Lockdown your modules by specifying a list of approved modules and versions (with semver). Packlock will scan against this list and report modules that are unapproved or at an unapproved version.
Grunt config
Install:
npm install grunt-retire --save-dev
Add to your gruntfile:
grunt.loadNpmTasks('grunt-packlock');
Config
packlock: {
scan: {
options: {
whitelist: 'test/packlock.json',
recurse: true
}
}
}
Specifying the policy
The policy consists of a simple .json file containing modules and versions. Semver is used to check version so you can use ranges etc. as specified on the semver page.
{
"commander": "^2.2.0",
"read-installed": "^2.0.3"
}