Skip to content
Recued
Menu
← Back to packs

npm Pack

by recued-core v1 app_pack

V3 npm toolchain capability pack. By-value connector composition (service_kind=cli, no separate ingredient): one local npm CLI ingredient exposes bounded project operations for readiness, package manifest inspection, lockfile dependency tree inspection, test execution, dependency audit, and CycloneDX SBOM generation. Project operations run from an explicit project directory cwd supplied at execution time, avoid caller-supplied npm flags, avoid shell wrappers, and keep diagnostics visible as text or JSON output. Manifest and lockfile inspection are local and read-only. Test execution is approval-gated because package scripts execute project-defined code. Dependency audit is approval-gated because npm sends dependency inventory to the fixed npm registry. SBOM generation is local and read-only. Requires npm on PATH.

What this pack installs

  • npm Ingredient

Trust & control

What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.

Where it runs

Server only Runs on your server.

What it's allowed to do

Write Local CLI npm external change
Read: npm.version · No approvalRead: javascript.package_manifest · No approvalRead: javascript.dependency_tree_lockfile · No approvalRead: javascript.production_dependency_tree_lockfile · No approvalWrite: javascript.test_run · Asks approvalRead: javascript.dependency_audit · Asks approvalRead: software.sbom_cyclonedx · No approval

Data it touches

SurfacesLocal CLI

About

Tags

pack:npmnpmjavascriptnodejstestauditsbommanifestpackage-jsonlockfilecyclonedxdependenciessecuritydeveloper-toolsqualitydiagnosticsjsonlocal-servicev3composition