Jordan Harband: I made something new: an eslint plugin to validate your npm ecosystem lockfiles! It supports npm, pnpm, yarn, bun, and vlt, and it's already helped find a supply chain security attack vector inside a fortune 500 tech company. www.npmjs.com/package/esli...

Jordan Harband jordan.har.band
I made something new: an eslint plugin to validate your npm ecosystem lockfiles! It supports npm, pnpm, yarn, bun, and vlt, and it's already helped find a supply chain security attack vector inside a fortune 500 tech company. www.npmjs.com/package/esli...
https://www.npmjs.com/package/eslint-plugin-lockfile

npmjs.com
Dec 22, 2025 07:16
0 reposts 0 quotes 0 likes

View on Bluesky Show all post labels
Jordan Harband jordan.har.band · Dec 22, 2025
You can also run the eslint rule as a standalone CLI! `npx lintlock` / www.npmjs.com/package/lint... (all written in ESM, all with minimal deps, all supporting only modern node, for those that care about that sort of thing)
https://www.npmjs.com/package/lintlock

npmjs.com

View on Bluesky Show all post labels
Jordan Harband jordan.har.band · Jan 28
I just published a new "shrinkwrap" rule - make sure your deps aren't ignoring your overrides, preventing deduping, or preventing security fix updates.

View on Bluesky Show all post labels

An unhandled error has occurred. Reload 🗙

https://www.npmjs.com/package/eslint-plugin-lockfile