chore: document ValidatePackageNames
#119
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
see: #114
Signed-off-by: Rifa Achrinza 25147899+achrinza@users.noreply.github.com
This pull request adds the initial documentation for
ValidatePackageNames
and--validate-package-names
/-n
.Description
This newly-added feature was not documented in any README file, which meant that it was only discoverable through either reading the codebase or through the CLI help menu (e.g.
lockfile-lint --help
). This pull request adds the minimum documentation to make it more accessible for those who want to quickly implement this tool.Types of changes
Related Issue
Nil
Motivation and Context
At LoopBack, we are in the works of implementing
lockfile-lint
as a solution to protect our Node.js projects from malicious lockfiles. We realised that one major problem that the READMEs did not address were lockfile modifications which pointed malicious packages published to known hosts, similar to what's described in #113.While browsing the codebase, we realised that this was already addressed by the newly-released
ValidatePackageNames
validator. Hence, this pull request is to document this validator in the READMEs so that others can more easily discover it.How Has This Been Tested?
A passing
yarn run lint
(i.e. no errors or new warnings),yarn run test
and visual review through GitHub Markdown preview.Yarn output
Screenshots (if appropriate):
Nil.
Checklist: