Graphorin

Appearance

Graphorin API reference v0.1.0

Graphorin API reference / @graphorin/security / supply-chain

supply-chain

Skills supply-chain subsystem of @graphorin/security. Implements the install-time defences:

  • ed25519 signature verification of SKILL.md.
  • --ignore-scripts enforcement against npm + git installs.
  • Operator-managed allow / deny lists with optional framework denylist hook.
  • In-memory installation registry consumed by the audit CLI.

References

_getSupplyChainAuditListenerCountForTesting

Re-exports _getSupplyChainAuditListenerCountForTesting

_resetSkillInstallationsForTesting

Re-exports _resetSkillInstallationsForTesting

_resetSupplyChainAuditListenersForTesting

Re-exports _resetSupplyChainAuditListenersForTesting

_setFrameworkDenylistForTesting

Re-exports _setFrameworkDenylistForTesting

_setPackageManagerForTesting

Re-exports _setPackageManagerForTesting

_setPackageManagerRunnerForTesting

Re-exports _setPackageManagerRunnerForTesting

_setPublicKeyFetcherForTesting

Re-exports _setPublicKeyFetcherForTesting

_setSigstoreVerifierForTesting

Re-exports _setSigstoreVerifierForTesting

assertPolicyAllows

Re-exports assertPolicyAllows

auditInstalledSkills

Re-exports auditInstalledSkills

buildInstallInvocation

Re-exports buildInstallInvocation

canonicalizeForSignature

Re-exports canonicalizeForSignature

detectPackageManager

Re-exports detectPackageManager

emitSupplyChainAudit

Re-exports emitSupplyChainAudit

evaluateSupplyChainPolicy

Re-exports evaluateSupplyChainPolicy

extractSignatureBlock

Re-exports extractSignatureBlock

GraphorinSupplyChainError

Re-exports GraphorinSupplyChainError

installSkillFromGit

Re-exports installSkillFromGit

InstallSkillFromGitOptions

Re-exports InstallSkillFromGitOptions

installSkillFromNpm

Re-exports installSkillFromNpm

InstallSkillFromNpmOptions

Re-exports InstallSkillFromNpmOptions

matchesGlob

Re-exports matchesGlob

onSupplyChainAudit

Re-exports onSupplyChainAudit

PackageManagerKind

Re-exports PackageManagerKind

PackageManagerResult

Re-exports PackageManagerResult

PackageManagerRunner

Re-exports PackageManagerRunner

parseFrontmatter

Re-exports parseFrontmatter

PublicKeyFetcher

Re-exports PublicKeyFetcher

recordInstallation

Re-exports recordInstallation

ResolvedSkillTrustPolicy

Re-exports ResolvedSkillTrustPolicy

resolveTrustPolicy

Re-exports resolveTrustPolicy

runPackageManager

Re-exports runPackageManager

SigstoreVerifier

Re-exports SigstoreVerifier

SkillInstallationStatus

Re-exports SkillInstallationStatus

SkillInstallDeniedError

Re-exports SkillInstallDeniedError

SkillInstallError

Re-exports SkillInstallError

SkillManifestParseError

Re-exports SkillManifestParseError

SkillPublicKeyRef

Re-exports SkillPublicKeyRef

SkillSignatureBlock

Re-exports SkillSignatureBlock

SkillSignatureInvalidError

Re-exports SkillSignatureInvalidError

SkillSignatureMissingError

Re-exports SkillSignatureMissingError

SkillSignatureVerificationResult

Re-exports SkillSignatureVerificationResult

SkillSource

Re-exports SkillSource

SkillTrustLevel

Re-exports SkillTrustLevel

splitFrontmatter

Re-exports splitFrontmatter

SupplyChainAuditAction

Re-exports SupplyChainAuditAction

SupplyChainAuditActor

Re-exports SupplyChainAuditActor

SupplyChainAuditDecision

Re-exports SupplyChainAuditDecision

SupplyChainAuditEvent

Re-exports SupplyChainAuditEvent

SupplyChainDecision

Re-exports SupplyChainDecision

SupplyChainPolicy

Re-exports SupplyChainPolicy

TrustLevelEscalationError

Re-exports TrustLevelEscalationError

verifySkillSignature

Re-exports verifySkillSignature

VerifySkillSignatureOptions

Re-exports VerifySkillSignatureOptions