[](https://github.com/vshymanskyy/StandWithUkraine#readme) [lockfix](https://github.com/kopach/lockfix) [lockfix](https://github.com/kopach/lockfix) – is a [git](https://git-scm.com/) based CLI tool, which helps to revert `sha1` integrity changes of npm lock file

Before  After 

## 🧬 Table of Contents - [❓ Why?](#-why-) - [✨ Features](#-features-) - [💾 Install](#-install-) - [🔨 Usage](#-usage-) - [📄 License](#-license-) ## ❓ Why? [🔝](#-table-of-contents) [NPM](https://npmjs.org/) has known issue of constantly changing `integrity` property of its lock file. Integrity may change due to plenty of reasons. Some of them are: - `npm install` done on machine with different OS from one where lock file generated - some package version updated - another version of `npm` used Intention of this tool is to prevent such changes and make `integrity` property secure and reliable. ## ✨ Features [🔝](#-table-of-contents) - Reverts changes from `sha512` to `sha1`. Keeps untouched changes from `sha1` to `sha512`. `sha512` algorithm is more secure. - Works well with both `package-lock.json` and `npm-shrinkwrap.json` - Possibility to revert any changes done by **this tool** ## 💾 Install [🔝](#-table-of-contents) Install per project with [NPM](https://npmjs.org/) npm install --save-dev lockfix or to install globally npm install -g lockfix ## 🔨 Usage [🔝](#-table-of-contents) ### Add to `package.json` "scripts": { "postshrinkwrap": "lockfix", }, ### Manually from terminal lockfix or (without install) npx lockfix #### Options Usage: lockfix [options] Options: -V, --version output the version number -c, --commit make backup commit with revert instruction before applying changes -f, --force bypass Git root directory check -q, --quiet suppress output -h, --help display help for command ## 📄 License [🔝](#-table-of-contents) This software licensed under the [MIT](https://github.com/kopach/lockfix/blob/master/LICENSE)

标签：自动化攻击