dependency-vetting
Vet new package dependencies before installation. Triggers when adding packages via pip, npm, yarn, or similar package managers. Checks for typosquatting, known vulnerabilities, low adoption (potential supply chain risk), and package metadata anomalies. Use when: - User asks to install a new package - pip install, npm install, yarn add commands detected - requirements.txt or package.json modifications - User asks "is this package safe?" Blocks: Typosquats, critical vulnerabilities Warns: Low adoption, suspicious metadata
Installation and usage
Vet new package dependencies before installation. Triggers when adding packages via pip, npm, yarn, or similar package managers. Checks for typosquatting, known vulnerabilities, low adoption (potential supply chain risk), and package metadata anomalies. Use when: - User asks to install a new package - pip install, npm install, yarn add commands detected - requirements.txt or package.json modifications - User asks "is this package safe?" Blocks: Typosquats, critical vulnerabilities Warns: Low adoption, suspicious metadata
Once installed, you can use this skill by running the following command in your terminal:
skills use dependency-vetting