NC-OC-007
Dependency integrity verifiable
What this checks
Checks that the dependency integrity status is verifiable (not a known failure state).
Why it matters
Unverifiable dependency integrity means supply-chain attacks could go undetected.
How to fix it
Ensure a valid lockfile exists for your package manager. See: https://clawvitals.io/docs/NC-OC-007
Technical details
| Field | Value |
|---|---|
| Control ID | NC-OC-007 |
| Domain | OC |
| Severity | Medium |
| Status | Experimental |
| Data source | update_status_json |
| Source type | contextual |
| Mode | Mode 1 (OpenClaw native) |
| Introduced in | Library v0.1.0 |
False positive notes
Standard pnpm installs may show 'unknown' status due to missing lockfiles โ this is expected and does not indicate a problem.
Suppress this finding
If this finding is intentional or not applicable to your setup, you can exclude it:
clawvitals exclude NC-OC-007 reason "your reason here"Exclusions are auditable and expire automatically. See the exclusions guide.