pnpm-audit-alert-issue
CommunityAuto-generate pnpm vulnerability issues when Dependabot fails
Authorshoji9x9
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Dependabot currently cannot parse pnpm 11's multi-document pnpm-lock.yaml format, leaving pnpm projects without automated vulnerability alerts and forcing teams to manually track and create security issues for detected flaws.
Core Features & Use Cases
- pnpm Audit Normalization: Converts raw pnpm audit JSON output into structured, consistent findings compatible with the dependabot-alert-issue skill's external audit mode.
- Dependency Context Enrichment: Adds pnpm-specific dependency path details via pnpm why to help triage the impact and origin of each vulnerability.
- Seamless Workflow Integration: Delegates duplicate checking, triage, and GitHub Issue creation to the existing dependabot-alert-issue skill to avoid redundant work and maintain consistent issue formatting.
- Use Case: For teams using pnpm 11 with devEngines.packageManager configured, this skill ensures all vulnerabilities detected by pnpm audit are tracked as GitHub Issues even when Dependabot alerts are not generated.
Quick Start
Use the pnpm-audit-alert-issue skill to scan your pnpm 11 project for vulnerabilities and automatically create tracked GitHub Issues for all detected security flaws when Dependabot alerts are unavailable.
Dependency Matrix
Required Modules
None requiredComponents
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: pnpm-audit-alert-issue Download link: https://github.com/shoji9x9/skills/archive/main.zip#pnpm-audit-alert-issue Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.