supply-chain-scan
CommunityBlock supply-chain risks before they enter code.
Authorreiserwang
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Scan and validate any new module, library, package, or GitHub repository for supply chain security risks before it is committed. This prevents compromised dependencies from entering the codebase and helps maintain reproducible builds.
Core Features & Use Cases
- Blocking gate: prevent any new external dependency from being added until a successful scan completes.
- Typosquatting, vulnerability, and provenance checks: verify names, maintainers, licenses, and signatures for each dependency across ecosystems (pip, npm, cargo, go, GitHub).
- Structured reporting: produce a standardized report for developer teams and gatekeepers, integrated with pre-merge checks and CI workflows.
- Use Case: In a typical PR that adds a new library, supply-chain-scan runs automatically to ensure the dependency is legitimate and safe before merge.
Quick Start
Run supply-chain-scan:check before committing any new dependency.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: supply-chain-scan Download link: https://github.com/reiserwang/Coding_Agent/archive/main.zip#supply-chain-scan Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.