name: "Lint package-lock.json"

# any branch is useful for testing before a PR is submitted
on: [push, pull_request]

jobs:
  lint-package-lock:
    name: Lint the package-lock.json file
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2

    - name: Install lockfile-lint
      run: npm install lockfile-lint

    - name: Run lockfile-lint on package-lock.json
      run: npx lockfile-lint --path src/package-lock.json --validate-https --allowed-hosts npm