pnpm
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is composed entirely of informational markdown files documenting pnpm 10.x. No executable scripts, binaries, or hidden commands are included in the skill files.
- [SAFE]: All code snippets provided for configuration files (.npmrc, pnpm-workspace.yaml, package.json) and pnpmfile hooks (.pnpmfile.cjs) are standard examples used for educational and architectural purposes within the pnpm ecosystem.
- [SAFE]: References to external resources, such as GitHub Actions (e.g., pnpm/action-setup) and package registries, point to official pnpm domains and trusted well-known services.
- [SAFE]: Credential patterns identified (e.g., ${NPM_TOKEN}) are placeholders for environment variable interpolation and do not represent hardcoded secrets.
Audit Metadata