{"library":"lockfile-lint","title":"lockfile-lint","description":"lockfile-lint is a CLI tool for linting npm and Yarn lockfiles against security policies. Current stable version is 5.0.0 (requires Node >=16), with frequent patch releases. It validates package origins, HTTPS usage, allowed hosts/schemes, and integrates into CI pipelines. Unlike generic linters, it focuses on supply-chain security by enforcing policies on lockfile entries. Maintained by Liran Tal and part of the lockfile-lint project.","language":"javascript","status":"active","last_verified":"Sat Apr 25","install":{"commands":["npm install lockfile-lint"],"cli":{"name":"lockfile-lint","version":null}},"imports":["import lockfileLint from 'lockfile-lint'","import { lockfileLint } from 'lockfile-lint'","import type { LockfileLintConfig } from 'lockfile-lint'"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"// Install: npm install --save-dev lockfile-lint\n// Run in CI or locally:\nimport lockfileLint from 'lockfile-lint';\nconst result = lockfileLint({\n  type: 'npm',\n  path: './package-lock.json',\n  validateHttps: true,\n  allowedHosts: ['registry.npmjs.org']\n});\nconsole.log(result?.message);\n// Or CLI:\n// npx lockfile-lint --type npm --path package-lock.json --validate-https --allowed-hosts registry.npmjs.org","lang":"typescript","description":"Shows programmatic usage with validation of HTTPS and allowed hosts for npm lockfile.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}