dependency-audit

Esta página aún no está disponible en tu idioma.

Dependency audit

Run a dependency health check for the current project. If a specific package name was provided as an argument, focus the audit on that package. Otherwise audit all dependencies.

Step 1: Detect the package manager

Check whether this is a Node.js or Python project:

If package.json exists in the working directory, use npm.
If requirements.txt, pyproject.toml, or setup.py exists, use pip.
If both exist, audit both.

Step 2: Check for outdated packages

For npm:

npm outdated

For pip:

pip list --outdated

If $ARGUMENTS is a specific package name, filter the output to that package. If $ARGUMENTS is empty or “all”, show the full list.

Step 3: Check for known vulnerabilities

For npm:

npm audit

For pip (if pip-audit is available):

pip-audit

If pip-audit is not installed, note its absence and recommend installing it: pip install pip-audit.

Step 4: Summarize findings

Present a concise report:

Total outdated packages (current version vs latest version for the top 10 most outdated)
Any vulnerabilities found: severity level, affected package, advisory ID
Recommended actions in priority order: fix critical vulnerabilities first, then high, then update packages with breaking changes separately from patch updates
If $ARGUMENTS names a specific package: show its current version, latest version, changelog link if available from npm info <package> homepage or pip show <package>, and whether any known vulnerabilities affect this specific package

Notes

Do not modify package.json, requirements.txt, or any lock file. This skill audits only; it does not upgrade.
If the project has no dependencies file at all, report that and stop.