From c770f70ee63ac1b882364c831f3a12cc22f25abc Mon Sep 17 00:00:00 2001
From: Liran Tal <liran.tal@gmail.com>
Date: Thu, 11 Jul 2024 12:39:59 +0300
Subject: [PATCH] docs: add references section for further supportive material
 (#201)

---
 packages/lockfile-lint/README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/packages/lockfile-lint/README.md b/packages/lockfile-lint/README.md
index def04a7..8f82145 100644
--- a/packages/lockfile-lint/README.md
+++ b/packages/lockfile-lint/README.md
@@ -103,6 +103,11 @@ The configuration file will be resolved starting from the current working direct
 
 The options accepted in the configuration file are the same as the options above in camelcase (e.g. "path", "allowedHosts").
 
+# References
+
+- [This package aliasing article](https://snyk.io/blog/exploring-extensions-of-dependency-confusion-attacks-via-npm-package-aliasing/) explains the rational for error reporting on package aliases in lockfiles.
+- [Why npm lockfiles can be a security blindspot for injecting malicious modules](https://snyk.io/blog/why-npm-lockfiles-can-be-a-security-blindspot-for-injecting-malicious-modules/)
+
 # Contributing
 
 Please consult [CONTRIBUTING](../../CONTRIBUTING.md) for guidelines on contributing to this project.