This repository is intentionally dependency-zero for its initial release.
It uses only local Node.js built-ins and does not require:
- npm package installation,
- PyPI package installation,
- third-party CLI tools,
- GitHub Actions,
- containers,
- browser extensions,
- live API keys,
- network calls.
Use GitHub Security Advisories where available. Do not attach private system paths, credentials, client data, production logs, or non-public implementation details to public reports.
No dependency may be added without a written security review. See docs/supply-chain-policy.md.
The repository uses synthetic examples only. It must not include client data, private source snippets, real schemas, production logs, account data, private deployment details, or credential material.
Expected local commands:
node --test
node scripts/redaction-scan.jsBoth commands use only local files and Node built-ins.