pnpm
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious instructions, obfuscation, or unauthorized data access patterns were detected. The skill correctly documents pnpm functionality for developer use.\n- [COMMAND_EXECUTION]: The skill describes core pnpm commands for installing and managing dependencies. It specifically recommends security-enhancing flags such as
--frozen-lockfileand discusses pnpm's strict dependency resolution and lifecycle script controls (ignore-scripts,onlyBuiltDependencies).\n- [EXTERNAL_DOWNLOADS]: CI/CD configuration examples reference official GitHub Actions from trusted organizations (pnpm,actions) and official Docker images (node:20-slim), adhering to industry-standard security practices.
Audit Metadata