karpathy-supply-chain-hygiene

Installation
SKILL.md

Skill 11: Supply Chain & Security Hygiene(供应链安全卫生)

Source: https://x.com/karpathy/status/2036487306585268612 "Software horror: litellm PyPI supply chain attack" — ~28k likes

Core Principle

Every dependency is a door you didn't build, maintained by someone you don't know.

The litellm incident Karpathy flagged: a widely-used LLM library got compromised via its transitive dependencies. If your project pulled litellm, you were exposed — and you probably didn't even know litellm was in your stack until it was too late.

Karpathy's response: minimize deps, prefer simple implementations, audit everything.

The Full Dependency Audit

Run this for any project before deployment or after any dependency update:

Perform a full supply chain security audit for this project.
Installs
12
GitHub Stars
72
First Seen
May 25, 2026
karpathy-supply-chain-hygiene — learnprompt/andrej-karpathy-skills