Skip to content

Have different warning types for different events when validating lockfile #689

New issue
New issue
Open
Open
Have different warning types for different events when validating lockfile#689
Labels
enhancementNew feature or request
@yogyagamage

Description

@yogyagamage
yogyagamage
opened on Apr 2, 2024

Currently, maven-lockfile validation gives the same warning when,

  • A package download has been tampered with
  • A package version has changed

As suggested by Rhys, a user might want to be protected against tampered packages rather than legitimate version updates. So, we can have different warnings for these cases, to make it clear.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions