arch-tsdown-monorepo
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a git
pre-commithook usingsimple-git-hooks. The hook executespnpm installandlint-staged. Security is prioritized through the use of--frozen-lockfile,--offline, and notably--ignore-scriptsto prevent third-party package scripts from running during the hook execution. - [COMMAND_EXECUTION]: The export snapshot testing feature utilizes the
tinyexeclibrary to runpnpm lslocally. This is used for discovering workspace packages within the monorepo for manifest verification. - [EXTERNAL_DOWNLOADS]: The GitHub Actions configuration references
sxzz/workflowsand standard actions from theactionsorganization. These are used for continuous integration and automated publishing via npm Trusted Publisher.
Audit Metadata