Dependency Security Check — Supply Chain Gate

Overview

Every pip install, npm install, and go get is a trust decision. This skill ensures that trust is verified before code enters your environment.

Supply chain attacks exploit implicit trust in package ecosystems. A single compromised package can exfiltrate credentials, inject backdoors, or pivot into production infrastructure. This skill acts as a gate — intercepting install commands and validating packages before they execute.

When This Skill Activates

New dependency — any install command for a package not in the current lockfile
Version change — updating an existing dependency to a new version
Full audit — scanning all dependencies in a project for supply-chain risk
PR review — when a PR modifies dependency files (go.mod, package.json, requirements.txt, etc.)

Pre-Install Checks

Before allowing any installation, run ALL of the following checks:

ring:dev-dep-security-check

Dependency Security Check — Supply Chain Gate

Overview

When This Skill Activates

Pre-Install Checks

More from lerianstudio/ring

ring:pre-dev-trd-creation

ring:test-driven-development

ring:pre-dev-feature-map

ring:pre-dev-prd-creation

ring:dev-cycle

ring:infrastructure-cost-estimation