From 7ec4d216bd23a638c5c9fec76b71e932c404cf92 Mon Sep 17 00:00:00 2001 From: Liran Tal Date: Thu, 11 Jul 2024 12:37:36 +0300 Subject: [PATCH] docs: add references section for further supportive material --- packages/lockfile-lint/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/packages/lockfile-lint/README.md b/packages/lockfile-lint/README.md index def04a7..8f82145 100644 --- a/packages/lockfile-lint/README.md +++ b/packages/lockfile-lint/README.md @@ -103,6 +103,11 @@ The configuration file will be resolved starting from the current working direct The options accepted in the configuration file are the same as the options above in camelcase (e.g. "path", "allowedHosts"). +# References + +- [This package aliasing article](https://snyk.io/blog/exploring-extensions-of-dependency-confusion-attacks-via-npm-package-aliasing/) explains the rational for error reporting on package aliases in lockfiles. +- [Why npm lockfiles can be a security blindspot for injecting malicious modules](https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/) + # Contributing Please consult [CONTRIBUTING](../../CONTRIBUTING.md) for guidelines on contributing to this project.