Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add lockfile-lint to check for bad errors in yarn.lock #2278

Merged
merged 2 commits into from Oct 21, 2019
Merged

Add lockfile-lint to check for bad errors in yarn.lock #2278

merged 2 commits into from Oct 21, 2019

Conversation

julienw
Copy link
Contributor

@julienw julienw commented Oct 14, 2019

The article [1] describes possible attacks that can be conveyed using
yarn.lock. This tool lockfile-lint helps avoid common threats.

[1] https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/

@codecov
Copy link

codecov bot commented Oct 14, 2019
edited

Codecov Report

Merging #2278 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #2278   +/-   ##
=======================================
  Coverage   86.11%   86.11%           
=======================================
  Files         203      203           
  Lines       14824    14824           
  Branches     3713     3713           
=======================================
  Hits        12766    12766           
  Misses       1886     1886           
  Partials      172      172

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update efe2f99...74f9ccf. Read the comment docs.

@julienw julienw mentioned this pull request Oct 14, 2019
Merged
gregtatum
gregtatum approved these changes Oct 21, 2019
View reviewed changes
Copy link
Member

@gregtatum gregtatum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works for me, thanks for ensuring we are more secure.

@julienw julienw merged commit 2f0cb6c into firefox-devtools:master Oct 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gregtatum gregtatum gregtatum approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@julienw @gregtatum