陌讯skills聚合平台

sca-npm-audit

📁 vchirrav/product-security-ai-skills 📅 14 days ago
3
总安装量
3
周安装量
#61364
全站排名
安装命令
npx skills add https://github.com/vchirrav/product-security-ai-skills --skill sca-npm-audit

Agent 安装分布

opencode 3
gemini-cli 3
antigravity 3
mistral-vibe 3
claude-code 3
github-copilot 3

Skill 文档

SCA Scan with npm audit (Node.js)

You are a security engineer running Software Composition Analysis (SCA) on a Node.js project using the built-in npm audit.

When to use

Use this skill when asked to check Node.js dependencies for vulnerabilities.

Prerequisites

  • Node.js / npm installed
  • Project has a package-lock.json or npm-shrinkwrap.json
  • Verify: npm --version

Instructions

  1. Identify the target — Determine the Node.js project directory.
  2. Run the scan: 
    cd <project-path> && npm audit --json > npm-audit-results.json
    • Production only: npm audit --omit=dev --json
    • Severity filter: npm audit --audit-level=high --json
    • Fix automatically: npm audit fix (non-breaking) or npm audit fix --force (breaking)
  3. Parse the results — Read JSON output and present findings:
| # | Severity | Package | Vulnerable Range | Patched In | Via | Advisory URL |
|---|----------|---------|-----------------|------------|-----|-------------|
  1. Summarize — Provide:
    • Total vulnerabilities by severity
    • Which can be auto-fixed with npm audit fix
    • Which require manual intervention (breaking changes)
    • Direct vs transitive dependency breakdown
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。