Add lockfile validation #16
Comments
achrinza
added a commit
that referenced
this issue
Mar 12, 2022
see: #16 Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza
added a commit
that referenced
this issue
Mar 12, 2022
see: #16 Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza
added a commit
that referenced
this issue
Mar 12, 2022
see: #16 Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza
added a commit
that referenced
this issue
Mar 12, 2022
see: #16 Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza
added a commit
to loopbackio/strong-error-handler
that referenced
this issue
Nov 9, 2023
see: loopbackio/cicd#91 see: loopbackio/cicd#90 see: loopbackio/cicd#89 see: loopbackio/cicd#83 see: loopbackio/security#27 see: loopbackio/security#26 see: loopbackio/security#23 see: loopbackio/security#16 Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza
added a commit
to loopbackio/strong-error-handler
that referenced
this issue
Nov 9, 2023
see: loopbackio/cicd#91 see: loopbackio/cicd#90 see: loopbackio/cicd#89 see: loopbackio/cicd#83 see: loopbackio/security#27 see: loopbackio/security#26 see: loopbackio/security#23 see: loopbackio/security#16 Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza
added a commit
to loopbackio/strong-error-handler
that referenced
this issue
Nov 9, 2023
see: loopbackio/cicd#91 see: loopbackio/cicd#90 see: loopbackio/cicd#89 see: loopbackio/cicd#83 see: loopbackio/security#27 see: loopbackio/security#26 see: loopbackio/security#23 see: loopbackio/security#16 Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza
added a commit
to loopbackio/strong-error-handler
that referenced
this issue
Nov 9, 2023
see: loopbackio/cicd#91 see: loopbackio/cicd#90 see: loopbackio/cicd#89 see: loopbackio/cicd#83 see: loopbackio/security#27 see: loopbackio/security#26 see: loopbackio/security#23 see: loopbackio/security#16 Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
achrinza
added a commit
to loopbackio/strong-error-handler
that referenced
this issue
Nov 9, 2023
see: loopbackio/cicd#91 see: loopbackio/cicd#90 see: loopbackio/cicd#89 see: loopbackio/cicd#83 see: loopbackio/security#27 see: loopbackio/security#26 see: loopbackio/security#23 see: loopbackio/security#16 Signed-off-by: Rifa Achrinza <25147899+achrinza@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lockfiles are generally treated as an opaque format, and as such are typically ignored during code review. However, they can be an attack vector if they are modified to download malicious packages instead. This is because lockfiles only check for integrity but not authenticity.
lockfile-lintis a project maintained by a Snyk staff which can notably enforce the permitted hosts and URL schemes within NPM and Yarn lockfiles.This issue is to track adding of
lockfile-lintto our Git Repositories.The text was updated successfully, but these errors were encountered: