dependency-auditor
Audit dependencies for security, licenses, and health while generating a phased, low-risk upgrade and migration plan.
by Samuel Rose
About This Skill
Maintain a Healthier, More Secure Codebase
Dependencies are the silent foundation of your application, but they can also be its greatest liability. Dependency Auditor is a specialized skill for senior engineers and DevOps professionals who need more than just a list of outdated packages. It provides a deep, multi-dimensional analysis of your project's ecosystem to identify risks before they reach production.
Detailed Risk Assessment
Unlike standard CLI tools, this skill analyzes five critical vectors:
- Security: Identifies CVEs and provides specific fixed versions.
- Maintenance Health: Flags abandoned packages, "bus factor" risks, and declining commit activity.
- License Compliance: Audits for copyleft (GPL/AGPL) or missing licenses that pose legal risks.
- Upgrade Risk: Categorizes updates by "Minor" (low risk) vs "Major" (migration required).
- Bundle Impact: Identifies heavy JavaScript packages and suggests lighter alternatives (e.g., swapping Moment.js for Day.js).
Actionable Migration Planning
The output isn't just a report; it’s a phased execution strategy. You receive a prioritized upgrade order—securing vulnerabilities first, then batching minor updates, and finally providing detailed migration steps for major version jumps, including breaking change analysis and required peer-dependency updates.
Supported Ecosystems
Supports npm, yarn, pnpm (JavaScript/TypeScript), pip, poetry (Python), Cargo (Rust), Go modules, Composer (PHP), and Bundler (Ruby).
How to Install
unzip dependency-auditor.zip -d ~/.claude/skills/$5
One-time purchase • Own forever
Security Scanned
Passed automated security review
8/8 checks passed
Tags
Frequently Asked Questions
Learn More About AI Agent Skills
Similar Skills
git-commit-writer
Writes conventional commit messages by analyzing your staged git changes. Detects commit type, scope, and breaking changes automatically.
env-doctor
Diagnoses why your project will not start. Checks runtime versions, dependencies, environment variables, databases, ports, and build artifacts systematically.
evaluating-ai-harness-dimensions
Evaluates AI coding agent platforms across five structural dimensions that determine real-world performance independently of model quality, so teams select on architectural fit rather than benchmark scores.
migration-auditor
Catches dangerous database migrations before they hit production. Reviews schema changes for locking hazards, data loss, missing rollbacks, and index issues across PostgreSQL, MySQL, and SQLite.