supply-chain-hardening

Name: supply-chain-hardening
Rating: 5 (1 reviews)
Author: bg-szy

Configure install-time cooldowns for npm/bun (minimum release age) and run a sandboxed pre-install scan when the cooldown has to be bypassed. Use when the user asks about supply-chain attacks, npm/bun security, "minimum release age", a "cooldown" for installs, hardening against Shai-Hulud-class worms, or how to safely install a package that was just published. Also use after any recent supply-chai

1stars

Updated 13 days ago

View on GitHub ↗

How to add

/plugin marketplace add bg-szy/TOP-SKILLS

The exact command may vary by repository. Check the README on GitHub.

For the skill author

Drop this on your repo README

Shows your skill is listed on Skillteca, generates a backlink and trackable traffic.

[![Listada na Skillteca](https://www.skillteca.com.br/api/badge/supply-chain-hardening-bg-szy/svg)](https://www.skillteca.com.br/skills/supply-chain-hardening-bg-szy?utm_source=badge&utm_medium=readme&utm_campaign=badge)

#ai

Related skills

See all in Segurança →

security-research

60.3k

Team Mode security research skill orchestrates 3 vulnerability hunters and 2 PoC engineers to audit a codebase in parallel, prove exploitability, classify root causes, and calibrate severity. It is used for security review, vulnerability research, exploitability audit, and threat model validation.

Segurançaby code-yeongyu

security-audit

39.2k

Comprehensive security auditing workflow covering web application testing, API security, penetration testing, vulnerability scanning, and security hardening.

Segurança#github#gitby sickn33

security-compliance-compliance-check

39.2k

You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform comprehensive compliance audits and provide implementation guidance for achieving and maintaining compliance.

Segurança#github#gitby sickn33

security-auditor

39.2k

Expert security auditor specializing in DevSecOps, comprehensive cybersecurity, and compliance frameworks.

Segurança#github#gitby sickn33

Category alert

Get new Segurança skills every Monday

One short email with only the new Segurança skills. 4 minutes of reading, no spam, unsubscribe with one click.

You confirm your email on the first send. No spam. Unsubscribe with one click.

Supply-chain hardening

Defends a journalism toolchain against the dominant npm/bun supply-chain attack pattern: a maintainer account or CI pipeline is compromised, a malicious version ships, and machines install it before anyone notices. Recent example: the Mini Shai-Hulud TanStack attack (2026-05-11) compromised 84 versions across 42 @tanstack/* packages and exfiltrated AWS / GCP / Vault / GitHub / SSH credentials via a postinstall script.

How to add

Drop this on your repo README

Related skills

security-research

security-audit

security-compliance-compliance-check

security-auditor

Get new Segurança skills every Monday

Supply-chain hardening

Comments · No comments