feat: add sandbox-npm-install skill to community collection

[GeekTrainer]

Sandbox npm Install

A skill for installing npm packages in Docker sandbox environments where the workspace is mounted via virtiofs.

The Problem

Native Go and Rust binaries (esbuild, lightningcss, rollup, etc.) crash with mmap alignment failures when executed from a virtiofs-mounted filesystem on aarch64. This is a common pain point for anyone developing in containerized environments like GitHub Copilot's Docker sandbox.

What This Skill Does

Provides a bundled install script that:

1. Installs node_modules on the container's local ext4 filesystem
2. Symlinks node_modules back into the workspace
3. Verifies native binaries work correctly
4. Optionally installs Playwright browsers for E2E testing

The skill auto-detects the workspace, supports configurable install paths, and includes a troubleshooting guide for common issues.

Why It Belongs in the Collection

Any developer working in a Docker sandbox with a Node.js project will hit this problem. Rather than debugging cryptic SIGILL/SIGSEGV crashes, agents can invoke this skill and get a working node_modules in seconds. It's environment infrastructure that benefits every Node.js workflow.

[Copilot]

Pull request overview

This PR substantially expands the repository’s plugin ecosystem by adding many new agents/skills and updating multiple plugin manifests, while also appending the new sandbox-npm-install entry to the global skills index.

Changes:

• Added multiple new agents and skills across many plugins/* packages (MCP dev experts, team workflow agents, Dataverse helpers, FlowStudio references, etc.).
• Updated many plugin.json manifests to point agents to ./agents and normalized skill paths (removed trailing slashes).
• Updated docs/README.skills.md to include the new sandbox-npm-install skill entry.

Reviewed changes

Copilot reviewed 125 out of 297 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
plugins/mcp-m365-copilot/agents/mcp-m365-agent-expert.md	Adds a new MCP/M365 expert agent definition.
plugins/mcp-m365-copilot/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill paths.
plugins/kotlin-mcp-development/agents/kotlin-mcp-expert.md	Adds a Kotlin MCP server development expert agent definition.
plugins/kotlin-mcp-development/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill path.
plugins/java-mcp-development/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill path.
plugins/java-development/skills/java-springboot/SKILL.md	Adds a Spring Boot best-practices skill.
plugins/java-development/skills/java-junit/SKILL.md	Adds a JUnit 5 best-practices skill.
plugins/java-development/skills/java-docs/SKILL.md	Adds a Java Javadoc best-practices skill.
plugins/java-development/skills/create-spring-boot-java-project/SKILL.md	Adds a step-by-step Spring Boot project scaffolding skill.
plugins/java-development/.github/plugin/plugin.json	Normalizes skill paths (removes trailing slashes).
plugins/go-mcp-development/agents/go-mcp-expert.md	Adds a Go MCP server development expert agent definition.
plugins/go-mcp-development/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill path.
plugins/gem-team/agents/gem-reviewer.md	Adds a security-focused reviewer agent definition.
plugins/gem-team/agents/gem-orchestrator.md	Adds an orchestration/coordination agent definition.
plugins/gem-team/agents/gem-implementer.md	Adds an implementation-focused agent definition.
plugins/gem-team/agents/gem-documentation-writer.md	Adds a documentation writer agent definition.
plugins/gem-team/agents/gem-devops.md	Adds a DevOps agent definition.
plugins/gem-team/agents/gem-browser-tester.md	Adds a browser/E2E testing agent definition.
plugins/gem-team/.github/plugin/plugin.json	Switches agents reference to ./agents.
plugins/frontend-web-dev/skills/playwright-generate-test/SKILL.md	Adds a Playwright test generation skill.
plugins/frontend-web-dev/skills/playwright-explore-website/SKILL.md	Adds a Playwright website exploration/testing skill.
plugins/frontend-web-dev/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill paths.
plugins/flowstudio-power-automate/skills/flowstudio-power-automate-mcp/references/connection-references.md	Adds reference material for connection references.
plugins/flowstudio-power-automate/skills/flowstudio-power-automate-mcp/references/action-types.md	Adds a Power Automate action type quick reference.
plugins/flowstudio-power-automate/skills/flowstudio-power-automate-mcp/references/MCP-BOOTSTRAP.md	Adds a bootstrap reference for the FlowStudio MCP server.
plugins/flowstudio-power-automate/skills/flowstudio-power-automate-debug/references/debug-workflow.md	Adds a debug decision-tree reference for flows.
plugins/flowstudio-power-automate/skills/flowstudio-power-automate-debug/references/common-errors.md	Adds a catalog of common flow errors and fixes.
plugins/flowstudio-power-automate/skills/flowstudio-power-automate-build/references/trigger-types.md	Adds copy/paste trigger templates reference.
plugins/flowstudio-power-automate/skills/flowstudio-power-automate-build/references/flow-schema.md	Adds a flow definition schema reference.
plugins/flowstudio-power-automate/skills/flowstudio-power-automate-build/references/build-patterns.md	Adds common build pattern templates.
plugins/flowstudio-power-automate/.github/plugin/plugin.json	Normalizes skill paths (removes trailing slashes).
plugins/edge-ai-tasks/.github/plugin/plugin.json	Switches agents reference to ./agents.
plugins/doublecheck/skills/doublecheck/assets/verification-report-template.md	Adds a verification report template asset.
plugins/doublecheck/agents/doublecheck.md	Adds a “Doublecheck” verification agent definition.
plugins/doublecheck/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill path.
plugins/devops-oncall/skills/multi-stage-dockerfile/SKILL.md	Adds a multi-stage Dockerfile best-practices skill.
plugins/devops-oncall/agents/azure-principal-architect.md	Adds an Azure principal architect agent definition.
plugins/devops-oncall/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill paths.
plugins/dataverse/.github/plugin/plugin.json	Normalizes skill path (removes trailing slash).
plugins/dataverse-sdk-for-python/skills/dataverse-python-usecase-builder/SKILL.md	Adds a Dataverse Python “use case builder” skill.
plugins/dataverse-sdk-for-python/skills/dataverse-python-quickstart/SKILL.md	Adds a Dataverse Python quickstart skill.
plugins/dataverse-sdk-for-python/skills/dataverse-python-production-code/SKILL.md	Adds a production-code oriented Dataverse Python skill.
plugins/dataverse-sdk-for-python/skills/dataverse-python-advanced-patterns/SKILL.md	Adds a Dataverse Python advanced patterns skill.
plugins/dataverse-sdk-for-python/.github/plugin/plugin.json	Normalizes skill paths (removes trailing slashes).
plugins/database-data-management/skills/postgresql-code-review/SKILL.md	Adds a PostgreSQL-focused code review skill.
plugins/database-data-management/agents/postgresql-dba.md	Adds a PostgreSQL DBA agent definition.
plugins/database-data-management/agents/ms-sql-dba.md	Adds an MS SQL DBA agent definition.
plugins/database-data-management/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill paths.
plugins/csharp-mcp-development/skills/csharp-mcp-server-generator/SKILL.md	Adds a C# MCP server generator skill.
plugins/csharp-mcp-development/agents/csharp-mcp-expert.md	Adds a C# MCP expert agent definition.
plugins/csharp-mcp-development/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill path.
plugins/csharp-dotnet-development/skills/dotnet-upgrade/SKILL.md	Adds a .NET upgrade planning/execution skill.
plugins/csharp-dotnet-development/skills/dotnet-best-practices/SKILL.md	Adds .NET/C# best-practices guidance skill.
plugins/csharp-dotnet-development/skills/csharp-xunit/SKILL.md	Adds an xUnit best-practices skill.
plugins/csharp-dotnet-development/skills/csharp-tunit/SKILL.md	Adds a TUnit best-practices skill.
plugins/csharp-dotnet-development/skills/csharp-nunit/SKILL.md	Adds an NUnit best-practices skill.
plugins/csharp-dotnet-development/skills/csharp-async/SKILL.md	Adds a C# async best-practices skill.
plugins/csharp-dotnet-development/skills/aspnet-minimal-api-openapi/SKILL.md	Adds ASP.NET Minimal API + OpenAPI guidance skill.
plugins/csharp-dotnet-development/agents/expert-dotnet-software-engineer.md	Adds an expert .NET software engineer agent definition.
plugins/csharp-dotnet-development/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill paths.
plugins/copilot-sdk/.github/plugin/plugin.json	Normalizes skill path (removes trailing slash).
plugins/context-engineering/skills/what-context-needed/SKILL.md	Adds a skill for listing required context/files.
plugins/context-engineering/skills/refactor-plan/SKILL.md	Adds a refactor planning skill.
plugins/context-engineering/skills/context-map/SKILL.md	Adds a context mapping skill.
plugins/context-engineering/agents/context-architect.md	Adds a context architect agent definition.
plugins/context-engineering/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill paths.
plugins/clojure-interactive-programming/skills/remember-interactive-programming/SKILL.md	Adds an “interactive programming” reminder skill.
plugins/clojure-interactive-programming/agents/clojure-interactive-programming.md	Adds a Clojure interactive programming agent definition.
plugins/clojure-interactive-programming/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill path.
plugins/cast-imaging/agents/cast-imaging-structural-quality-advisor.md	Adds a CAST Imaging structural quality advisor agent.
plugins/cast-imaging/agents/cast-imaging-software-discovery.md	Adds a CAST Imaging software discovery agent.
plugins/cast-imaging/agents/cast-imaging-impact-analysis.md	Adds a CAST Imaging impact analysis agent.
plugins/cast-imaging/.github/plugin/plugin.json	Switches agents reference to ./agents.
plugins/azure-cloud-development/skills/azure-pricing/references/SERVICE-NAMES.md	Adds reference data for Retail Prices API service names.
plugins/azure-cloud-development/skills/azure-pricing/references/REGIONS.md	Adds reference data for Retail Prices API regions.
plugins/azure-cloud-development/skills/azure-pricing/references/COST-ESTIMATOR.md	Adds formulas/patterns for cost estimation.
plugins/azure-cloud-development/skills/azure-pricing/references/COPILOT-STUDIO-RATES.md	Adds cached Copilot Studio billing rates + estimation formulas.
plugins/azure-cloud-development/agents/terraform-azure-planning.md	Adds a Terraform planning agent definition.
plugins/azure-cloud-development/agents/terraform-azure-implement.md	Adds a Terraform implementation agent definition.
plugins/azure-cloud-development/agents/azure-verified-modules-terraform.md	Adds an AVM Terraform agent definition.
plugins/azure-cloud-development/agents/azure-verified-modules-bicep.md	Adds an AVM Bicep agent definition.
plugins/azure-cloud-development/agents/azure-saas-architect.md	Adds an Azure SaaS architect agent definition.
plugins/azure-cloud-development/agents/azure-principal-architect.md	Adds an Azure principal architect agent definition.
plugins/azure-cloud-development/agents/azure-logic-apps-expert.md	Adds an Azure Logic Apps expert agent definition.
plugins/azure-cloud-development/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill paths.
plugins/awesome-copilot/skills/suggest-awesome-github-copilot-skills/SKILL.md	Adds a skill for suggesting skills from awesome-copilot.
plugins/awesome-copilot/skills/suggest-awesome-github-copilot-instructions/SKILL.md	Adds a skill for suggesting instruction files from awesome-copilot.
plugins/awesome-copilot/skills/suggest-awesome-github-copilot-agents/SKILL.md	Adds a skill for suggesting agents from awesome-copilot.
plugins/awesome-copilot/agents/meta-agentic-project-scaffold.md	Adds an agent for pulling files from awesome-copilot.
plugins/awesome-copilot/.github/plugin/plugin.json	Switches agents reference to ./agents; normalizes skill paths.
plugins/automate-this/.github/plugin/plugin.json	Normalizes skill path (removes trailing slash).
docs/README.skills.md	Adds sandbox-npm-install to the global skills index.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

Comments suppressed due to low confidence (1)

skills/sandbox-npm-install/SKILL.md:75

• The “Troubleshooting” markdown table also starts rows with ||, which typically renders as an extra empty column. Use single leading pipes (|) for the table rows.

| Problem | Solution |
|---|---|
| `SIGILL` or `SIGSEGV` when running dev server | Re-run the install script; ensure you're not running `npm install` directly in the workspace |
| `node_modules` not found after install | Check that the symlink exists: `ls -la node_modules` |
| Permission errors during install | Ensure the local deps directory is writable by the current user |

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

skills/sandbox-npm-install/SKILL.md:76

• The "Troubleshooting" table has the same formatting issue as above (|| at the start of each row), which will add an unintended blank column. Adjust the table rows to start with a single | so it renders as a 2-column table.

| Problem | Solution |
|---|---|
| `SIGILL` or `SIGSEGV` when running dev server | Re-run the install script; ensure you're not running `npm install` directly in the workspace |
| `node_modules` not found after install | Check that the symlink exists: `ls -la node_modules` |
| Permission errors during install | Ensure the local deps directory is writable by the current user |
| Verification fails intermittently | Run the script again — native binary crashes can be non-deterministic on first load |

[Copilot]

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

[Copilot]

WORKSPACE_CLIENT is normalized with cd "$WORKSPACE_CLIENT" ... even when it’s empty. In bash, that can resolve to $HOME (or otherwise produce a misleading value), which makes failures harder to reason about. Consider only normalizing when WORKSPACE_CLIENT is non-empty, and otherwise leave it empty so the later validation fails cleanly.

Suggested change

	WORKSPACE_CLIENT="$(cd "$WORKSPACE_CLIENT" 2>/dev/null && pwd || true)"
	if [[ -n "$WORKSPACE_CLIENT" ]]; then
	if ! WORKSPACE_CLIENT="$(cd "$WORKSPACE_CLIENT" 2>/dev/null && pwd)"; then
	WORKSPACE_CLIENT=""
	fi
	fi

[Copilot]

This script recursively deletes $DEPS_DIR on every run. Even though $DEPS_DIR is derived from $DEPS_BASE, it’s still worth adding a defensive guard before rm -rf (e.g., ensure $DEPS_DIR is non-empty, not /, and starts with $DEPS_BASE/) to prevent accidental destructive deletes if variables change or the derivation logic is modified later.

Suggested change

	echo "→ Preparing $DEPS_DIR..."
	echo "→ Preparing $DEPS_DIR..."
	# Safety checks before recursive delete
	if [[ -z "${DEPS_DIR:-}" ]]; then
	echo "Error: DEPS_DIR is empty; aborting to avoid unsafe rm -rf."
	exit 1
	fi
	if [[ "$DEPS_DIR" == "/" ]]; then
	echo "Error: DEPS_DIR is '/' ; aborting to avoid unsafe rm -rf."
	exit 1
	fi
	if [[ "$DEPS_DIR" != "$DEPS_BASE"/* ]]; then
	echo "Error: DEPS_DIR ('$DEPS_DIR') is not under DEPS_BASE ('$DEPS_BASE'); aborting."
	exit 1
	fi

[Copilot]

Copying .npmrc into the deps directory can duplicate registry auth tokens (common in .npmrc). To reduce token exposure on multi-user systems, consider creating the directory with restrictive permissions (e.g., 700) and setting the copied .npmrc to 600 after copying.

Suggested change

	mkdir -p "$DEPS_DIR"
	cp "$WORKSPACE_CLIENT/package.json" "$DEPS_DIR/"
	# Copy .npmrc if present (needed for private registries / scoped packages)
	if [[ -f "$WORKSPACE_CLIENT/.npmrc" ]]; then
	cp "$WORKSPACE_CLIENT/.npmrc" "$DEPS_DIR/"
	mkdir -p "$DEPS_DIR"
	chmod 700 "$DEPS_DIR"
	cp "$WORKSPACE_CLIENT/package.json" "$DEPS_DIR/"
	# Copy .npmrc if present (needed for private registries / scoped packages)
	if [[ -f "$WORKSPACE_CLIENT/.npmrc" ]]; then
	cp "$WORKSPACE_CLIENT/.npmrc" "$DEPS_DIR/"
	chmod 600 "$DEPS_DIR/.npmrc"

[Copilot]

has_dep() only checks dependencies and devDependencies. If a project puts these tools under optionalDependencies (fairly common for native binaries), the verification step will silently skip them even though they are installed. Consider including optionalDependencies (and possibly peerDependencies) in the detection logic so verification matches the “when present” wording.

Suggested change

	const pkg=require(process.argv[1]);
	const deps={...(pkg.dependencies||{}),...(pkg.devDependencies||{})};
	const pkg = require(process.argv[1]);
	const deps = {
	...(pkg.dependencies || {}),
	...(pkg.devDependencies || {}),
	...(pkg.optionalDependencies || {}),
	...(pkg.peerDependencies || {})
	};

[aaronpowell]

@GeekTrainer do you want to double check the Copilot suggestions and see if any are worth accepting?