LockfileAudit
Audit package lockfiles for integrity issues, version conflicts, and supply chain risks
LockfileAudit
Audit package lockfiles for integrity issues, version conflicts, and supply chain risks
LockfileAudit analyzes package lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml, Cargo.lock) to detect integrity hash mismatches, version resolution conflicts, phantom dependencies, and packages resolved from unexpected registries. The tool identifies supply chain risk indicators including packages with install scripts, recently transferred ownership, and single-maintainer status. It generates lockfile health reports and can be used as a CI gate to prevent lockfile changes that introduce specific risk categories. Security-conscious engineering teams use it to harden their dependency supply chain.
Key Features
- ✓Integrity hash verification
- ✓Phantom dependency detection
- ✓Registry source checking
- ✓Install script flagging
- ✓Ownership transfer alerts
Quick Info
- Category
- Code & Development
- Pricing
- Free
More Code & Development Tools
GitHub Copilot
Code & DevelopmentThe AI pair programmer trusted by millions of developers
Cursor
Code & DevelopmentThe code editor built around AI from the ground up
Tabnine
Code & DevelopmentPrivacy-first AI code completion
Codeium
Code & DevelopmentFree AI coding assistant with no usage limits