Skip to main content
Execute qualquer Skill no Manus
com um clique

truestack-dependency-management

Estrelas2
Forks0
Atualizado10 de julho de 2026 às 17:19

Own the ongoing dependency and supply-chain lifecycle of a self-hosted app. Use to add a package as a new project dependency (not an incidental setup/CI step), update / bump / upgrade / pin dependencies, edit a lockfile, set up Renovate / Dependabot / cooldown / minimumReleaseAge, run npm audit / pip-audit / osv-scanner, handle a CVE / GHSA / security advisory, judge "is this package safe / upgrade or wait", respond to a supply-chain attack / compromised package / hijacked maintainer, generate an SBOM / CycloneDX / SPDX / VEX, enforce license compliance / copyleft, or address typosquatting / dependency confusion / install scripts / provenance / SLSA / transitive deps. Owns update-bot and scanner policy — including the github-actions ecosystem and audit/CVE fail thresholds — even when enforced in CI; truestack-ci-and-delivery only wires the pipeline stage and initial SHA pins. If a new package collects or transmits personal data, follow on with truestack-data-privacy.

Instalação

Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.

Explorador de arquivos
2 arquivos
SKILL.md
readonly