Dependency Auditor
by Samuel Rose
Audit dependencies for security, licenses, and health while generating a phased, low-risk upgrade and migration plan.
- Identify and remediate high-risk security vulnerabilities in package trees
- Ensure legal compliance by flags for incompatible open-source licenses
- Execute phased dependency upgrades to minimize breaking changes and downtime
$5
· or 25 creditsSecure checkout via Stripe
Included in download
- Identify and remediate high-risk security vulnerabilities in package trees
- Ensure legal compliance by flags for incompatible open-source licenses
- network automation included
- Ready for Claude Code
Sample input
Please audit my package.json for any security vulnerabilities, outdated libraries, or abandoned packages and provide a prioritized upgrade plan.
Sample output
Audit Results:
- express: 4.18.2 -> 4.19.1 (Low Risk)
- moment: Abandoned. Migration: Replace with dayjs (+85% bundle savings)
- lodash: CVE-2023-45133 (Critical). Fix: Upgrade to 4.17.21 Phased Plan: 1. Patch Criticals, 2. Minor Batches, 3. Major Migrations.
Dependency Auditor
by Samuel Rose
Audit dependencies for security, licenses, and health while generating a phased, low-risk upgrade and migration plan.
$5
· or 25 creditsSecure checkout via Stripe
Also available in a bundle
Included in download
- Identify and remediate high-risk security vulnerabilities in package trees
- Ensure legal compliance by flags for incompatible open-source licenses
- network automation included
- Ready for Claude Code
- Instant install
Sample input
Please audit my package.json for any security vulnerabilities, outdated libraries, or abandoned packages and provide a prioritized upgrade plan.
Sample output
Audit Results:
- express: 4.18.2 -> 4.19.1 (Low Risk)
- moment: Abandoned. Migration: Replace with dayjs (+85% bundle savings)
- lodash: CVE-2023-45133 (Critical). Fix: Upgrade to 4.17.21 Phased Plan: 1. Patch Criticals, 2. Minor Batches, 3. Major Migrations.
About This Skill
Maintain a Healthier, More Secure Codebase
Dependencies are the silent foundation of your application, but they can also be its greatest liability. Dependency Auditor is a specialized skill for senior engineers and DevOps professionals who need more than just a list of outdated packages. It provides a deep, multi-dimensional analysis of your project's ecosystem to identify risks before they reach production.
Detailed Risk Assessment
Unlike standard CLI tools, this skill analyzes five critical vectors:
- Security: Identifies CVEs and provides specific fixed versions.
- Maintenance Health: Flags abandoned packages, "bus factor" risks, and declining commit activity.
- License Compliance: Audits for copyleft (GPL/AGPL) or missing licenses that pose legal risks.
- Upgrade Risk: Categorizes updates by "Minor" (low risk) vs "Major" (migration required).
- Bundle Impact: Identifies heavy JavaScript packages and suggests lighter alternatives (e.g., swapping Moment.js for Day.js).
Actionable Migration Planning
The output isn't just a report; it’s a phased execution strategy. You receive a prioritized upgrade order—securing vulnerabilities first, then batching minor updates, and finally providing detailed migration steps for major version jumps, including breaking change analysis and required peer-dependency updates.
Supported Ecosystems
Supports npm, yarn, pnpm (JavaScript/TypeScript), pip, poetry (Python), Cargo (Rust), Go modules, Composer (PHP), and Bundler (Ruby).
Use Cases
- Identify and remediate high-risk security vulnerabilities in package trees
- Ensure legal compliance by flags for incompatible open-source licenses
- Execute phased dependency upgrades to minimize breaking changes and downtime
- Assess library health metrics to replace unmaintained or deprecated packages
Known Limitations
- Cannot execute shell commands (e.g., 'npm install') directly.
- Vulnerability data may lag behind real-time databases if offline.
- Indirect dependencies require a lock file for full visibility.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/dependency-auditor -o /tmp/dependency-auditor.zip && unzip -o /tmp/dependency-auditor.zip -d ~/.claude/skills && rm /tmp/dependency-auditor.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Claude Code, Cursor, Windsurf, Roo Code, and other agents that support SKILL.md-style instructions.
Also available in a bundle
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.
Multi-Agent Orchestration Master Library
Transform Claude Code into a coordinated multi-agent system. Battle-tested tmux orchestration patterns, YAML task queues, event-driven communication, and parallel worker management for 8+ agents.
PII & Data-Leak Scanner
Scan your schemas, seed data, config, and logs for personal data before it leaks. Detects PII-indicating column and key names (email, ssn, phone, address) across SQL, CSV, and JSON, plus PII in the data itself: email addresses, SSN-like numbers, credit-card-like numbers, phone numbers, and PII written into log files. Each finding is flagged with its location and a GDPR-style review note. Heuristic by design: it surfaces what to review, not a compliance guarantee.
Legacy Code Modernization Planner for AI Coding Agents
Creates safe modernization roadmaps for old, messy, undocumented, or fragile codebases, including risk audits, refactor phases, dependency reviews, testing plans, migration steps, and AI coding prompts.