Run a supply chain security audit on this project.
Context
Lockfile status:
!ls package-lock.json yarn.lock pnpm-lock.yaml Cargo.lock go.sum poetry.lock 2>/dev/null || echo "No lockfile found"
Known vulnerability scan:
!npm audit --json 2>/dev/null | head -50 || pip-audit 2>/dev/null | head -30 || echo "No native audit tool available"
Instructions
- •Verify lockfile integrity and freshness
- •Scan for known CVEs in all dependencies
- •Check for typosquatting risks
- •Audit install scripts for suspicious behavior
- •Evaluate dependency maintainer activity
- •Generate risk-scored audit report
$ARGUMENTS