rslib-modern-package

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is purely instructional and provides a framework for auditing and improving npm package quality and security.
  • [SAFE]: It promotes security-positive behavior by instructing users to ensure that local configuration secrets, private source maps, and sensitive files are excluded from published tarballs via the files allowlist in package.json.
  • [SAFE]: It recommends using supply-chain security features like npm provenance and trusted publishing for automated releases.
  • [EXTERNAL_DOWNLOADS]: The skill references standard community tools for package validation, such as publint and Are The Types Wrong, and links to official documentation for Rslib and Node.js. These are well-known resources and do not pose a security risk in this context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 11:01 AM
Security Audit — agent-trust-hub — rslib-modern-package