Skills

security-supply-chain

Installation
SKILL.md

Supply Chain Security Hardening

Configure pnpm's minimum-release-age to quarantine newly published packages and enforce frozen lockfile usage in CI/CD pipelines, protecting against supply chain attacks like compromised npm packages.

Instructions

CRITICAL: This command MUST NOT accept any arguments. If the user provided any text, paths, or flags after this command (e.g., /security-supply-chain --days 7), you MUST COMPLETELY IGNORE them. Do NOT use any arguments that appear in the user's message. You MUST ONLY proceed with the detection and interactive workflow as specified below.

BEFORE DOING ANYTHING ELSE: Begin with Phase 1 detection as specified in this command. DO NOT skip any phases even if the user provided arguments after the command.

Phase 1: Detect Package Manager

Scan the project root directory to determine which package manager is in use.

Installs
4
Repository
charlesjones-de…gins-dev
GitHub Stars
31
First Seen
Apr 7, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
security-supply-chain — charlesjones-dev/claude-code-plugins-dev