Skip to main content
在 Manus 中运行任何 Skill
一键导入

dependency-and-supply-chain

星标2
分支1
更新时间2026年7月9日 12:42

SAST detection methodology for dependency and supply-chain risk (CWE-1104, CWE-1357, CWE-829, CWE-427), covering known-vulnerable components, dependency confusion, typosquatting, malicious install/lifecycle scripts, missing or ignored lockfiles and integrity hashes, unpinned/latest versions, direct git/URL/tarball deps, private-registry fallback to public, base-image and GitHub-Action supply chain, and unsafe module search order. Use when reviewing package.json/lockfiles, requirements.txt/poetry.lock, pom.xml, .npmrc, or pip.conf. Writes confirmed findings to findings/37-dependency-and-supply-chain.md.

安装

用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。

SKILL.md
readonly