feat: add lockfile-lint tooling and docs

.lockfile-lint.shared.js

@@ -1,13 +1,18 @@
 'use strict';
 
 module.exports = {
+
+   path: 'package-lock.json',
    type: 'npm',
-   validateHttps: true,
-   validateIntegrity: true,
-   allowedHosts: [ 'npm' ],
+   // to many packages are still on the previous-gen sha
+   validateIntegrity: false,
+   emptyHostname: false,
+   allowedHosts: [ 'npm', 'github.com' ],
    allowedSchemes: [
       'https:',
       'git+ssh:',
       'git+https:',
    ],
+   validatePackageNames: true,
+
 };

README.md

@@ -158,6 +158,44 @@ possible that some processes in some projects could fail when the wrong version
 is enabled in the developer's environment. This helps eliminate one factor from the
 equation when troubleshooting.
 
+### lockfile-lint
+
+The [`lockfile-lint`](https://github.com/lirantal/lockfile-lint) allows us to enforce additional
+security policies regarding NPM package sources, such as allowed package registries and code
+sources and package source HTTP protocols.
+
+To configure the tool, add a file named `.lockfile-lint.config.js` to your project root,
+with the following contents:
+
+```js
+'use strict';
+
+const sharedConfig = require('@silvermine/standardization/.lockfile-lint.shared.js');
+
+module.exports = {
+
+   ...sharedConfig,
+
+   // Add any overrides here.
+   // See the lockfile-lint docs for more information.
+
+};
+
+```
+
+Then add the following NPM script to your `package.json` file. Call the script as part
+of the tooling chain in the `standards` NPM script:
+
+```json
+{
+   "scripts": {
+      "lockfile-lint": "lockfile-lint",
+      "standards": "npm run lockfile-lint && npm run markdownlint"
+   }
+}
+
+```
+
 ### Executing ESLint
 
 When ESLint is needed for a project, add an `eslint` task to package.json, and execute it

lockfile-lint.config.js

@@ -0,0 +1,9 @@
+'use strict';
+
+const sharedConfig = require('./.lockfile-lint.shared.js');
+
+module.exports = {
+
+   ...sharedConfig,
+
+};