Use this skill ANY TIME you need to install, add, or update a package dependency. This includes: npm install, npm i, npm add, yarn add, pnpm add, pip install, pip3 install, python -m pip install, uv add, uv pip install, or any variation. NEVER run package install commands directly — always use this skill first. It validates packages against supply chain attacks (typosquatting, known vulnerabilities, suspicious metadata) before allowing installation. If the user asks to 'add a dependency', 'install a library', or any phrasing that implies adding a new package, trigger this skill.
2026-06-09