Package Security
Package security combines lockfile policy, scheduled scanner jobs, redacted all-user visibility, admin response actions, and release trust blocking.
Read Scan Results
- Open /package-security for all-user posture.
- Open /admin/security for aggregate package-security posture and incidents.
- Query GET /package-security/scans/latest for scan ID, lockfile hash, policy hash, status, and degraded tool list.
- Treat degraded, failed, stale, pending, and running as not clean for release decisions.
Trigger A Manual Scan
POST /admin/package-security/scans
Requires PACKAGE_SECURITY_ADMIN_MUTATIONS_ENABLED=true and a platform-admin session.Source Material
- docs/security/package-security-runbook.md
- docs/security/package-security-rollout.md
- apps/api/src/modules/package-security/routes.ts