Include package-lock.json in Releases (Freestanding Apps)
tip
This check is currently under development and not yet implemented. Click here to learn how you can help.
Description
Commit a package-lock.json file with each release
Details
- Default Category: dependency inventory
- Default Priority Group: R5
- C-SCRM: true
- Sources: OpenSSF Scorecard
- How To: npm Docs
- How To: OpenSSF SBOM Naming Conventions