Safety Checklists
Use these short lists before risky actions. They are simple by design so beginners can slow down and verify first.
Safe repository checklist
- Review unknown repositories before trusting them.
- Read README, recent commits, and issue history for warning signs.
- Run new code in a non-production environment first.
- Ask before running setup scripts you do not understand.
Safe package install checklist
- Check package scripts before install.
- Confirm package name and publisher to avoid typosquatting.
- Avoid pasting unknown commands into terminal.
- Pin versions when possible for repeatable installs.
Secret handling checklist
- Keep API keys out of prompts and repositories.
- Use environment variables or secret managers.
- Scan commits before pushing to public remotes.
- Rotate credentials quickly if exposure is suspected.
AI coding workflow checklist
- Ask before running destructive commands.
- Review generated commands line by line.
- Require confirmation for sudo, delete, and recursive changes.
- Keep human review for security-sensitive edits.