rslib-modern-package
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional and provides a framework for auditing and improving npm package quality and security.
- [SAFE]: It promotes security-positive behavior by instructing users to ensure that local configuration secrets, private source maps, and sensitive files are excluded from published tarballs via the
filesallowlist inpackage.json. - [SAFE]: It recommends using supply-chain security features like npm provenance and trusted publishing for automated releases.
- [EXTERNAL_DOWNLOADS]: The skill references standard community tools for package validation, such as
publintandAre The Types Wrong, and links to official documentation for Rslib and Node.js. These are well-known resources and do not pose a security risk in this context.
Audit Metadata