Helps Claude understand and check your dependency tree for supply chain risks when you're working with npm packages. You'd reach for this when auditing a project's dependencies, investigating a specific package before adding it, or trying to spot malicious code in your node_modules. The skill draws on real attack patterns like the event-stream incident and focuses on the fact that your average app pulls in 200+ direct dependencies, each with around 5 transitive deps. It's education mixed with practical checks. Given the 700% spike in supply chain attacks mentioned in the 2024 Sonatype report, this is less about paranoia and more about basic hygiene.
npx skills add https://github.com/harperaa/secure-claude-skills --skill dependency-supply-chain-security