supply-chain-protection
Supply-Chain Protection Setup
One-time project setup to harden dependency management against supply-chain attacks.
Idempotency
Before each step, check if the expected state already exists. If sfw is installed, the config already has the release-age setting, or CLAUDE.md already contains the "Dependency Supply-Chain Protection" section — skip that step and note it in the summary. This makes the skill safe to re-run without duplicating work.
Goal
Configure the repository so all dependency operations use Socket Firewall (sfw) and enforce a 48-hour minimum release age policy on packages.
Steps
1. Detect Package Manager
Inspect the repository for lockfiles and config, starting at the repo root and falling back to the current working directory:
| Signal | Package Manager |
More from vesely/skills
skillify
>
63context-audit
>
22cursor-agent
Delegate a task to Cursor's CLI agent (code review, Q&A, planning) for a second opinion from a non-Claude model
14use-skill
>
6catbox
Upload files to catbox.moe for free, anonymous hosting with direct links. Use when the user wants to upload an image, video, or any file to catbox, host a file online, get a direct link to a file, or mentions "catbox", "catbox.moe", "upload to catbox", "host file", or wants a permanent direct URL for a file.
3temp-email
>
3