package-lock.json included with repo

Should `package-lock.json` be included with this repo?

As recommended by @mcollina https://github.com/fastify/fluent-json-schema/pull/91#pullrequestreview-570606419 and [Snyk](https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/) they pose a security risk.

If it does need to be included, we could add linting for it to the CI with [lockfile-lint](https://github.com/lirantal/lockfile-lint)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

package-lock.json included with repo #238

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

package-lock.json included with repo #238

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions