项目作者: kopach

项目描述 :
Tool for smart revert of integrity changes for npm lock file
高级语言: TypeScript
项目地址: git://github.com/kopach/lockfix.git
创建时间: 2020-06-03T07:54:40Z
项目社区:https://github.com/kopach/lockfix

开源协议:MIT License

下载


#StandWithUkraine


  1. _
    | | __
    | | | _()
    | | / _ \ /
    | |/ / | | \ \/ /
    | |__| (
    ) | (| <| | | |> <
    |__
    _/ _||\_| |//_\

lockfix



Snyk Vulnerabilities badge
Maintainability
Language grade: JavaScript

NPM badge

⭐️ Please, star me on GitHub — it helps!

lockfix – is a git based CLI tool, which helps to revert sha1 integrity changes of npm lock file



Before
screenshot before

After
screenshot after

🧬 Table of Contents

❓ Why? 🔝

NPM has known issue of constantly changing integrity property of its lock file. Integrity may change due to plenty of reasons. Some of them are:

  • npm install done on machine with different OS from one where lock file generated
  • some package version updated
  • another version of npm used

Intention of this tool is to prevent such changes and make integrity property secure and reliable.

✨ Features 🔝

  • Reverts changes from sha512 to sha1. Keeps untouched changes from sha1 to sha512. sha512 algorithm is more secure.
  • Works well with both package-lock.json and npm-shrinkwrap.json
  • Possibility to revert any changes done by this tool

💾 Install 🔝

Install per project with NPM

  1. npm install --save-dev lockfix

or to install globally

  1. npm install -g lockfix

🔨 Usage 🔝

Add to package.json

  1. "scripts": {
  2. "postshrinkwrap": "lockfix",
  3. },

Manually from terminal

  1. lockfix

or (without install)

  1. npx lockfix

Options

  1. Usage: lockfix [options]
  2. Options:
  3. -V, --version output the version number
  4. -c, --commit make backup commit with revert instruction before applying changes
  5. -f, --force bypass Git root directory check
  6. -q, --quiet suppress output
  7. -h, --help display help for command

📄 License 🔝

This software licensed under the MIT