一键导入
deps
Install or update npm dependencies with supply chain security checks. Pins exact versions, audits vulnerabilities, and verifies the build after changes.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Install or update npm dependencies with supply chain security checks. Pins exact versions, audits vulnerabilities, and verifies the build after changes.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Write Svelte 5 components and SvelteKit pages following the project's frontend conventions — dark theme, mobile-first, minimalist Tailwind, modern CSS.
Create a new Architecture Decision Record (ADR) in docs/decisions/. MUST be used whenever writing an ADR — never create ADR files manually. Picks the next sequential number, fills the template, and updates the ADR table in README.md.
Run E2E and unit tests. Supports smoke tests (quick, any DB), deterministic tests (seeded DB, full suite), unit tests, or individual test files. Also covers ad-hoc verification via Playwright MCP.
Audit the current branch for loose ends before merge or plan close — stale docs, untested defensive code, partial wiring, coverage regressions, leftover TODOs. Reports findings; does not fix. MUST be used as part of plan-mode step 4 ("Branch audit before closing"); also useful ad-hoc whenever a branch is asked to be merge-ready.
Stage and commit changes with an emoji conventional commit message. Reviews staged/unstaged diffs, suggests a message, and creates the commit.
Run linting and formatting checks on the project. Uses ESLint, Prettier, and svelte-check. Reports issues and offers to auto-fix.
| name | deps |
| description | Install or update npm dependencies with supply chain security checks. Pins exact versions, audits vulnerabilities, and verifies the build after changes. |
| allowed-tools | Bash Read Edit |
Help me install or update dependencies in this project following supply chain security best practices.
Audit current state
npm audit and summarise any vulnerabilities (critical/high/medium/low)npm outdated to list packages with available updatesReview updates
Update selectively
npm install <package>@<exact-version> --save-exactnpm update or npm install without a pinned versionPin exact versions
package.json has no ^ or ~ prefixesVerify after each update
npm run check (svelte-check)npm run lintnpm run test:unit -- --runCommit
/commit skill with the 📦 deps: type.npmrc minimum-release-age)npm audit after updating — new packages can introduce transitive vulnerabilitiespostinstall scripts unless the package is well-known and trustednpm audit reports a vulnerability with no fix available, open an issue and document it$ARGUMENTS