Skip to content

Security oriented config package #144

Description

@fraxken

My plan is to create a new configuration package that provides security for our packages and reduces the need to manage multiple dependencies per package.

Some initial ideas:

npx lockfile-lint --path yarn.lock --allowed-hosts npm yarn --validate-https
  • Minimal integration of JS-X-Ray (or @nodesecure/tarball) which implement primitive to scan a given directory.
    • Anti-trojan-source
    • Circular dependencies using the built-in digraph-js (like skott).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions