sam-4screen-desktop 2026-6-5:17:50:24
This commit is contained in:
@@ -52,6 +52,55 @@ aliases: []
|
||||
| **openspec-apply-change** | Implement tasks from an OpenSpec change |
|
||||
| **openspec-archive-change** | Archive completed changes |
|
||||
| **openspec-explore** | Explore ideas and clarify requirements |
|
||||
| **npm-security** | Scan packages with SafeDep Vet, check typosquatting with npq, wrap installs with Socket Firewall |
|
||||
|
||||
---
|
||||
|
||||
## Security Tools (npm Global)
|
||||
|
||||
Three tools installed globally at `~/.local/share/npm-global/bin/` to guard package installs.
|
||||
|
||||
### SafeDep Vet (`vet`)
|
||||
|
||||
Scans local directories for multi-language malware signatures. Catches obfuscated code, suspicious imports, base64 payloads.
|
||||
|
||||
```bash
|
||||
# Scan a cloned repo before touching it
|
||||
vet scan -D . --format json --filter "package.malware == true"
|
||||
|
||||
# Scan package metadata from npm registry
|
||||
vet scan package <name> --format json
|
||||
```
|
||||
|
||||
### Socket Firewall (`socket`)
|
||||
|
||||
Wraps npm/pip installs with real-time scanning. Blocks malicious packages at install time.
|
||||
|
||||
```bash
|
||||
# Safe npm install
|
||||
socket npm install <package>
|
||||
|
||||
# Safe pip install
|
||||
socket pip install -r requirements.txt
|
||||
```
|
||||
|
||||
### npq
|
||||
|
||||
Checks package names against typosquatting lists before install. Lightweight, local, no phoning home.
|
||||
|
||||
```bash
|
||||
npq check <package> --json
|
||||
```
|
||||
|
||||
### Workflow
|
||||
|
||||
```
|
||||
1. vet scan → checks for malware in the code/package
|
||||
2. npq check → checks the package name for typosquatting
|
||||
3. socket install → wraps the actual install with runtime scanning
|
||||
```
|
||||
|
||||
The **npm-security** skill instructs the Pi agent to follow this workflow before any install.
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user