dependency-vetting
Vet new package dependencies before installation. Triggers when adding packages via pip, npm, yarn, or similar package managers. Checks for typosquatting, known vulnerabilities, low adoption (potential supply chain risk), and package metadata anomalies. Use when: - User asks to install a new package - pip install, npm install, yarn add commands detected - requirements.txt or package.json modifications - User asks "is this package safe?" Blocks: Typosquats, critical vulnerabilities Warns: Low adoption, suspicious metadata
Installation and usage
Vet new package dependencies before installation. Triggers when adding packages via pip, npm, yarn, or similar package managers. Checks for typosquatting, known vulnerabilities, low adoption (potential supply chain risk), and package metadata anomalies. Use when: - User asks to install a new package - pip install, npm install, yarn add commands detected - requirements.txt or package.json modifications - User asks "is this package safe?" Blocks: Typosquats, critical vulnerabilities Warns: Low adoption, suspicious metadata
설치 후 터미널에서 다음 명령을 실행하여 이 스킬을 사용할 수 있습니다:
skills use dependency-vetting