Skills
.Work. You
Rest

supply-chain-secure-install

Community

Secure your npm dependencies with Bun.

Software Engineering#ci/cd#security#npm#dependency management#bun#supply chain
Authortacogips
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill provides robust defenses against npm supply chain attacks by leveraging Bun's security features and best practices for dependency management.

Core Features & Use Cases

  • Lifecycle Script Blocking: Bun blocks malicious scripts by default, unlike npm/yarn.
  • Cooldown Period: minimumReleaseAge prevents installation of freshly published, potentially compromised packages.
  • Hardened Configuration: Guides users through bunfig.toml security settings.
  • Dependency Trust Management: Manages trustedDependencies to allow necessary scripts safely.
  • Lockfile Security: Ensures lockfiles are committed and verified.
  • CI/CD Hardening: Protects build pipelines from attack vectors.
  • Use Case: Securely install all project dependencies using Bun, ensuring that no malicious code can execute during the installation process and that only well-established package versions are used.

Quick Start

Apply the supply-chain-secure-install skill to audit and secure the npm dependencies for the current project using Bun.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: supply-chain-secure-install
Download link: https://github.com/tacogips/QraftBox/archive/main.zip#supply-chain-secure-install

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.