Comprehensive dependency health auditing for JavaScript/TypeScript projects. Run npm audit, detect outdated packages, check for security advisories, and verify license compliance. Prioritises vulnerabilities by severity and provides actionable fix recommendations. Use when: auditing project dependencies, checking for vulnerabilities, updating packages, preparing for release, or investigating "npm audit" warnings. Keywords: audit, vulnerabilities, outdated, security, npm audit, pnpm audit, CVE, GHSA, license.
View on GitHubskills/dependency-audit/SKILL.md
February 4, 2026
Select agents to install to:
npx add-skill https://github.com/jezweb/claude-skills/blob/main/skills/dependency-audit/SKILL.md -a claude-code --skill dependency-auditInstallation paths:
.claude/skills/dependency-audit/# Dependency Audit **Status**: Production Ready **Last Updated**: 2026-02-03 **Scope**: npm, pnpm, yarn projects --- ## Commands | Command | Purpose | |---------|---------| | `/audit-deps` | Run comprehensive dependency audit with prioritised findings | ## Quick Start ``` /audit-deps # Full audit /audit-deps --security-only # Only security vulnerabilities /audit-deps --outdated # Only outdated packages /audit-deps --fix # Auto-fix compatible updates ``` --- ## What This Skill Audits ### 1. Security Vulnerabilities ``` npm audit / pnpm audit ``` - **Critical** (CVSS 9.0-10.0): Remote code execution, auth bypass - **High** (CVSS 7.0-8.9): Data exposure, privilege escalation - **Moderate** (CVSS 4.0-6.9): DoS, info disclosure - **Low** (CVSS 0.1-3.9): Minor issues ### 2. Outdated Packages ``` npm outdated / pnpm outdated ``` Categories: - **Major updates**: Breaking changes likely (review changelog) - **Minor updates**: New features, backwards compatible - **Patch updates**: Bug fixes, safe to update ### 3. License Compliance Checks for: - GPL licenses in commercial projects (copyleft risk) - Unknown/missing licenses - License conflicts ### 4. Dependency Health - Deprecated packages - Abandoned packages (no updates in 2+ years) - Packages with open security issues --- ## Output Format ``` ═══════════════════════════════════════════════ DEPENDENCY AUDIT REPORT ═══════════════════════════════════════════════ Project: my-app Package Manager: pnpm Total Dependencies: 847 (142 direct, 705 transitive) ─────────────────────────────────────────────── SECURITY ─────────────────────────────────────────────── 🔴 CRITICAL (1) lodash@4.17.20 └─ CVE-2021-23337: Command injection via template() └─ Fix: npm update lodash@4.17.21 └─ Affects: direct dependency 🟠 HIGH (2) minimist@1.2.5 └─ CVE-2021-44906: Prototype pollution └─ Fix: Transitive via mkdirp, update parent └─ Path: mkdirp → minimist