Company News
Andrew Becherer Joins Socket as Chief Information Security Officer
Socket’s first CISO brings deep experience securing high-growth SaaS companies as open source supply chain threats accelerate.
By Sarah Gooding - Jun 11, 2026
Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement →
@forwardimpact/libcoaligned
Advanced tools
@forwardimpact/libcoaligned
Co-Aligned architecture checks — enforce instruction-layer length caps, JTBD invariants, and the repo's own declarative invariant rule modules.
libcoaligned
Co-Aligned architecture checks — enforce instruction-layer length caps, JTBD invariants, and the repo's own declarative invariant rule modules.
Getting Started
npx coaligned # run every check (instructions + jtbd)
npx coaligned instructions # enforce L1–L7 length and checklist caps
npx coaligned jtbd # validate JTBD entries against package.json
npx coaligned jtbd --fix # regenerate catalog and job blocks in place
npx coaligned invariants # run the repo's own rule modules
The instructions and jtbd subcommands implement the contract described in
COALIGNED.md:
instructions— every layer (L1 CLAUDE.md, L2 CONTRIBUTING.md / JTBD.md, L3 agent profile, L4 agent reference, L5 SKILL.md, L6 skill reference, L7 checklist block) is gated by a line cap and a word cap. Either breach fails.jtbd— eachpackage.json .jobsentry is validated against the JTBD schema; with--fix, marker-delimited blocks in<dir>/README.md,<dir>/<pkg>/README.md, and rootJTBD.mdare regenerated.
Invariants
coaligned invariants is a generic host for a repository's own invariant
checks. It resolves the project root (from any subdirectory), loads every
*.rules.mjs module under .coaligned/invariants/, and runs each module's
declarative rule catalogue through the shared rules engine. The policies stay
in the repository; the CLI ships only the engine.
A rule module's default export is:
export default {
name: "ambient-deps",
// Walk the repo and return plain subjects per scope (plus optional
// shared ctx the rules read).
build: async ({ root, runtime }) => ({
subjects: { "src-file": [{ path, smells }] },
ctx: { deny },
}),
// Declarative rules over those subjects.
rules: [{ id, scope, severity, when, check, message, hint }],
// Optional: text for `coaligned invariants --seed <name>` — e.g. a
// regenerated grandfather deny-list.
seed: async ({ root, runtime }) => "…",
};
Findings render in the same ESLint-style format as the other subcommands
(--json for machine output); any finding fails the run.
FAQs
Co-Aligned architecture checks — enforce instruction-layer length caps, JTBD invariants, and the repo's own declarative invariant rule modules.
The npm package @forwardimpact/libcoaligned receives a total of 24 weekly downloads. As such, @forwardimpact/libcoaligned popularity was classified as not popular.
We found that @forwardimpact/libcoaligned demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 11 Jun 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Company News
Socket Partners with Replit to Block Malicious Packages in AI-Powered Development
Replit is integrating Socket Firewall into its AI-powered development experience to help protect builders from malicious open source packages.
By Feross Aboukhadijeh - Jun 10, 2026
Security News
npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders
npm confirmed a tooling bug incorrectly marked several one-character packages as security holders and said it was working on a rollback.
By Sarah Gooding - Jun 09, 2026