f418a8fe08
Full port of llm-security plugin for internal use on Windows with GitHub Copilot CLI. Protocol translation layer (copilot-hook-runner.mjs) normalizes Copilot camelCase I/O to Claude Code snake_case format — all original hook scripts run unmodified. - 8 hooks with protocol translation (stdin/stdout/exit code) - 18 SKILL.md skills (Agent Skills Open Standard) - 6 .agent.md agent definitions - 20 scanners + 14 scanner lib modules (unchanged) - 14 knowledge files (unchanged) - 39 test files including copilot-port-verify.mjs (17 tests) - Windows-ready: node:path, os.tmpdir(), process.execPath, no bash Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
34 lines
933 B
Markdown
34 lines
933 B
Markdown
---
|
|
name: security-supply-check
|
|
description: Re-audit installed dependencies — check lockfiles against blocklists, OSV.dev CVEs, and typosquat detection
|
|
---
|
|
|
|
# Supply Chain Check
|
|
|
|
Re-audit installed dependencies from lockfiles.
|
|
|
|
## Step 1: Run Scanner
|
|
|
|
```bash
|
|
node <plugin-root>/scanners/supply-chain-recheck-cli.mjs $ARGUMENTS
|
|
```
|
|
|
|
Target = `$ARGUMENTS` or current working directory. Checks: package-lock.json, yarn.lock, requirements.txt, Pipfile.lock against blocklists, OSV.dev batch API, and Levenshtein typosquat detection.
|
|
|
|
## Step 2: Format Results
|
|
|
|
Parse JSON output. Show:
|
|
|
|
```
|
|
# Supply Chain Check: [STATUS]
|
|
|
|
Findings: XC XH XM XL | Lockfiles: N scanned
|
|
|
|
[If osv_offline: "OSV.dev unreachable — blocklist and typosquat checks ran, CVE checks skipped"]
|
|
|
|
## Findings
|
|
|
|
[Table: severity, package, ecosystem, type (blocklist/CVE/typosquat), description]
|
|
```
|
|
|
|
If zero findings: "All dependencies pass supply chain checks."
|