js-security-audit
JS Security Audit
Run a 5-area security audit on a JS/TS project (npm, yarn, or pnpm). Produces a pass/fail report per area with file:line references.
When to Use
- New repo hardening — verify
.npmrc, lockfiles, 2FA, exact pinning - Reviewing a PR that adds or upgrades dependencies
- Setting up CI security gates (
npm ci --ignore-scripts, lockfile-lint, audit gate) - After news of a supply-chain attack (Axios March 2026, Shai-Hulud, etc.)
- Periodic security review before production deploy
Process
See
audit-checklist.mdfor the full MUST/SHOULD/SHOULDN'T list. Seeeslint-security.mdfor the SAST ESLint template and rules table. Seeincident-playbook.mdfor the 5-step compromised-dependency response. Seepackage-manager.mdfor npm/yarn/pnpm command equivalents and tooling.
More from spartan-stratos/spartan-ai-toolkit
kotlin-best-practices
Kotlin coding standards including null safety, Either error handling, coroutines, and Exposed ORM patterns. Use when writing Kotlin code, reviewing code quality, or learning project patterns.
11ops-investigate-alert
Investigate a monitoring alert end-to-end. Pulls metrics, logs, traces, and recent code changes to identify root cause. Works with any monitoring MCP.
10startup-pipeline
Coordinates the full startup idea pipeline from brainstorm to investor outreach. Use when the user starts a new idea project, asks for the 'full pipeline', or references stages/gates.
9terraform-service-scaffold
Generate complete service-level Terraform infrastructure with modules, environments, and CI/CD. Use when adding Terraform to a new service or bootstrapping infrastructure from scratch.
8investor-outreach
Draft cold emails, warm intro blurbs, follow-ups, and investor communications. Use when the user needs to write to angels, VCs, or accelerators.
8article-writing
Write blog posts, guides, tutorials, and long-form content. Sounds like a real person, not AI. Use when the user wants polished written content.
8