lockfile-lint

library 5.0.0 ·javascript

✓ verified May 27, 2026

devops testing auth-security

lockfile-lint is a CLI tool for linting npm and Yarn lockfiles against security policies. Current stable version is 5.0.0 (requires Node >=16), with frequent patch releases. It validates package origins, HTTPS usage, allowed hosts/schemes, and integrates into CI pipelines. Unlike generic linters, it focuses on supply-chain security by enforcing policies on lockfile entries. Maintained by Liran Tal and part of the lockfile-lint project.

Traffic · last 30 days ↓11% vs prev 7d · indexed Sat Apr 25 · updated Tue Jun 09

total hits 25

actors 8 distinct systems

last hit 1d ago AhrefsBot

Amazonbot

4

MetaBot

4

GPTBot

2

Script

2

ClaudeBot

1

Search engines

1

Humans

6

top countries 🇺🇸 United States · VN · 🇨🇦 Canada · 🇫🇷 France · 🇪🇸 Spain

Resources

githubgithub.com/lirantal/lockfile-lint ↗

packagewww.npmjs.com/package/lockfile-lint ↗

homepagelockfile-lint.dev ↗

API endpoints

full doc /v1/registry/lockfile-lint

install /v1/registry/lockfile-lint/install

compatibility /v1/registry/lockfile-lint/compatibility