{"id":"a48cfc65-516b-4cff-ac0d-95999d07f6b3","shortId":"tBSr53","kind":"skill","title":"NPM Package Supply Chain Auditor","tagline":"Audits npm dependencies for supply chain risks using npm audit, Socket.dev API, and Snyk vulnerability database. Detects typosquatting, install scripts, and maintainer account takeovers.","description":"# NPM Package Supply Chain Auditor\n\nAudits npm dependencies for supply chain risks using npm audit, Socket.dev API, and Snyk vulnerability database. Detects typosquatting, install scripts, and maintainer account takeovers.\n\n## Installation\n\nRequirements and caveats from upstream:\n- To use the CLI, you must install it and authenticate your machine. See [Install or update the Snyk CLI](https://docs.snyk.io/snyk-cli/install-or-update-the-snyk-cli) and [Authenticate the CLI with your account](https:...\n- Before you can use the CLI for Open Source scanning, you must install your package manager. The needed third-party tools, such as Gradle or Maven, must be in the PATH.\n- Before using the Snyk CLI to test your Open Source Project for vulnerabilities, with limited exceptions, you must build your Project. For details, see [Open Source Projects that must be built before testing](https://d...\n\nBasic usage or getting-started notes:\n- ## Introduction to the Snyk CLI\n- Snyk is a developer-first, cloud-native security tool to scan and monitor your software development projects for security vulnerabilities. Snyk scans multiple content types for security issues:\n- [Snyk Open Source](https://docs.snyk.io/scan-with-snyk/snyk-open-source): Find and automatically fix open-source vulnerabilities\n\n- Source: https://github.com/snyk/cli\n- Extracted from upstream docs: https://raw.githubusercontent.com/snyk/cli/HEAD/README.md\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/npm-package-supply-chain-auditor/)","tags":["npm","package","supply","chain","auditor","skills","agentskillexchange","agent-skills","ai-agents","ai-tools","awesome-list","claude-code"],"capabilities":["skill","source-agentskillexchange","skill-npm-package-supply-chain-auditor","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/npm-package-supply-chain-auditor","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,535 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:11:29.644Z","embedding":null,"createdAt":"2026-05-18T13:18:00.651Z","updatedAt":"2026-05-18T19:11:29.644Z","lastSeenAt":"2026-05-18T19:11:29.644Z","tsv":"'/scan-with-snyk/snyk-open-source):':208 '/skills/npm-package-supply-chain-auditor/)':234 '/snyk-cli/install-or-update-the-snyk-cli)':86 '/snyk/cli':220 '/snyk/cli/head/readme.md':227 'account':28,57,93 'agent':229 'agentskillexchange.com':233 'agentskillexchange.com/skills/npm-package-supply-chain-auditor/)':232 'api':17,46 'audit':6,15,35,44 'auditor':5,34 'authent':74,88 'automat':211 'basic':161 'build':145 'built':157 'caveat':62 'chain':4,11,33,40 'cli':68,83,90,100,131,172 'cloud':180 'cloud-nat':179 'content':198 'd':160 'databas':21,50 'depend':8,37 'detail':149 'detect':22,51 'develop':177,190 'developer-first':176 'doc':224 'docs.snyk.io':85,207 'docs.snyk.io/scan-with-snyk/snyk-open-source):':206 'docs.snyk.io/snyk-cli/install-or-update-the-snyk-cli)':84 'except':142 'exchang':231 'extract':221 'find':209 'first':178 'fix':212 'get':165 'getting-start':164 'github.com':219 'github.com/snyk/cli':218 'gradl':119 'https':94 'instal':24,53,59,71,78,107 'introduct':168 'issu':202 'limit':141 'machin':76 'maintain':27,56 'manag':110 'maven':121 'monitor':187 'multipl':197 'must':70,106,122,144,155 'nativ':181 'need':112 'note':167 'npm':1,7,14,30,36,43 'open':102,135,151,204,214 'open-sourc':213 'packag':2,31,109 'parti':115 'path':126 'project':137,147,153,191 'raw.githubusercontent.com':226 'raw.githubusercontent.com/snyk/cli/head/readme.md':225 'requir':60 'risk':12,41 'scan':104,185,196 'script':25,54 'secur':182,193,201 'see':77,150 'skill':230 'skill-npm-package-supply-chain-auditor' 'snyk':19,48,82,130,171,173,195,203 'socket.dev':16,45 'softwar':189 'sourc':103,136,152,205,215,217,228 'source-agentskillexchange' 'start':166 'suppli':3,10,32,39 'takeov':29,58 'test':133,159 'third':114 'third-parti':113 'tool':116,183 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'type':199 'typosquat':23,52 'updat':80 'upstream':64,223 'usag':162 'use':13,42,66,98,128 'vulner':20,49,139,194,216","prices":[{"id":"6250d4d1-f32c-4985-9130-b33cbc576e41","listingId":"a48cfc65-516b-4cff-ac0d-95999d07f6b3","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:18:00.651Z"}],"sources":[{"listingId":"a48cfc65-516b-4cff-ac0d-95999d07f6b3","source":"github","sourceId":"agentskillexchange/skills/npm-package-supply-chain-auditor","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/npm-package-supply-chain-auditor","isPrimary":false,"firstSeenAt":"2026-05-18T13:18:00.651Z","lastSeenAt":"2026-05-18T19:11:29.644Z"}],"details":{"listingId":"a48cfc65-516b-4cff-ac0d-95999d07f6b3","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"npm-package-supply-chain-auditor","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"ea1765172696a33899e767d457f49944006f1556","skill_md_path":"skills/npm-package-supply-chain-auditor/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/npm-package-supply-chain-auditor"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"NPM Package Supply Chain Auditor","description":"Audits npm dependencies for supply chain risks using npm audit, Socket.dev API, and Snyk vulnerability database. Detects typosquatting, install scripts, and maintainer account takeovers."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/npm-package-supply-chain-auditor"},"updatedAt":"2026-05-18T19:11:29.644Z"}}