dependency-auditor
by PromptSpace
Audit dependencies for security, licenses, and health while generating a phased, low-risk upgrade and migration plan.
- Identify and remediate high-risk security vulnerabilities in package trees
- Ensure legal compliance by flags for incompatible open-source licenses
- Execute phased dependency upgrades to minimize breaking changes and downtime
$5
One-time purchase
Included in download
- Downloadable skill package
- Works with OpenClaw, Cursor
- Instant install
dependency-auditor
by PromptSpace
Audit dependencies for security, licenses, and health while generating a phased, low-risk upgrade and migration plan.
$5
One-time purchase
⚡ Skill ready to install in Claude Code, Gemini CLI, or any MCP-compatible client. Read the install guides →
Included in download
- Downloadable skill package
- Works with OpenClaw, Cursor
- Instant install
About This Skill
Maintain a Healthier, More Secure Codebase
Dependencies are the silent foundation of your application, but they can also be its greatest liability. Dependency Auditor is a specialized skill for senior engineers and DevOps professionals who need more than just a list of outdated packages. It provides a deep, multi-dimensional analysis of your project's ecosystem to identify risks before they reach production.
Detailed Risk Assessment
Unlike standard CLI tools, this skill analyzes five critical vectors:
- Security: Identifies CVEs and provides specific fixed versions.
- Maintenance Health: Flags abandoned packages, "bus factor" risks, and declining commit activity.
- License Compliance: Audits for copyleft (GPL/AGPL) or missing licenses that pose legal risks.
- Upgrade Risk: Categorizes updates by "Minor" (low risk) vs "Major" (migration required).
- Bundle Impact: Identifies heavy JavaScript packages and suggests lighter alternatives (e.g., swapping Moment.js for Day.js).
Actionable Migration Planning
The output isn't just a report; it’s a phased execution strategy. You receive a prioritized upgrade order—securing vulnerabilities first, then batching minor updates, and finally providing detailed migration steps for major version jumps, including breaking change analysis and required peer-dependency updates.
Supported Ecosystems
Supports npm, yarn, pnpm (JavaScript/TypeScript), pip, poetry (Python), Cargo (Rust), Go modules, Composer (PHP), and Bundler (Ruby).
Use Cases
- Identify and remediate high-risk security vulnerabilities in package trees
- Ensure legal compliance by flags for incompatible open-source licenses
- Execute phased dependency upgrades to minimize breaking changes and downtime
- Assess library health metrics to replace unmaintained or deprecated packages
Known Limitations
- Cannot execute shell commands (e.g., 'npm install') directly.
- Vulnerability data may lag behind real-time databases if offline.
- Indirect dependencies require a lock file for full visibility.
How to Install
mkdir -p ~/.claude/skills/dependency-auditor && curl -s -X POST 'https://api.promptspace.in/api/skills/dependency-auditor/install' | python3 -c "import sys,json; sys.stdout.write(json.load(sys.stdin).get('installInstructions') or '')" > ~/.claude/skills/dependency-auditor/SKILL.mdFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
Security Scanned
Passed automated security review
Permissions
No special permissions declared or detected
OpenClaw, Cursor, Claude Code, Codex CLI
Creator
PromptSpace
We build AI agent skill packages for content creators. Specializing in Chinese social media automation.