Lockfile Linting
lockfile-lint is a tool that helps developers lint their lockfiles to ensure they adhere to pre-defined security policies and mitigate the risk of malicious packages being injected into the lockfile. Lockfiles are used as a trusted manifest of resources to fetch packages from, but keeping track of changes to lockfiles can be challenging as they are designed to be consumed by machines. The tool can be easily invoked using the npx command and can lint both yarn.lock and npm-shrinkwrap.json files. It checks the lockfile against a set of predefined security policies, such as ensuring that only trusted package hosts are used and that HTTPS is used for all package downloads. If the lockfile passes the lint checks, the tool will report no issues. If it detects any exceptions to the security policies, it will report them, allowing developers to address the issues and ensure the integrity of their lockfile. lockfile-lint can be used as a standalone CLI tool or as a programmatic API library, making it easy to integrate into existing development workflows, such as pre-commit hooks or CI/CD pipelines.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
Instrumentation-based approach for resolving reflective calls in Android apps.
A privacy-focused CAPTCHA alternative that protects websites from bot attacks using proof-of-work challenges and AI-based detection while maintaining GDPR compliance.
ConDroid performs concolic execution of Android apps to observe 'interesting' behavior in dynamic analysis.
A free online tool that scans and fixes common security issues in WordPress websites.
Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.
Reformat and re-indent bookmarklets, ugly JavaScript, and unpack scripts with options available via UI.
A tool for identifying potential security vulnerabilities in web applications
Data Theorem API Secure is an application security platform that combines SAST, DAST, IAST, and SCA testing methodologies to provide comprehensive security assessment and monitoring for APIs and modern applications throughout their development lifecycle.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.