Scan Report
0 /100
typescript-package-manager
Expert 10x Software engineer specializing in TypeScript with deep knowledge of all popular package management tools including npm, yarn, pnpm, bun, and deno
A legitimate TypeScript package management knowledge skill with reference scripts that generate configuration templates and installation instructions. No malicious patterns found.
Safe to install
No action required. The skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | SKILL.md does not declare filesystem access; scripts read only local project fil… |
| Network | NONE | NONE | — | No network requests made; curl patterns are printed as user instructions, not ex… |
| Shell | NONE | NONE | — | Scripts use execSync only for local diagnostics (version checks, tool detection)… |
| Environment | NONE | NONE | — | No environment variable access detected |
| Skill Invoke | NONE | NONE | — | No cross-skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No database access |
2 Critical 50 findings
Critical Dangerous Command 危险 Shell 命令
curl -fsSL https://bun.sh/install | bash scripts/bun-workflow.js:195 Critical Dangerous Command 危险 Shell 命令
curl -fsSL https://get.pnpm.io/install.sh | sh scripts/pnpm-workflow.md:51 Medium External URL 外部 URL
https://yourwebsite.com assets/package-json-template.md:25 Medium External URL 外部 URL
https://docs.npmjs.com/cli/v9/configuring-npm/package-json assets/package-json-template.md:521 Medium External URL 外部 URL
https://nodejs.org/api/packages.html assets/package-json-template.md:522 Medium External URL 外部 URL
https://www.typescriptlang.org/docs/handbook/module-resolution.html assets/package-json-template.md:523 Medium External URL 外部 URL
https://www.typescriptlang.org/docs/handbook/integrating-with-build-tools.html references/integration-with-build-tools.md:13 Medium External URL 外部 URL
https://vitejs.dev/guide/ references/integration-with-build-tools.md:614 Medium External URL 外部 URL
https://webpack.js.org/concepts/ references/integration-with-build-tools.md:615 Medium External URL 外部 URL
https://esbuild.github.io/ references/integration-with-build-tools.md:616 Medium External URL 外部 URL
https://turbo.build/repo/docs references/integration-with-build-tools.md:617 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Npm references/package-management.md:13 Medium External URL 外部 URL
https://pnpm.io/ references/package-management.md:45 Medium External URL 外部 URL
https://semver.org/ references/package-management.md:96 Medium External URL 外部 URL
https://registry.company.com references/package-management.md:214 Medium External URL 外部 URL
https://npm.company.com references/package-management.md:217 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/APT_(software references/package-management.md:285 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/DNF_(software references/package-management.md:286 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Zypp references/package-management.md:287 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Homebrew_(package_manager references/package-management.md:288 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Pip_(package_manager references/package-management.md:292 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Rust_(programming_language references/package-management.md:293 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Apache_Maven references/package-management.md:294 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Conda_(package_manager references/package-management.md:295 Medium External URL 外部 URL
https://pdm-project.org/en/latest/ references/package-management.md:301 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Open_Container_Initiative references/package-management.md:306 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Flatpak references/package-management.md:307 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/Snap_(software references/package-management.md:308 Medium External URL 外部 URL
https://en.wikipedia.org/wiki/AppImage references/package-management.md:309 Medium External URL 外部 URL
https://flox.dev/blog/package-managers-and-package-management-a-guide-for-the-perplexed/ references/package-management.md:313 Medium External URL 外部 URL
https://hub.flox.dev/packages references/package-management.md:315 Medium External URL 外部 URL
https://docs.docker.com/build/building/best-practices/ references/package-management.md:316 Medium External URL 外部 URL
https://bun.sh/docs/runtime/bunfig scripts/bun-workflow.js:120 Medium External URL 外部 URL
https://registry.myorg.com/ scripts/bun-workflow.js:134 Medium External URL 外部 URL
https://bun.sh/install scripts/bun-workflow.js:195 Medium External URL 外部 URL
https://bun.sh/docs scripts/bun-workflow.md:5 Medium External URL 外部 URL
https://npm.mycompany.com/ scripts/bun-workflow.md:361 Medium External URL 外部 URL
https://www.typescriptlang.org/tsconfig/ scripts/health-check.md:6 Medium External URL 外部 URL
https://www.typescriptlang.org/docs/handbook/declaration-files/do-s-and-don-ts.html scripts/health-check.md:7 Medium External URL 外部 URL
https://docs.npmjs.com/ scripts/npm-workflow.md:5 Medium External URL 外部 URL
https://get.pnpm.io/install.ps1 scripts/pnpm-workflow.md:48 Medium External URL 外部 URL
https://get.pnpm.io/install.sh scripts/pnpm-workflow.md:51 Medium External URL 外部 URL
https://npm.company.com/ scripts/pnpm-workflow.md:308 Medium External URL 外部 URL
https://pnpm.io/cli/add scripts/pnpm-workflow.md:692 Medium External URL 外部 URL
https://pnpm.io/workspaces scripts/pnpm-workflow.md:693 Medium External URL 外部 URL
https://pnpm.io/benchmarks scripts/pnpm-workflow.md:695 Medium External URL 外部 URL
https://yarnpkg.com/ scripts/yarn-workflow.md:5 Medium External URL 外部 URL
https://yarnpkg.com/getting-started/migration scripts/yarn-workflow.md:827 Medium External URL 外部 URL
https://yarnpkg.com/features/pnp scripts/yarn-workflow.md:829 Medium External URL 外部 URL
https://yarnpkg.com/features/workspaces scripts/yarn-workflow.md:830 File Tree
13 files · 164.8 KB · 6923 lines Markdown 10f · 5899L
JavaScript 3f · 1024L
├─
▾
assets
│ ├─
package-json-template.md
Markdown
│ └─
package-manager-comparison.md
Markdown
├─
▾
references
│ ├─
integration-with-build-tools.md
Markdown
│ └─
package-management.md
Markdown
├─
▾
scripts
│ ├─
bun-workflow.js
JavaScript
│ ├─
bun-workflow.md
Markdown
│ ├─
health-check.js
JavaScript
│ ├─
health-check.md
Markdown
│ ├─
npm-workflow.js
JavaScript
│ ├─
npm-workflow.md
Markdown
│ ├─
pnpm-workflow.md
Markdown
│ └─
yarn-workflow.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Self-contained scripts with no external dependencies
✓ All shell usage (execSync) is limited to safe local diagnostics: version checks, tool detection, file existence
✓ curl|bash patterns in bun-workflow.js are printed as migration instructions via console.log(), not executed
✓ curl|sh patterns in markdown files are documentation, not executable code
✓ No credential harvesting, no API key access, no environment variable enumeration
✓ No base64 encoding, no obfuscation, no anti-analysis techniques
✓ Scripts read only local project files (package.json, tsconfig.json) when present, no sensitive path access
✓ No network exfiltration or C2 communication patterns
✓ Skill is purely knowledge/reference with template-generating scripts