npm-scan
Installation
SKILL.md
NPM Supply Chain Scan
Use the bundled scanner to walk a starting directory recursively and inspect JavaScript/TypeScript projects that use npm, pnpm, or yarn.
The script reports three evidence types separately:
declared: the package is referenced inpackage.jsonlocked: the affected version is present in a lockfileinstalled: the affected version exists innode_modules/<package>/package.json
Treat locked or installed as stronger evidence than declared.
When to Use
Use this skill when you have incident details such as:
- package name
- affected exact versions
- affected semver range
Related skills
More from asgarth/skills
hive
Hive blockchain CLI skill for hive-tx-cli. Query accounts/content/RC/feed/replies, upload images, and broadcast publish/reply/edit/vote/transfer/community/social/profile/reward/custom-json operations with correct key usage.
3hive-developer
Build and debug Hive blockchain software with `hive-tx` in JavaScript/TypeScript, including node failover, quorum reads, key-safe signing, and status-aware broadcasting for wallet, content, and custom_json flows.
2