.message);\n}","lang":"typescript","description":"Parses a package-lock.json file and validates that all packages are hosted on the allowed 'npm' host."},"warnings":[{"fix":"Upgrade Node.js to version 16 or later.","message":"Requires Node >=16.0.0 as of version 5.0.0","severity":"breaking","affected_versions":">=5.0.0"},{"fix":"Use ValidateHttps instead of ValidateScheme.","message":"The 'ValidateScheme' validator is being deprecated in favor of 'ValidateHttps'","severity":"deprecated","affected_versions":">=5.0.0"},{"fix":"Ensure packages have a 'resolved' field if you want them validated.","message":"Validators skip packages without a 'resolved' field (e.g., local filesystem packages).","severity":"gotcha","affected_versions":"*"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Run 'npm install lockfile-lint-api' and ensure import path is correct.","cause":"Package not installed or incorrect import path.","error":"Error: Cannot find module 'lockfile-lint-api'"},{"fix":"Check that you instantiated the validator correctly and are calling the appropriate method (e.g., validator.validate()).","cause":"Using an invalid validator object or method name.","error":"TypeError: validator.validate is not a function"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}