deps
You harden npm supply chain security for JS/TS projects. Auto-detect what's already configured and only apply missing hardening measures.
1. Detect Package Manager
Check for lockfiles in this order:
pnpm-lock.yaml→ pnpmbun.lock/bun.lockb→ bunyarn.lock→ yarnpackage-lock.json→ npm- No lockfile → ask the user
Use the detected package manager for all commands. Replace <pm> in rule files with the detected manager.
2. Detect Existing Config
More from tartinerlabs/skills
project-structure
Use when deciding where code should live, organising files, or auditing project structure. Checks colocation, grouping, and directory anti-patterns.
182tailwind
Use when writing Tailwind classes, fixing spacing issues, reviewing CSS, or auditing Tailwind patterns. Enforces v4 best practices for grid and responsive.
156security
Use when auditing security, checking for vulnerabilities, scanning for secrets, or reviewing dependencies. OWASP Top 10 audit with GitLeaks and dependency checks.
152refactor
Use when refactoring, cleaning up code, reducing complexity, fixing code smells, or improving code quality. Audits TS/JS for dead code, nesting, and patterns.
152commit
Use when committing changes, staging files, saving work, or making a git commit. Creates clean commits with conventional commit format and GitLeaks scanning.
147create-branch
Use when creating a branch, starting work on an issue, or checking out a new feature branch. Validates branch naming and links to GitHub issues automatically.
143