You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add a new option available on the CLI as --integrity-exclude which allows user to disable the
--validate-integrity check for specific packages.As an aside, this also formats the table in the
lockfile-lint package's README.
fix#187
|`--path`, `-p`| path to the lockfile but you can also provide a glob matching pattern as long as it isn't expanded by a shell like bash or zsh. If that's the case, you can provide it as a string, for example: `-p '/Users/lirantal/repos/**/package-lock.json'` to match multiple lockfiles | ✅ |
82
-
|`--type`, `-t`| lockfile type, options are `npm` or `yarn`| ✅ |
83
-
|`--format`, `-f`| sets what type of report output is desired, one of [`pretty`, `plain`] with `plain` removing colors & status symbols from output | ✅ |
84
-
|`--validate-https`, `-s`| validates the use of HTTPS as protocol schema for all resources in the lockfile | ✅ |
85
-
|`--allowed-hosts`, `-a`| validates a list of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively | ✅ |
86
-
|`--allowed-schemes`, `-o`| allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" | ✅ |
|`--empty-hostname`, `-e`| allow empty hostnames, or set to false if you wish for a stricter policy | ✅ |
89
-
|`--validate-package-names`, `-n`| validates that the resolved URL matches the package name | ✅ |
90
-
|`--validate-integrity`, `-i`| validates the integrity field is a sha512 hash | ✅ |
91
-
|`--allowed-package-name-aliases`, `-l`| allow package name aliases to be used by specifying package name and their alias as pairs (e.g: `string-width-cjs:string-width`) | ✅ |
81
+
|`--path`, `-p`| path to the lockfile but you can also provide a glob matching pattern as long as it isn't expanded by a shell like bash or zsh. If that's the case, you can provide it as a string, for example: `-p '/Users/lirantal/repos/**/package-lock.json'` to match multiple lockfiles | ✅ |
82
+
|`--type`, `-t`| lockfile type, options are `npm` or `yarn`| ✅ |
83
+
|`--format`, `-f`| sets what type of report output is desired, one of [`pretty`, `plain`] with `plain` removing colors & status symbols from output | ✅ |
84
+
|`--validate-https`, `-s`| validates the use of HTTPS as protocol schema for all resources in the lockfile | ✅ |
85
+
|`--allowed-hosts`, `-a`| validates a list of allowed hosts to be used for all resources in the lockfile. Supported short-hands aliases are `npm`, `yarn`, and `verdaccio` which will match URLs `https://registry.npmjs.org`, `https://registry.yarnpkg.com` and `https://registry.verdaccio.org` respectively | ✅ |
86
+
|`--allowed-schemes`, `-o`| allowed [URI schemes](https://tools.ietf.org/html/rfc2396#section-3.1) such as "https:", "http", "git+ssh:", or "git+https:" | ✅ |
|`--empty-hostname`, `-e`| allow empty hostnames, or set to false if you wish for a stricter policy | ✅ |
89
+
|`--validate-package-names`, `-n`| validates that the resolved URL matches the package name | ✅ |
90
+
|`--validate-integrity`, `-i`| validates the integrity field is a sha512 hash | ✅ |
91
+
|`--allowed-package-name-aliases`, `-l`| allow package name aliases to be used by specifying package name and their alias as pairs (e.g: `string-width-cjs:string-width`) | ✅ |
92
+
|`--integrity-exclude`| exclude packages from the `--validate-integrity` check | ✅ |
0 commit comments