What it does

The Dependency Audit skill performs a deep-tissue scan of your project to identify unused, misplaced, and missing dependencies. It works by cross-referencing your manifest files (like package.json, requirements.txt, or Cargo.toml) against the actual import and require statements found in your source code.

How it works

Unlike basic linters, this skill maps your entire dependency graph across various ecosystems. It categorizes issues into clear buckets: unused packages that are bloating your build, dev-dependencies that accidentally leaked into production code, and "phantom" dependencies that you're using without explicitly declaring them.

Supported ecosystem

• Node.js/TypeScript: npm, yarn, pnpm (handles scoped packages and test-file detection).
• Python: pip (requirements.txt and pyproject.toml normalization).
• Go: go.mod analysis.
• Rust: Cargo.toml dependency and dev-dependency separation.

Why use this skill?

Standard dependency checkers often miss the context of where a package is used. This skill understands the difference between production source and test suites. It prevents production crashes caused by missing manifest entries and reduces your attack surface by pruning unneeded code. It delivers a comprehensive DEPENDENCY_AUDIT.md report with actionable CLI commands to fix every found issue.