Lockfile Linting
0
Free
lockfile-lint is a tool that helps developers lint their lockfiles to ensure they adhere to pre-defined security policies and mitigate the risk of malicious packages being injected into the lockfile. Lockfiles are used as a trusted manifest of resources to fetch packages from, but keeping track of changes to lockfiles can be challenging as they are designed to be consumed by machines. The tool can be easily invoked using the npx command and can lint both yarn.lock and npm-shrinkwrap.json files. It checks the lockfile against a set of predefined security policies, such as ensuring that only trusted package hosts are used and that HTTPS is used for all package downloads. If the lockfile passes the lint checks, the tool will report no issues. If it detects any exceptions to the security policies, it will report them, allowing developers to address the issues and ensure the integrity of their lockfile. lockfile-lint can be used as a standalone CLI tool or as a programmatic API library, making it easy to integrate into existing development workflows, such as pre-commit hooks or CI/CD pipelines.
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
IDAPython plugin for generating Yara rules/patterns from x86/x86-64 code through parameterization.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.
DECAF++ is a fast whole-system dynamic taint analysis framework with improved performance and elasticity.
ARM TrustZone provides a secure execution environment for applications on ARM processors.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security