grunt-packlock

Whitelisting of node modules

Lockdown your modules by specifying a list of approved modules and versions (with semver). Packlock will scan against this list and report modules that are unapproved or at an unapproved version.

Install:

npm install grunt-retire --save-dev

Add to your gruntfile:

grunt.loadNpmTasks('grunt-packlock');
        packlock: {
            scan: {
                options: {
                    whitelist: 'test/packlock.json',
                    recurse: true
                }
            }
        }

The policy consists of a simple .json file containing modules and versions. Semver is used to check version so you can use ranges etc. as specified on the semver page.

{
    "commander": "^2.2.0",
    "read-installed": "^2.0.3"
}