Manifest Confusion detecter.
Ref: https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem
Check npm registry manifests vs dependencies in node_modules
, yarn.lock
and/or package-lock.json
.
For details of what is checked, see the source code.
npx manifest-confusion-check
- implement
yarn.lock
support - implement
package-lock.json
version 1 support - add error codes
process.exit(1)
if there are errors- implement duplicate key checks
- add licence
- on release, update CHANGELOG.md