依赖事件审计

← All use cases

难度：高级

适用场景：Engineering and security teams responding to public package or supply chain advisories. Maintainers who need to check lock files, scripts, CI permissions, and caches before changing dependencies. Incident reviews where Codex should gather evidence without installing packages or running untrusted code.

启动提示

Help me audit this repository for exposure to this public package advisory: [advisory URL]. Stay read-only unless I explicitly approve a remediation step. First, summarize:

• affected packages and version ranges
• authoritative sources versus broader reports
• what evidence would prove exposure in this repo
• what evidence would rule it out Then inspect:
• package manifests and lock files
• CI workflows and permissions
• install, build, and postinstall scripts
• vendored artifacts, co...