search

lirantal / lockfile-lint

Lint an npm or yarn lockfile to analyze and detect security issues
Apache License 2.0
781 stars 35 forks source link

Provide the actual bad string being used #17

Closed lirantal closed 4 years ago

lirantal commented 4 years ago

Is your feature request related to a problem? Please describe. Right now when the linter fails on an untrusted option found in the lockfile it says which package is it, but it doesn't say what is the actual bad string being used.

For example, an output of lockfile-lint could be:

detected invalid scheme for package: @babel/code-frame@^7.0.0
error: command failed with exit code 1

But it doesn't say what is the string provided as the "scheme" that is found to be invalid, and so it would be a nice DX to also print this information out with regards to the current validators we have.

Describe the solution you'd like This is probably something we want to fix in the way that the lockfile-lint-api works and provide this information, at which point the CLI package lockfile-lint can then use it.

pratik97 commented 4 years ago

I will take a look :)

pratik97 commented 4 years ago

@lirantal raised a PR for this

lirantal commented 4 years ago

thanks!