You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for reporting this, it's really interesting.
I don't think that lockfile-lint solves the problem in a nice way because it's very easy to host malicious code on NPM or Github. But maybe that can be a good first step.
User story
I am not sure, I am the correct person to discuss about the npm build issue, but I cam across an article - https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/
which states linting package-lock.json files is a good practice to avoid security issues.
Best solution for this problem
Should we lint package-lock.json file ?
Also does npm audit help us ?
MVP
Check - https://github.com/lirantal/lockfile-lint
The text was updated successfully, but these errors were encountered: