---
name: security-supply-check
description: Re-audit installed dependencies — check lockfiles against blocklists, OSV.dev CVEs, and typosquat detection
---

# Supply Chain Check

Re-audit installed dependencies from lockfiles.

## Step 1: Run Scanner

```bash
node <plugin-root>/scanners/supply-chain-recheck-cli.mjs $ARGUMENTS
```

Target = `$ARGUMENTS` or current working directory. Checks: package-lock.json, yarn.lock, requirements.txt, Pipfile.lock against blocklists, OSV.dev batch API, and Levenshtein typosquat detection.

## Step 2: Format Results

Parse JSON output. Show:

```
# Supply Chain Check: [STATUS]

Findings: XC XH XM XL | Lockfiles: N scanned

[If osv_offline: "OSV.dev unreachable — blocklist and typosquat checks ran, CVE checks skipped"]

## Findings

[Table: severity, package, ecosystem, type (blocklist/CVE/typosquat), description]
```

If zero findings: "All dependencies pass supply chain checks."