sam/obsidian-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sam-4screen-desktop 2026-6-5:17:50:24

Browse Source
This commit is contained in:
Sam Rolfe
2026-06-05 17:50:24 +10:00
parent edcb2a5456
commit 98acace9b7
2 changed files with 54 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.obsidian/workspace.json vendored
View File

@@ -13,12 +13,12 @@
"state": { "state": {
"type": "markdown", "type": "markdown",
"state": { "state": {
"file": "300 areas/350 AI/Security NPM packages tools.md", "file": "300 areas/350 AI/Pi Agent Extensions & Skills.md",
"mode": "source", "mode": "source",
"source": true "source": true
}, },
"icon": "lucide-file", "icon": "lucide-file",
"title": "Security NPM packages tools" "title": "Pi Agent Extensions & Skills"
} }
} }
] ]
@@ -181,10 +181,10 @@
"state": { "state": {
"type": "file-properties", "type": "file-properties",
"state": { "state": {
"file": "300 areas/350 AI/Security NPM packages tools.md" "file": "300 areas/350 AI/Pi Agent Extensions & Skills.md"
}, },
"icon": "lucide-info", "icon": "lucide-info",
"title": "File properties for Security NPM packages tools" "title": "File properties for Pi Agent Extensions & Skills"
} }
} }
], ],
@@ -209,9 +209,9 @@
}, },
"active": "b145af38583e5d9a", "active": "b145af38583e5d9a",
"lastOpenFiles": [ "lastOpenFiles": [
"300 areas/350 AI/Security NPM packages tools.md",
"300 areas/350 AI/Pi Agent Extensions & Skills.md", "300 areas/350 AI/Pi Agent Extensions & Skills.md",
"300 areas/350 AI/Automated Agentic Tools.md", "300 areas/350 AI/Automated Agentic Tools.md",
"300 areas/350 AI/Security NPM packages tools.md",
"300 areas/350 AI/AI Tools to try.md", "300 areas/350 AI/AI Tools to try.md",
"400 resources/410 Web Pages/Website Design AI.md", "400 resources/410 Web Pages/Website Design AI.md",
"300 areas/350 AI/Hermes Ai autonomous Agent.md", "300 areas/350 AI/Hermes Ai autonomous Agent.md",

49
300 areas/350 AI/Pi Agent Extensions & Skills.md
View File

@@ -52,6 +52,55 @@ aliases: []
| **openspec-apply-change** | Implement tasks from an OpenSpec change | | **openspec-apply-change** | Implement tasks from an OpenSpec change |
| **openspec-archive-change** | Archive completed changes | | **openspec-archive-change** | Archive completed changes |
| **openspec-explore** | Explore ideas and clarify requirements | | **openspec-explore** | Explore ideas and clarify requirements |
| **npm-security** | Scan packages with SafeDep Vet, check typosquatting with npq, wrap installs with Socket Firewall |
---
## Security Tools (npm Global)
Three tools installed globally at `~/.local/share/npm-global/bin/` to guard package installs.
### SafeDep Vet (`vet`)
Scans local directories for multi-language malware signatures. Catches obfuscated code, suspicious imports, base64 payloads.
```bash
# Scan a cloned repo before touching it
vet scan -D . --format json --filter "package.malware == true"
# Scan package metadata from npm registry
vet scan package <name> --format json
```
### Socket Firewall (`socket`)
Wraps npm/pip installs with real-time scanning. Blocks malicious packages at install time.
```bash
# Safe npm install
socket npm install <package>
# Safe pip install
socket pip install -r requirements.txt
```
### npq
Checks package names against typosquatting lists before install. Lightweight, local, no phoning home.
```bash
npq check <package> --json
```
### Workflow
```
1. vet scan → checks for malware in the code/package
2. npq check → checks the package name for typosquatting
3. socket install → wraps the actual install with runtime scanning
```
The **npm-security** skill instructs the Pi agent to follow this workflow before any install.
--- ---