No dependency changes
The agent is read-only in the repository: it runs npm audit and reports the result to compliance. It does not run npm install or fix code by itself.
ISO 27001 A.8.8 · npm audit · Vulnerabilities
Control A.8.8 requires technical vulnerability management. Exponencial's skill runs npm audit, reconciles risks and records dated evidence in the compliance platform.
01 Search intent
Auditors and customers want process: detection, prioritization, treatment, acceptance and evidence. A loose npm audit report helps less if it never becomes a traceable ISMS record.
02 What we deliver
The agent is read-only in the repository: it runs npm audit and reports the result to compliance. It does not run npm install or fix code by itself.
Package, severity, project, date and origin enter the risk register for treatment, acceptance or mitigation decisions.
On first run, the agent creates a trial organization with the owner's email. Existing clients use the connection and approval flow.
03 Workflow
Execute inside a project with package.json and package-lock.json. The agent identifies the owner from the Git email.
High and critical findings become risks; low and moderate findings support monitoring evidence; resolved findings close existing issues.
Sign in to /adm with the same email and see the A.8.8 control, risks and events generated by the run.
For active clients, the same agent can run in CI, cron or agent routines to keep evidence alive.
04 Practical proof
The value is connecting technical output to the right ISO control and decision flow. Evidence stops being a forgotten file and becomes ISMS history.
05 FAQ
No. A run without signup creates a trial organization. To connect to an existing account, use --connect and approve the agent in the panel.
No by design. It uses npm audit output and project metadata; it does not need to read .env files, private keys or repository credentials.
This first skill focuses on npm because it provides a clear entry point. The same model can be extended to other ecosystems and controls.