fix-dependency-security

Installation
SKILL.md

Fix dependency security

End-to-end workflow for vulnerabilities, deprecations, and supply-chain install safety in Node/pnpm projects.

Principles

  1. Prefer real upgrades over silencing warnings (allowedDeprecatedVersions, ignoring audit).
  2. One source of policy for pnpm: pnpm-workspace.yaml (overrides, minimumReleaseAge, blockExoticSubdeps) — not scattered package.json pnpm blocks.
  3. Wrap risky commands with SFW so malicious packages are blocked before download.
  4. Re-verify after every change: install → audit → type-check/lint.

Tooling map

Installs
2
Repository
p10ns11y/skills
GitHub Stars
1
First Seen
Jun 8, 2026
fix-dependency-security — p10ns11y/skills