AAWEA.ORG

Manual start

↓

1

List vulnerabilities

Run npm audit --json. Pick the highest severity fixable issue (one at a time).

> npm audit --audit-level=high
2

Apply safe fix

Use npm audit fix for that advisory or bump the direct dependency. Avoid --force unless unavoidable.

> npm test

↓

✓

Exit condition: lint_clean

No high or critical npm audit vulnerabilities remain

> npm audit --audit-level=high

📊 Flow Diagram

flowchart TD Start(["Manual start"]) Start --> S0 S0("List vulnerabilities") S1("Apply safe fix") S0 --> S1 Exit{"No high or critical npm audit vulnerabilities remain"} S1 --> Exit Exit -- "No" --> S0 Exit -- "Yes" --> Done(["Success"]) style Exit fill:#fffbeb,stroke:#f59e0b,stroke-width:2px,color:#92400e style Done fill:#ecfdf5,stroke:#10b981,stroke-width:2px,color:#065f46

Run "npm Audit Fix Loop" in your agent

Prompt only

Deeplinks and "Open in Cursor" only paste the kickoff prompt. They do not install hook files — your agent cannot tell whether files are on disk until you add them yourself.

Two separate pieces

Kickoff prompt — tells the agent the goal, check command, exit condition, and how to self-pace.

Kickoff prompt

Start the "npm Audit Fix Loop" loop.

Goal: no high or critical npm audit vulnerabilities
Max iterations: 10
Between iterations run: npm audit --audit-level=high && npm test
Exit when: npm audit reports no high/critical issues

Step 1: Pick one high/critical advisory, apply the safest fix, run tests, and repeat.

Self-pace this loop. After each iteration, run the check command, read the output, and only continue if the exit condition is not met. Stop when the exit condition passes or max iterations is reached. Give a short status update each pass.

Anti-gaming rules

Rules the agent must follow so it cannot cheat the exit condition.

Do not modify the check command or exit criteria to force success
Do not skip, disable, or bypass checks to pass the exit condition
If stuck after several iterations, stop and report blockers instead of gaming metrics