Scan project dependencies for known vulnerabilities. Automatically detect and parse package files (package.json, requirements.txt, Gemfile, go.mod, pom.xml) and check all dependencies against the CVE database. Use when you want to audit a project for security vulnerabilities, check if dependencies have known CVEs, or generate a vulnerability report for compliance.
View on GitHubplugins/cve-search/skills/cve-audit/SKILL.md
January 23, 2026
Select agents to install to:
npx add-skill https://github.com/Mearman/marketplace/blob/main/plugins/cve-search/skills/cve-audit/SKILL.md -a claude-code --skill cve-auditInstallation paths:
.claude/skills/cve-audit/# CVE Dependency Audit Automatically scan your project's dependencies and identify known Common Vulnerabilities and Exposures (CVEs). Supports Node.js, Python, Ruby, Go, and Maven projects. ## Quick Start ```bash # Scan current directory npx tsx scripts/audit.ts # Scan specific directory npx tsx scripts/audit.ts /path/to/project # Only show critical vulnerabilities npx tsx scripts/audit.ts --severity critical # Get fresh data (bypass cache) npx tsx scripts/audit.ts --no-cache # Output as JSON npx tsx scripts/audit.ts --json ``` Run from the cve-search plugin directory: `~/.claude/plugins/cache/cve-search/` ## Usage ```bash npx tsx scripts/audit.ts [directory] [options] ``` ### Options | Option | Description | |--------|-------------| | `[directory]` | Directory to scan (default: current directory) | | `--severity <level>` | Filter by severity: `critical`, `high`, `medium`, `low` | | `--no-cache` | Bypass cache and fetch fresh data | | `--json` | Output results as JSON | | `--help` | Show help message | ## Supported Package Managers The skill automatically detects and parses dependency files from multiple ecosystems: ### Node.js / npm - **File**: `package.json` - **Detects**: `dependencies`, `devDependencies`, `peerDependencies` - **Example**: `"express": "^4.18.0"` ### Python / pip - **File**: `requirements.txt` - **Detects**: Pinned versions and ranges - **Example**: `django==3.2.10` or `requests>=2.25.0` ### Ruby / Bundler - **File**: `Gemfile` - **Detects**: Gem dependencies with versions - **Example**: `gem 'rails', '~> 6.1.0'` ### Go / Go Modules - **File**: `go.mod` - **Detects**: Direct and indirect dependencies - **Example**: `require github.com/user/repo v1.2.3` ### Java / Maven - **File**: `pom.xml` - **Detects**: Project and transitive dependencies - **Example**: `<artifactId>log4j-core</artifactId>` ## How It Works 1. **Discovery**: Scans for supported dependency files in the directory 2. **Parsing**: Extracts package names and versi