Skip to main content
Manus에서 모든 스킬 실행
원클릭으로

truestack-dependency-management

스타2
포크0
업데이트2026년 7월 10일 17:19

Own the ongoing dependency and supply-chain lifecycle of a self-hosted app. Use to add a package as a new project dependency (not an incidental setup/CI step), update / bump / upgrade / pin dependencies, edit a lockfile, set up Renovate / Dependabot / cooldown / minimumReleaseAge, run npm audit / pip-audit / osv-scanner, handle a CVE / GHSA / security advisory, judge "is this package safe / upgrade or wait", respond to a supply-chain attack / compromised package / hijacked maintainer, generate an SBOM / CycloneDX / SPDX / VEX, enforce license compliance / copyleft, or address typosquatting / dependency confusion / install scripts / provenance / SLSA / transitive deps. Owns update-bot and scanner policy — including the github-actions ecosystem and audit/CVE fail thresholds — even when enforced in CI; truestack-ci-and-delivery only wires the pipeline stage and initial SHA pins. If a new package collects or transmits personal data, follow on with truestack-data-privacy.

설치

Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.

파일 탐색기
2 개 파일
SKILL.md
readonly