dependency-audit
Dependency audit
Run a dependency health check for the current project. If a specific package name was provided as an argument, focus the audit on that package. Otherwise audit all dependencies.
Step 1: Detect the package manager
Check whether this is a Node.js or Python project:
- If
package.jsonexists in the working directory, use npm. - If
requirements.txt,pyproject.toml, orsetup.pyexists, use pip. - If both exist, audit both.
Step 2: Check for outdated packages
For npm:
npm outdatedFor pip:
pip list --outdatedIf $ARGUMENTS is a specific package name, filter the output to that package. If $ARGUMENTS is empty or “all”, show the full list.
Step 3: Check for known vulnerabilities
For npm:
npm auditFor pip (if pip-audit is available):
pip-auditIf pip-audit is not installed, note its absence and recommend installing it: pip install pip-audit.
Step 4: Summarize findings
Present a concise report:
- Total outdated packages (current version vs latest version for the top 10 most outdated)
- Any vulnerabilities found: severity level, affected package, advisory ID
- Recommended actions in priority order: fix critical vulnerabilities first, then high, then update packages with breaking changes separately from patch updates
- If
$ARGUMENTSnames a specific package: show its current version, latest version, changelog link if available fromnpm info <package> homepageorpip show <package>, and whether any known vulnerabilities affect this specific package
Notes
- Do not modify
package.json,requirements.txt, or any lock file. This skill audits only; it does not upgrade. - If the project has no dependencies file at all, report that and stop.