{"id":45738916,"url":"https://github.com/tankpkg/tank","last_synced_at":"2026-05-21T09:04:31.412Z","repository":{"id":338324572,"uuid":"1157509160","full_name":"tankpkg/tank","owner":"tankpkg","description":"Security-first package manager for AI agent skills","archived":false,"fork":false,"pushed_at":"2026-05-20T13:06:33.000Z","size":68819,"stargazers_count":28,"open_issues_count":14,"forks_count":4,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-20T16:58:17.297Z","etag":null,"topics":["ai-agents","ai-coding-agent","claude-code","cli","cursor","developer-tools","npm-alternative","package-manager","registry","security","semver","skills","static-analysis","supply-chain-security"],"latest_commit_sha":null,"homepage":"https://tankpkg.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tankpkg.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.md","support":null,"governance":null,"roadmap":"docs/roadmap-ranking.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-02-13T22:42:27.000Z","updated_at":"2026-05-20T12:57:58.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/tankpkg/tank","commit_stats":null,"previous_names":["tankpkg/tank"],"tags_count":50,"template":false,"template_full_name":null,"purl":"pkg:github/tankpkg/tank","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tankpkg%2Ftank","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tankpkg%2Ftank/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tankpkg%2Ftank/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tankpkg%2Ftank/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tankpkg","download_url":"https://codeload.github.com/tankpkg/tank/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tankpkg%2Ftank/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33293661,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-21T02:57:32.698Z","status":"ssl_error","status_checked_at":"2026-05-21T02:57:31.990Z","response_time":62,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","ai-coding-agent","claude-code","cli","cursor","developer-tools","npm-alternative","package-manager","registry","security","semver","skills","static-analysis","supply-chain-security"],"created_at":"2026-02-25T12:19:26.916Z","updated_at":"2026-05-21T09:04:31.385Z","avatar_url":"https://github.com/tankpkg.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/hero-banner.png\" alt=\"Tank — Security-first package manager for AI agent skills\" width=\"100%\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"assets/logo.png\" alt=\"Tank logo\" width=\"120\" /\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003eTank\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n  Security-first package manager for AI agent skills.\n  \u003cbr /\u003e\n  \u003cem\u003e\"I know Kung Fu.\" — but verified, locked, and scanned.\u003c/em\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/tankpkg/tank/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/tankpkg/tank?style=flat\u0026color=22c55e\" alt=\"GitHub Stars\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/tankpkg/tank/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/github/license/tankpkg/tank?color=3b82f6\" alt=\"License\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.com/package/@tankpkg/cli\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/@tankpkg/cli?color=22c55e\u0026label=cli\" alt=\"npm\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/tankpkg/tank/actions\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/tankpkg/tank/ci.yml?branch=main\u0026label=CI\" alt=\"CI\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\n## The Problem\n\nAI coding agents (Claude Code, Codex, Cursor) can be extended with **skills** — reusable packages that teach agents how to perform tasks. The ecosystem is growing fast: 110,000+ installs in 4 days on one registry alone.\n\nBut today's skill registries have **no versioning, no lockfiles, no permissions, and no security scanning**. In February 2026, the ClawHavoc incident revealed that 341 malicious skills (12% of a major marketplace) were distributing credential-stealing malware.\n\nAgent skills are more dangerous than npm packages because they execute with the **agent's full authority** — reading files, making API calls, running shell commands. The attack surface is fundamentally larger.\n\n## What Tank Does\n\nTank is the **npm for agent skills**, with security built into the foundation:\n\n| Feature         | npm (2012)              | Current Registries | Tank                                 |\n| --------------- | ----------------------- | ------------------ | ------------------------------------ |\n| Versioning      | Social contract         | Git tags / none    | **Semver with escalation detection** |\n| Lockfile        | `package-lock.json`     | None               | **`skills.lock` with SHA-512**       |\n| Permissions     | None                    | None               | **Declared + enforced at install**   |\n| Static analysis | None built-in           | Basic / none       | **6-stage security pipeline**        |\n| Audit score     | `npm audit` (deps only) | None               | **Transparent 0-10 score**           |\n| Code signing    | npm provenance (2023)   | None               | Planned (Sigstore)                   |\n| Sandbox         | None                    | None               | Planned (Phase 3)                    |\n\n## Quick Look\n\n### All CLI Commands\n\n```bash\n# Authentication\ntank login                          # Authenticate via GitHub OAuth\ntank whoami                         # Show current user info\ntank logout                         # Clear credentials\n\n# Project setup\ntank init                           # Create skills.json interactively\n\n# Publishing\ntank publish                        # Pack and publish a skill\ntank publish --dry-run              # Validate without uploading\n\n# Installation \u0026 management\ntank install @org/skill             # Install a specific skill\ntank install                        # Install all from lockfile (like npm ci)\ntank install --yes                  # Auto-accept permission budget expansions\ntank update @org/skill              # Update within semver range\ntank update                         # Update all skills\ntank remove @org/skill              # Remove a skill\n\n# Verification \u0026 security\ntank verify                         # Verify lockfile integrity\ntank permissions                    # Display resolved permission summary\ntank audit                          # Show security analysis results\ntank audit @org/skill               # Audit a specific skill\n\n# Discovery\ntank search \"query\"                 # Search the registry\ntank info @org/skill                # Show skill metadata\n```\n\n**`skills.json`** — declare what your agent is allowed to do:\n\n```json\n{\n  \"skills\": {\n    \"@vercel/next-skill\": \"^2.1.0\",\n    \"@community/seo-audit\": \"3.0.0\"\n  },\n  \"permissions\": {\n    \"network\": { \"outbound\": [\"*.anthropic.com\"] },\n    \"filesystem\": { \"read\": [\"./src/**\"], \"write\": [\"./output/**\"] },\n    \"subprocess\": false\n  }\n}\n```\n\nIf any skill exceeds the permission budget, Tank prompts you to review and approve the expansion — or auto-accept with `--yes` in CI. No silent escalation. This single feature would have prevented ClawHavoc.\n\n## Development\n\n### Prerequisites\n\n- Node.js 24+\n- Bun 1.x+\n- Python 3.14+ (for security analysis functions)\n\n### Setup\n\n```bash\ngit clone https://github.com/tankpkg/tank.git\ncd tank\nbun install\ncp .env.example .env  # fill in credentials\njust db admin                # promotes FIRST_ADMIN_EMAIL to admin\n```\n\n### Commands\n\n```bash\njust dev                    # Start all workspaces in dev mode\njust build                  # Build all packages\njust test                   # Run all unit tests\njust test scanner           # Run Python scanner tests\njust test perf              # Run performance tests\njust check                  # Biome lint + format validation\njust fmt                    # Auto-format code\njust verify                 # Validation-only pipeline\njust --list                 # See all available commands\n```\n\n## Project Structure\n\n```\ntank/\n├── apps/\n│   ├── registry/        # TanStack Start registry app\n│   └── python-api/   # Python security scanner (FastAPI)\n├── packages/\n│   ├── cli/          # Tank CLI (TypeScript)\n│   ├── internals-helpers/ # Shared pure helpers\n│   ├── internals-schemas/ # Shared schemas, types, constants\n│   ├── mcp-server/   # MCP server for editor integration\n│   └── ...\n├── infra/            # Docker Compose, Helm charts\n├── docs/             # Reference, process, product, ops\n├── idd/              # Intent-driven development artifacts\n├── bdd/              # Executable behavior specs\n└── e2e/              # Full-stack regression tests\n```\n\n## Project Status\n\n\u003e **Tank MVP is code-complete.** We're building in the open from day one.\n\n## Documentation\n\n| Document                                   | Description                                          |\n| ------------------------------------------ | ---------------------------------------------------- |\n| [Docs Index](docs/README.md)               | Start here for architecture, process, and references |\n| [Architecture](docs/core/architecture.md)  | Technical design and current app state               |\n| [Methodology](docs/process/methodology.md) | IDD → BDD → TDD → E2E workflow                       |\n| [Contributing](CONTRIBUTING.md)            | How to get involved                                  |\n\n## Why \"Tank\"?\n\n\u003cimg src=\"assets/tank-character.jpg\" alt=\"Tank (Marcus Chong) — the operator from The Matrix\" width=\"400\" align=\"right\" /\u003e\n\nIn The Matrix, **Tank is the operator** — the person who loads skills into people's minds. He's the one who makes \"I know Kung Fu\" possible. But he doesn't just load anything blindly. He verifies, he monitors, he's the last line of defense.\n\nThat's what this project does for AI agent skills.\n\n## Contributing\n\nTank is open source under the [MIT License](LICENSE). We welcome contributions of all kinds — see [CONTRIBUTING.md](CONTRIBUTING.md) to get started.\n\n## License\n\n[MIT](LICENSE) — do what you want, just include the license.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftankpkg%2Ftank","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftankpkg%2Ftank","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftankpkg%2Ftank/lists"}