A non-exhaustive list of package manager hardening recommendations to help prevent supply chain vulnerability attacks. Includes AGENTS.md files, skills and Github Action to audit and enforce these recommendations.