Add option to exclude packages from the `--validate-integrity` check

[ericcornelissen]

Description

Add a new option available on the CLI as --integrity-exclude which allows user to disable the --validate-integrity check for specific packages.

Also, format the table in the lockfile-lint package's README. Some more formatting happened as a result of commit hooks.

Types of changes

• [ ] Bug fix (non-breaking change which fixes an issue)
• [x] New feature (non-breaking change which adds functionality)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)

Related Issue

187

Motivation and Context

I have a project where I use a dependency available only on the GitLab npm registry. This registry only provides SHA1 integrity values and so dependency installed from there are rejected when using the --validate-integrity option. As a result I can't use --validate-integrity to at least enforce strong integrity values for dependencies from other registries.

How Has This Been Tested?

Unit testing: updated the tests and ran npm run test. I was using Node.js v20.9.0 while working on this.

Screenshots (if appropriate):

n/a

Checklist:

• [x] I have updated the documentation (if required).
• [x] I have read the CONTRIBUTING document.
• [x] I have added tests to cover my changes.
• [x] All new and existing tests passed.
• [x] I added a picture of a cute animal cause it's fun

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (7958b39) 97.98% compared to head (afcefd9) 98.01%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #188 +/- ## ========================================== + Coverage 97.98% 98.01% +0.02% ========================================== Files 13 13 Lines 398 403 +5 Branches 93 96 +3 ========================================== + Hits 390 395 +5 Misses 8 8 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[lirantal]

Superb. Thank you Eric!

[ericcornelissen]

It seems the mocked data in validators.integrityHashType.test.js isn't quite representative of real-world data. In particular, packageName doesn't look like "typescript" but rather like "typescript@{version}-{hex-value}" - hence the implementation here doesn't work, apologies :sweat: I'll submit a followup PR with a patch

[lirantal]

Ahh, good catch and thanks for the quick follow-up!