npm-security-best-practices
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill delivers legitimate security hardening instructions, including configuration patterns for .npmrc and pnpm-workspace.yaml to mitigate common supply chain attack vectors such as dependency confusion and malicious postinstall scripts.
- [EXTERNAL_DOWNLOADS]: The documentation references and suggests the installation of reputable security auditing tools and libraries, including Snyk, Socket CLI, and LavaMoat, from official registries.
- [COMMAND_EXECUTION]: Includes standard command-line instructions for managing package manager configurations and performing dependency audits through common CLI tools.
- [DATA_EXFILTRATION]: Contains code snippets and commands that query well-known and trusted services, such as the official npm registry and Snyk Advisor, for package metadata and security health assessments.
Audit Metadata