security-scan

Resolve npm dependency vulnerabilities detected by security scans.

1.25x

Quality

61%

Does it follow best practices?

Impact

97%

1.25x

Average score across 3 eval scenarios

Securityby

Advisory

Suggest reviewing before use

Optimize this skill with Tessl

npx tessl skill review --optimize ./frontend/.claude/skills/security-scan/SKILL.md

Security Scan

Resolve npm dependency vulnerabilities detected by Snyk.io security scans.

Activation Conditions

User shares Snyk vulnerability reports
Mentions CVEs/CWEs
Asks to fix security issues in npm dependencies

Quick Reference

Action	Rule
Fix direct deps	`vuln-direct-deps.md`
Fix transitive deps	`vuln-transitive-deps.md`

Workflow

1. Assess

Parse vulnerability report: package, version, CVE/CWE, severity, fixed version
Categorize as direct (in package.json) or transitive (pulled in by another package)

2. Explore

Check package.json for current versions and existing overrides
Check lockfile for actual resolved versions
Search source code for direct usage of vulnerable package
Check npm registry for available fixed versions: npm view <package> versions --json

3. Fix

See rules for specific fix patterns.

4. Verify

bun i --yarn
bun run type:check
bun run lint
bun run build
bun run test

All must pass.

Tips

Use exact versions for security fixes (no ^ prefix)
Fix Critical/High severity first
Replace unmaintained packages rather than patching
Document workarounds with comments explaining why

Rules

See rules/ directory for detailed guidance.

Repository: redpanda-data/console
Commit: 02210fa

Last updated: about 13 hours ago
Created: about 13 hours ago

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.