https://github.com/kopach/lockfix

Tool for smart revert of integrity changes for npm lock file
https://github.com/kopach/lockfix

hacktoberfest integrity lockfile npm npm-shrinkwrap package-lock shrinkwrap

Last synced: 7 days ago
JSON representation

Tool for smart revert of integrity changes for npm lock file

• Host: GitHub
• URL: https://github.com/kopach/lockfix
• Owner: kopach
• License: mit
• Created: 2020-06-03T07:54:40.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2024-10-29T01:53:50.000Z (about 2 months ago)
• Last Synced: 2024-11-01T05:12:18.663Z (about 2 months ago)
• Topics: hacktoberfest, integrity, lockfile, npm, npm-shrinkwrap, package-lock, shrinkwrap
• Language: TypeScript
• Homepage:
• Size: 605 KB
• Stars: 23
• Watchers: 2
• Forks: 3
• Open Issues: 12
• Metadata Files:
  • Readme: README.md
  • Funding: .github/funding.yml
  • License: LICENSE

Awesome Lists containing this project

README

        
[![#StandWithUkraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine#readme)


  _               _    _____ _      

 | |    ___   ___| | _|  ___(_)_  __

 | |   / _ \ / __| |/ / |_  | \ \/ /

 | |__| (_) | (__|   <|  _| | |>  < 

 |_____\___/ \___|_|\_\_|   |_/_/\_\



[lockfix](https://github.com/kopach/lockfix)



[![Snyk Vulnerabilities badge](https://snyk.io/test/github/kopach/lockfix/badge.svg)](https://snyk.io/test/github/kopach/lockfix)

[![Maintainability](https://api.codeclimate.com/v1/badges/f7e2f85327eeb6b52439/maintainability)](https://codeclimate.com/github/kopach/lockfix/maintainability)

[![Language grade: JavaScript](https://img.shields.io/lgtm/grade/javascript/g/kopach/lockfix.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/kopach/lockfix/context:javascript)

[![NPM badge](https://nodei.co/npm/lockfix.png?compact=true)](https://www.npmjs.com/package/lockfix)



⭐️ Please, star me on GitHub — it helps!

[lockfix](https://github.com/kopach/lockfix) – is a [git](https://git-scm.com/) based CLI tool, which helps to revert `sha1` integrity changes of npm lock file



Before

![screenshot before](./assets/before.png)

After

![screenshot after](./assets/after.png)



## 🧬 Table of Contents

- [❓ Why?](#-why-)

- [✨ Features](#-features-)

- [💾 Install](#-install-)

- [🔨 Usage](#-usage-)

- [📄 License](#-license-)

## ❓ Why? [🔝](#-table-of-contents)

[NPM](https://npmjs.org/) has known issue of constantly changing `integrity` property of its lock file. Integrity may change due to plenty of reasons. Some of them are:

- `npm install` done on machine with different OS from one where lock file generated

- some package version updated

- another version of `npm` used

Intention of this tool is to prevent such changes and make `integrity` property secure and reliable.

## ✨ Features [🔝](#-table-of-contents)

- Reverts changes from `sha512` to `sha1`. Keeps untouched changes from `sha1` to `sha512`. `sha512` algorithm is more secure.

- Works well with both `package-lock.json` and `npm-shrinkwrap.json`

- Possibility to revert any changes done by **this tool**

## 💾 Install [🔝](#-table-of-contents)

Install per project with [NPM](https://npmjs.org/)

```bash

npm install --save-dev lockfix

```

or to install globally

```bash

npm install -g lockfix

```

## 🔨 Usage [🔝](#-table-of-contents)

### Add to `package.json`

```json

"scripts": {

    "postshrinkwrap": "lockfix",

},

```

### Manually from terminal

```bash

lockfix

```

or (without install)

```bash

npx lockfix

```

#### Options

```bash

Usage: lockfix [options]

Options:

  -V, --version  output the version number

  -c, --commit   make backup commit with revert instruction before applying changes

  -f, --force    bypass Git root directory check

  -q, --quiet    suppress output

  -h, --help     display help for command

```

## 📄 License [🔝](#-table-of-contents)

This software licensed under the [MIT](https://github.com/kopach/lockfix/blob/master/LICENSE)