Skip to content

Instantly share code, notes, and snippets.

View nym's full-sized avatar

Tom Longson nym

25 followers · 5 following
  • Scotland, UK
View GitHub Profile
@nym
nym / npm-pr-review-npm-supply-chain.md
Created March 31, 2026 14:01
A skill for auditing PRs for potentially compromising issues around supply chain attacks
name npm-pr-review-npm-supply-chain
description Reviews pull requests for npm supply chain security risks. Use this skill whenever a user asks you to review a PR, check a diff, audit dependency changes, or evaluate whether it's safe to merge — especially when package.json, package-lock.json, or node_modules are involved. Also trigger for questions like "is this PR safe?", "what changed in dependencies?", or "should I approve this?". Even if the PR is about something else, if it touches npm files, run this review. The goal is to catch supply chain attacks, compromised packages, and dangerous postinstall hooks before they reach production.

npm Supply Chain PR Review

You are reviewing a pull request with the lens of npm supply chain security. Even if the PR seems routine, dependency changes are a common vector for sophisticated attacks — including ones where the malicious code runs at install time and self-destructs, leaving no trace.

Your job is to produce a structured security report the author

@nym
nym / .block
Last active September 13, 2018 18:32
mp sankey
license: mit
@nym
nym / index.html
Created November 15, 2017 19:42
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>GistRun</title>
<link rel="stylesheet" href="styles.css">
</head>
<body>
<h1>Hello world!</h1>
<script src="script.js"></script>
@nym
nym / app.html
Created March 30, 2017 17:14
Aurelia Router Demo
<template>
<require from="components/navigation.html"></require>
<h1>Aurelia Router Demo</h1>
<navigation router.bind="router" class="primary-navigation"></navigation>
<div class="page-host">
<router-view></router-view>
</div>
</template>
@nym
nym / app.html
Created March 30, 2017 17:13 — forked from ScottWhittaker/app.html
Aurelia Router Demo
<template>
<require from="components/navigation.html"></require>
<h1>Aurelia Router Demo</h1>
<navigation router.bind="router" class="primary-navigation"></navigation>
<div class="page-host">
<router-view></router-view>
</div>
</template>
@nym
nym / README.md
Last active August 29, 2015 14:26 — forked from ameyms/README.md
D3 Gauge - Part Deux

Yet another simple gauge chart using d3 Inspired by Jake Trent's Codepen snippet

To move the pointer needle, type in following code in you javascript console

needle.moveTo(.25)
@nym
nym / .gitignore
Created July 9, 2013 17:59 — forked from karmi/.gitignore
.DS_Store
*.log
tmp/
@nym
nym / gist:2967352
Created June 21, 2012 17:54
Is it loaded? Is it loaded? Yes it might be. Yes it might be.
var jsdom = require('jsdom');
var fs = require('fs');
var request = require("request");
var jsdom = require("jsdom");
jsdom.defaultDocumentFeatures = {
FetchExternalResources : ['script', 'img', 'css', 'frame', 'link'],
ProcessExternalResources : ['script', 'img', 'css', 'frame', 'link'],
@nym
nym / gist:2918959
Created June 12, 2012 17:40
Script tag not loading
var jsdom = require('jsdom');
jsdom.defaultDocumentFeatures = {
FetchExternalResources : ['script'],
ProcessExternalResources : ['script'],
MutationEvents : '2.0',
QuerySelector : false
};
var htmlDoc = '<html lang="en-US">' +
@nym
nym / gist:2918776
Created June 12, 2012 17:13
JSDOM Sample
var jsdom = require('jsdom');
jsdom.defaultDocumentFeatures = {
FetchExternalResources : ['script'],
ProcessExternalResources : ['script'],
MutationEvents : false,
QuerySelector : false
};
//var fs = require('fs');
//var jquery = fs.readFileSync("./jquery-1.6.2.min.js").toString();