AI coding tools install packages without thinking. "Add a date library" becomes `npm install moment` — a 4.2MB package with known vulnerabilities, when `date-fns` or the native Intl API would work. AI doesn't evaluate package trustworthiness, check for typosquatting, or pin versions. Your `node_modules` is an attack surface, and AI makes it bigger with every suggestion.

## Key Points

- package-ecosystem: "npm"
- package-ecosystem: "pip"
- package-ecosystem: "docker"
- package-ecosystem: "github-actions"

Dependency Supply Chain Security

AI coding tools install packages without thinking. "Add a date library" becomes npm install moment — a 4.2MB package with known vulnerabilities, when date-fns or the native Intl API would work. AI doesn't evaluate package trustworthiness, check for typosquatting, or pin versions. Your node_modules is an attack surface, and AI makes it bigger with every suggestion.

This skill teaches you to audit, evaluate, pin, and monitor every dependency in your project.

Auditing Current Dependencies

npm

# Run the built-in audit
npm audit

# Only show high and critical vulnerabilities
npm audit --audit-level=high

# Generate a machine-readable report
npm audit --json > audit-report.json

# Fix automatically where possible (minor/patch only)
npm audit fix

# See what fix would do without applying
npm audit fix --dry-run

pip (Python)

# Install pip-audit
pip install pip-audit

# Audit installed packages
pip-audit

# Audit from requirements file
pip-audit -r requirements.txt

# Output as JSON
pip-audit --format json --output audit-report.json

# Using safety (alternative tool)
pip install safety
safety check --full-report

Go

# Built-in vulnerability checking
govulncheck ./...

# Check specific module
govulncheck -show verbose ./...

Bundler (Ruby)

gem install bundler-audit
bundle audit check --update

Lockfile Integrity

Lockfiles pin exact versions. Without them, npm install on two machines can install different code.

Verify Lockfiles Exist and Are Committed

# Check if lockfile exists
ls package-lock.json  # npm
ls yarn.lock          # yarn
ls pnpm-lock.yaml     # pnpm
ls Pipfile.lock       # pipenv
ls poetry.lock        # poetry

# Use frozen installs in CI (never modify lockfile during build)
npm ci                # npm — clean install from lockfile
yarn install --frozen-lockfile  # yarn
pnpm install --frozen-lockfile  # pnpm
pip install --require-hashes -r requirements.txt  # pip with hash checking

Detect Lockfile Tampering

# npm validates integrity hashes automatically during npm ci
# If someone modified the lockfile to point to a different package,
# npm ci will fail with an integrity check error

# Verify lockfile matches package.json
npm ls --all  # Shows dependency tree, errors on mismatches

Typosquatting Detection

Attackers publish malicious packages with names similar to popular ones. AI is especially vulnerable — it may suggest expresss instead of express.

Common Typosquatting Patterns

Real Package	Typosquat Examples
express	expresss, expres, express-js
lodash	lodahs, lodashs, 1odash
react	reactjs, react-core, reaact
requests (Python)	request, requsets, python-requests

Detection Tools

# socket.dev — comprehensive supply chain analysis
npx socket optimize  # Analyze package.json for risky deps

# npm package name check before installing
npm info <package-name>  # Verify it exists and check metadata

# Check download counts — legitimate packages have high counts
npm info express | grep -i "downloads\|maintainers\|repository"

Manual Verification Checklist

Before adding any dependency, check:

# 1. Does the package have significant downloads?
npm info <package> | grep weekly

# 2. Is the repository real and active?
npm info <package> repository

# 3. How many maintainers? (sole maintainer = higher risk)
npm info <package> maintainers

# 4. When was it last published?
npm info <package> time

# 5. Does the published code match the repository?
# Compare package contents with git repo
npm pack <package> --dry-run

Dependency Pinning Strategies

Exact Pinning

{
  "dependencies": {
    "express": "4.18.2",
    "pg": "8.11.3"
  }
}

Pros: Maximum reproducibility. What you test is what you deploy. Cons: You must manually update for security patches.

Range Pinning with Lockfile

{
  "dependencies": {
    "express": "^4.18.2",
    "pg": "~8.11.3"
  }
}

With lockfile: ^ and ~ are resolved at lockfile creation time. npm ci uses exact locked versions. Updates happen only when you explicitly run npm update.

Recommended Approach

{
  "dependencies": {
    "express": "^4.18.2"
  },
  "overrides": {
    "semver": ">=7.5.4"
  }
}

Use ^ ranges with a committed lockfile. Use overrides (npm) or resolutions (yarn) to force security patches on transitive dependencies.

SBOM Generation

Software Bill of Materials — a complete list of everything in your application.

# npm: Generate SBOM in CycloneDX format
npx @cyclonedx/cyclonedx-npm --output-file sbom.json

# pip: Generate SBOM
pip install cyclonedx-bom
cyclonedx-py requirements -i requirements.txt -o sbom.json

# Syft: Universal SBOM generator (works with containers too)
syft . -o cyclonedx-json > sbom.json
syft myapp:latest -o cyclonedx-json > container-sbom.json

# Use SBOM for vulnerability scanning
grype sbom:sbom.json

Dependabot Configuration

# .github/dependabot.yml
version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 10
    reviewers:
      - "security-team"
    labels:
      - "dependencies"
      - "security"
    # Group minor/patch updates to reduce PR noise
    groups:
      production-dependencies:
        patterns:
          - "*"
        update-types:
          - "minor"
          - "patch"
    # Security updates are always created immediately
    # regardless of schedule

  - package-ecosystem: "pip"
    directory: "/"
    schedule:
      interval: "weekly"
    allow:
      - dependency-type: "direct"

  - package-ecosystem: "docker"
    directory: "/"
    schedule:
      interval: "weekly"

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"

Renovate Configuration

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": [
    "config:recommended",
    ":semanticCommits",
    "security:openssf-scorecard"
  ],
  "vulnerabilityAlerts": {
    "enabled": true,
    "labels": ["security"]
  },
  "packageRules": [
    {
      "matchDepTypes": ["devDependencies"],
      "automerge": true,
      "automergeType": "branch"
    },
    {
      "matchUpdateTypes": ["patch"],
      "groupName": "patch updates",
      "automerge": true
    },
    {
      "matchUpdateTypes": ["major"],
      "labels": ["breaking-change"],
      "automerge": false
    }
  ],
  "lockFileMaintenance": {
    "enabled": true,
    "schedule": ["before 5am on monday"]
  }
}

CI Pipeline Integration

# .github/workflows/security.yml
name: Dependency Security
on:
  pull_request:
  schedule:
    - cron: '0 8 * * 1'  # Weekly Monday 8am

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: npm audit
        run: npm audit --audit-level=high

      - name: Check for known vulnerabilities
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --severity-threshold=high

      - name: Generate SBOM
        run: npx @cyclonedx/cyclonedx-npm --output-file sbom.json

      - name: Upload SBOM
        uses: actions/upload-artifact@v4
        with:
          name: sbom
          path: sbom.json

  license-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci
      - name: Check licenses
        run: npx license-checker --failOn 'GPL-3.0;AGPL-3.0' --summary

Package Evaluation Criteria

Before letting AI add a dependency, evaluate it:

Criteria	Minimum Threshold	Check Command
Weekly downloads	>10,000 for production deps	npm info <pkg>
Maintainers	>1 for critical deps	npm info <pkg> maintainers
Last publish	Within 12 months	npm info <pkg> time
Open issues	Reasonable ratio to usage	Check GitHub
License	Compatible (MIT, Apache, BSD)	npm info <pkg> license
Bundle size	Justified for the feature	npx bundlephobia <pkg>
Dependencies	Fewer is better	npm info <pkg> dependencies
Known vulnerabilities	Zero high/critical	npm audit

The Rule

Every dependency is code you didn't write, running with your application's permissions, accessing your users' data. AI treats npm install as free. It is not. Every package is a trust decision. Make it deliberately.