lockfix

Smart fix integrity changes of npm lock file

Usage no npm install needed!

<script type="module">
  import lockfix from 'https://cdn.skypack.dev/lockfix';
</script>

README

  _               _    _____ _
 | |    ___   ___| | _|  ___(_)_  __
 | |   / _ \ / __| |/ / |_  | \ \/ /
 | |__| (_) | (__|   <|  _| | |>  <
 |_____\___/ \___|_|\_\_|   |_/_/\_\

lockfix

Snyk Vulnerabilities badge Maintainability Language grade: JavaScript

NPM badge

⭐️ Please, star me on GitHub — it helps!

lockfix – is a git based CLI tool, which helps to revert sha1 integrity changes of npm lock file

Before screenshot before

After screenshot after

🧬 Table of Contents

❓ Why? 🔝

NPM has known issue of constantly changing integity property of its lock file. Integrity may change due to plenty of reasons. Some of them are:

  • npm install done on machine with different OS from one where lock file generated
  • some package version updated
  • another version of npm used

Intention of this tool is to prevent such changes and make integrity property secure and reliable.

✨ Features 🔝

  • Reverts changes from sha512 to sha1. Keeps untouched changes from sha1 to sha512. sha512 algorithm is more secure.
  • Works well with both package-lock.json and npm-shrinkwrap.json
  • Possibility to revert any changes done by this tool

💾 Install 🔝

Install per project with NPM

npm install --save-dev lockfix

or to install globally

npm install -g lockfix

🔨 Usage 🔝

Add to package.json

"scripts": {
    "postshrinkwrap": "lockfix",
},

Manually from terminal

lockfix

or (without install)

npx lockfix

Options

Usage: lockfix [options]

Options:
  -V, --version  output the version number
  -c, --commit   make commit as a backup of current working directory state
  -h, --help     display help for command

📄 License 🔝

This software licensed under the MIT