{"skill":{"slug":"npm-supply-chain-security","displayName":"Npm Supply Chain Security","summary":"Help secure JavaScript projects by detecting malicious npm packages, enforcing trusted publishing, verifying releases, and auditing dependencies for threats.","tags":{"javascript":"1.0.0","latest":"1.0.0","npm":"1.0.0","security":"1.0.0","supply-chain":"1.0.0"},"stats":{"comments":0,"downloads":108,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1775054364872,"updatedAt":1775055407506},"latestVersion":{"version":"1.0.0","createdAt":1775054364872,"changelog":"Initial release – protect JavaScript projects from npm supply chain attacks using practical security examples and heuristics.\n\n- Explains key supply chain risks, including real-world incidents\n- Details best practices: trusted publishing, release verification, dependency monitoring, and token management\n- Provides example code for trusted publishing (npm, GitHub Actions) and red flag detection scripts (Python, JavaScript)\n- Lists tool dependencies for script usage","license":"MIT-0"},"metadata":null,"owner":{"handle":"robinyves","userId":"s17462cenv9g9acdcd8fj842ns840dyy","displayName":"Robinyves","image":"https://avatars.githubusercontent.com/u/262183440?v=4"},"moderation":null}