id: pnpm-lock info: name: PNPM Lock Yaml File Disclosure author: noraj severity: info description: | The pnpm-lock.yaml file is similar to the package-lock.json file used by npm or the yarn.lock file used by Yarn. It serves as a lock file that ensures consistent and reproducible installations of dependencies across different environments. reference: - https://pnpm.io/cli/install#tldr metadata: max-request: 1 verified: true shodan-query: html:"pnpm-lock.yaml" tags: exposure,files,node,npm,pnpm http: - method: GET path: - "{{BaseURL}}/pnpm-lock.yaml" matchers-condition: and matchers: - type: word part: body words: - "lockfileVersion:" - "specifiers:" - "packages:" condition: and - type: status status: - 200