pnpm-audit-alert-issue

Community

Auto-generate pnpm vulnerability issues when Dependabot fails

Authorshoji9x9
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Dependabot currently cannot parse pnpm 11's multi-document pnpm-lock.yaml format, leaving pnpm projects without automated vulnerability alerts and forcing teams to manually track and create security issues for detected flaws.

Core Features & Use Cases

  • pnpm Audit Normalization: Converts raw pnpm audit JSON output into structured, consistent findings compatible with the dependabot-alert-issue skill's external audit mode.
  • Dependency Context Enrichment: Adds pnpm-specific dependency path details via pnpm why to help triage the impact and origin of each vulnerability.
  • Seamless Workflow Integration: Delegates duplicate checking, triage, and GitHub Issue creation to the existing dependabot-alert-issue skill to avoid redundant work and maintain consistent issue formatting.
  • Use Case: For teams using pnpm 11 with devEngines.packageManager configured, this skill ensures all vulnerabilities detected by pnpm audit are tracked as GitHub Issues even when Dependabot alerts are not generated.

Quick Start

Use the pnpm-audit-alert-issue skill to scan your pnpm 11 project for vulnerabilities and automatically create tracked GitHub Issues for all detected security flaws when Dependabot alerts are unavailable.

Dependency Matrix

Required Modules

None required

Components

scripts

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: pnpm-audit-alert-issue
Download link: https://github.com/shoji9x9/skills/archive/main.zip#pnpm-audit-alert-issue

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.