lockfix v2.2.1

lockfix

⭐️ Please, star me on GitHub — it helps!

lockfix – is a git based CLI tool, which helps to revert sha1 integrity changes of npm lock file

Before

After

🧬 Table of Contents

• ❓ Why?
• ✨ Features
• 💾 Install
• 🔨 Usage
• 📄 License

❓ Why? 🔝

NPM has known issue of constantly changing integrity property of its lock file. Integrity may change due to plenty of reasons. Some of them are:

• npm install done on machine with different OS from one where lock file generated
• some package version updated
• another version of npm used

Intention of this tool is to prevent such changes and make integrity property secure and reliable.

✨ Features 🔝

• Reverts changes from sha512 to sha1. Keeps untouched changes from sha1 to sha512. sha512 algorithm is more secure.
• Works well with both package-lock.json and npm-shrinkwrap.json
• Possibility to revert any changes done by this tool

💾 Install 🔝

Install per project with NPM

npm install --save-dev lockfix

or to install globally

npm install -g lockfix

🔨 Usage 🔝

Add to package.json

"scripts": {
    "postshrinkwrap": "lockfix",
},

Manually from terminal

lockfix

or (without install)

npx lockfix

Options

Usage: lockfix [options]

Options:
  -V, --version  output the version number
  -c, --commit   make backup commit with revert instruction before applying changes
  -f, --force    bypass Git root directory check
  -q, --quiet    suppress output
  -h, --help     display help for command

📄 License 🔝

This software licensed under the MIT