supply-chain-harden
Installation
SKILL.md
Supply-chain harden
When to use
pnpm audit, vulnerability fixes, deprecated packages- Hardening
pnpm-workspace.yaml(trustPolicy, minimumReleaseAge, strictDepBuilds) - Moving overrides from
package.jsonto workspace config
Steps
- Read current
pnpm-workspace.yaml,package.json, and lockfile context. - WebSearch or docs for pnpm setting names — do not guess security flags.
- Apply minimal config changes; prefer non-breaking version bumps.
- Run
pnpm install— must succeed before done. - Run
pnpm audit(or project script); report remaining issues honestly. - Summarize what changed, operational trade-offs, and what still needs manual action.