SecureMe: Enhance Your JavaScript Security

SecureMe is an agent skill designed to automatically harden your JavaScript security, specifically focusing on package manager configurations. It implements 7 layers of defense-in-depth to protect against supply chain attacks, malware, and other vulnerabilities.

• Defense Layers: Includes features like a publish time gate (7-day cooldown), disabling install scripts, blocking Git dependencies, enforcing trust policies, integrating with firewall tools like Socket and mpq, validating lock file integrity, and ensuring clean CI installs.

• Automatic Activation: The skill activates automatically whenever your AI agent performs actions such as running package installations (npm, pnpm, bun), modifying configuration files, setting up CI/CD pipelines, or suggesting dependencies.

• Broad Compatibility: Designed to work with any agent that supports the Agent Skills specification, including popular tools like Claude Code, VS Code/GitHub Copilot, Cursor, Gemini CLI, and OpenAI Codex.

• Easy Installation: Can be installed with a single command (npx skills add fixing-x/secureme) or manually placed in the .agents/skills/ directory.

• Contribution Welcome: The project encourages contributions to add support for more package managers (like Yarn and Deno), integrate additional security tools, improve agent instructions, and report bugs.

• Open Source: Licensed under MIT, allowing for free use and modification in any project, including commercial use.

SecureMe aims to make every agent-assisted coding session secure by default, reducing the risk of compromised dependencies and ensuring a safer development environment.