search

lirantal / lockfile-lint

Lint an npm or yarn lockfile to analyze and detect security issues
Apache License 2.0
782 stars 35 forks source link

Unsupported lockfile? #195

Closed Lewenhaupt closed 1 month ago

Lewenhaupt commented 4 months ago

Hi, I wanted to start using this library in our projects. We're using yarn 3+ for everything and we immediately encountered an error that I've been unable to understand. For all packages we get:

    detected invalid protocol for package: webidl-conversions@npm:^4.0.2
    expected: https:
    actual: npm:

Executed with: npx lockfile-lint --path yarn.lock --allowed-hosts npm yarn --validate-https

If I look in my lockfile I can't actually see that it specifies the full urls anywhere. Any way to solve this?

lirantal commented 4 months ago

Hi @Lewenhaupt, can you give me a simple example repo that I can reproduce this issue you're having?

Lewenhaupt commented 4 months ago

@lirantal I'll see if I can setup something minimal later today.