supply-chain-harden

Installation
SKILL.md

Supply-chain harden

When to use

  • pnpm audit, vulnerability fixes, deprecated packages
  • Hardening pnpm-workspace.yaml (trustPolicy, minimumReleaseAge, strictDepBuilds)
  • Moving overrides from package.json to workspace config

Steps

  1. Read current pnpm-workspace.yaml, package.json, and lockfile context.
  2. WebSearch or docs for pnpm setting names — do not guess security flags.
  3. Apply minimal config changes; prefer non-breaking version bumps.
  4. Run pnpm install — must succeed before done.
  5. Run pnpm audit (or project script); report remaining issues honestly.
  6. Summarize what changed, operational trade-offs, and what still needs manual action.

Output

Installs
2
Repository
p10ns11y/skills
GitHub Stars
1
First Seen
Jun 8, 2026
supply-chain-harden — p10ns11y/skills