Skip to content
/ lockfix Public

Tool for smart revert of integrity changes for npm lock file

License

Notifications You must be signed in to change notification settings

kopach/lockfix

Repository files navigation

#StandWithUkraine

  _               _    _____ _      
 | |    ___   ___| | _|  ___(_)_  __
 | |   / _ \ / __| |/ / |_  | \ \/ /
 | |__| (_) | (__|   <|  _| | |>  < 
 |_____\___/ \___|_|\_\_|   |_/_/\_\

lockfix

Snyk Vulnerabilities badge Maintainability Language grade: JavaScript

NPM badge

⭐️ Please, star me on GitHub — it helps!

lockfix – is a git based CLI tool, which helps to revert sha1 integrity changes of npm lock file

Before screenshot before

After screenshot after

🧬 Table of Contents

❓ Why? 🔝

NPM has known issue of constantly changing integrity property of its lock file. Integrity may change due to plenty of reasons. Some of them are:

  • npm install done on machine with different OS from one where lock file generated
  • some package version updated
  • another version of npm used

Intention of this tool is to prevent such changes and make integrity property secure and reliable.

✨ Features 🔝

  • Reverts changes from sha512 to sha1. Keeps untouched changes from sha1 to sha512. sha512 algorithm is more secure.
  • Works well with both package-lock.json and npm-shrinkwrap.json
  • Possibility to revert any changes done by this tool

💾 Install 🔝

Install per project with NPM

npm install --save-dev lockfix

or to install globally

npm install -g lockfix

🔨 Usage 🔝

Add to package.json

"scripts": {
    "postshrinkwrap": "lockfix",
},

Manually from terminal

lockfix

or (without install)

npx lockfix

Options

Usage: lockfix [options]

Options:
  -V, --version  output the version number
  -c, --commit   make backup commit with revert instruction before applying changes
  -f, --force    bypass Git root directory check
  -q, --quiet    suppress output
  -h, --help     display help for command

📄 License 🔝

This software licensed under the MIT