Update Deps
Skill Verified ActiveAudit and update npm/Bun dependencies with supply chain integrity checks — verifies maintainers, publish age, tarball diffs, and provenance before bumping. Defers risky packages to ~/.supply-chain/notes/.
To ensure the integrity and security of project dependencies by performing thorough supply chain checks before updating packages, minimizing risks associated with outdated or compromised libraries.
Features
- Audits npm/Bun dependencies for supply chain integrity
- Verifies maintainers, publish age, tarball diffs, and provenance
- Safely bumps dependencies based on audit results
- Defers risky packages for manual review
- Logs all audit and update results locally
Use Cases
- When updating project dependencies to the latest versions
- When a project's dependencies haven't been updated in a while
- Before merging a pull request that includes dependency updates
- To proactively identify and mitigate supply chain risks in project dependencies
Non-Goals
- Automatically updating all dependencies without review
- Handling non-npm/Bun package managers
- Performing code-level security analysis of the project's own codebase
- Replacing a full CI/CD pipeline
Installation
npx skills add backnotprop/plannotatorRuns the Vercel skills CLI (skills.sh) via npx — needs Node.js locally and at least one installed skills-compatible agent (Claude Code, Cursor, Codex, …). Assumes the repo follows the agentskills.io format.
Quality Score
VerifiedTrust Signals
Similar Extensions
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Codex Diff Develop
100Revisa el diff de la rama actual frente a develop en proyectos Drupal 11 siguiendo la metodología Codex (lógica de negocio, edge cases de hooks/queries, seguridad, performance, completitud). Genera un informe .md en la carpeta del IDE detectado (.antigravity/, .cursor/, .vscode/ o docs/) con hallazgos por severidad y soluciones accionables. Usar cuando el usuario pida "Revisión diff develop", "revisión diff develop", "diff develop", "revisar diff", "codex diff" o expresiones similares con intención de auditar cambios contra develop. Triggers: diff develop, codex diff, revisión diff, lint diff develop, auditar diff.
Vector Setup
100First-run setup for ruvector@0.2.25 — installs ONNX/Brain/SONA add-ons, registers the MCP server, and verifies the install via `doctor`
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Clawsec Scanner
100Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.