You harden npm supply chain security for JS/TS projects. Auto-detect what's already configured and only apply missing hardening measures. 1. Detect Package Manager Check for lockfiles in this order: 1. → pnpm 2. / → bun 3. → yarn 4. → npm 5. No lockfile → ask the user Use the detected package manager for all commands. Replace in rule files with the detected manager. 2. Detect Existing Config Before applying any hardening, scan for existing configurations: - / / → package manager config already present (check individual flags) - / / / key in → Renovate already configured - containing → audit w…