npm Security Best Practices Skill by ara.so — Security Skills collection. This skill provides expert guidance on securing npm package installations, preventing supply chain attacks, and implementing security best practices for Node.js development. Based on the comprehensive npm-security-best-practices repository by Lirantal. Overview The npm ecosystem is a frequent target for supply chain attacks including: Shai-Hulud attacks - Worm-like propagation through compromised packages Nx incident - Malicious code in postinstall scripts event-stream attack - Long-running exfiltration via lifecycle scripts Dependency confusion - Attackers publishing malicious packages with internal names This skill covers configuration, tooling, and practices to mitigate these risks across npm, pnpm, and Bun. Secure-by-Default Configuration npm (.npmrc) Show more Installs 493 Repository aradotso/security-skills GitHub Stars 1 First Seen May 20, 2026 Security Audits Gen Agent Trust Hub Pass Socket Pass Snyk Warn

安装