一键导入
dependency-management-principles
Dependency management: version pinning, vulnerability scanning, dependency hygiene. go.mod, package.json, Cargo.toml, pubspec.yaml.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Dependency management: version pinning, vulnerability scanning, dependency hygiene. go.mod, package.json, Cargo.toml, pubspec.yaml.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Session bootstrap + workflows for Pathfinder semantic navigation tools. Covers: discovery protocol, tool chaining patterns (explore, impact, audit, debug), search optimization, LSP degraded mode, and error recovery.
Playwright browser automation via MCP. Covers E2E testing, UI review, web scraping, screenshot capture, and general browser interaction. MCP-first — CLI is fallback only.
Safe command execution: input sanitization, timeout handling, output capture, error propagation. For spawning processes, shell commands, system calls.
Git conventions: conventional commits, branch naming, PR hygiene, release tagging.
Structured incident workflow: severity classification, triage, diagnosis, mitigation, postmortem, and prevention. Template-driven with blameless review.
Constructs, validates, and traverses a Directed Acyclic Graph (DAG) from scope cards for safe level-based parallel dispatch. Determines execution order via topological sort. Detects cycles and invalid dependencies.
| name | dependency-management-principles |
| description | Dependency management: version pinning, vulnerability scanning, dependency hygiene. go.mod, package.json, Cargo.toml, pubspec.yaml. |
| user-invocable | false |
Production: exact versions (1.2.3, not ^1.2.0). Prevents supply chain attacks, unexpected breakage. Reproducible builds.
Lock files: package-lock.json, pnpm-lock.yaml, yarn.lock, Cargo.lock, go.sum, pubspec.lock, poetry.lock.
Every dep = liability (security, build time, maintenance). Before adding: "50 lines to implement?" "Critical?" "Actively maintained?" "Latest stable?"
Run per-language CVE scanner as part of CI. Fail on critical/high severity.
For the full per-language command reference and SBOM/license compliance procedures, load:
→ @.gemini/skills/supply-chain-security/SKILL.md