Lockfiles are used as trusted whitelist of resources manifest to fetch packages from. However, keeping track of the changes introduced to lockfiles is not an easy task as they are designed to be consumed by machines 🤖.
You can read more about it here.
Usage:
npx lockfile-lint --path yarn.lock --allowed-hosts npm yarn --validate-https