Dependency Audit
Skill Verified ActiveDependency audit and cleanup workflow for maintaining healthy project dependencies. Use for regular maintenance, security updates, and removing unused packages.
To help developers maintain healthy project dependencies by providing a systematic workflow for auditing, updating, and cleaning up packages, ensuring security and reducing bloat.
Features
- Comprehensive dependency auditing commands
- Security vulnerability scanning and fixing
- Identification and removal of unused dependencies
- Guidance on updating packages and handling deprecations
- Cross-ecosystem support (npm, pnpm, yarn, pip, poetry)
Use Cases
- Regularly maintaining project dependencies
- Responding to security advisories (CVEs)
- Cleaning up unused packages to reduce bundle size
- Migrating from deprecated libraries or frameworks
Non-Goals
- Managing build tools or CI/CD pipelines
- Performing code linting or formatting
- Handling application deployment or infrastructure
Scope
- info:Tool surface sizeThe skill is more of a collection of documentation and commands for various package managers rather than a single tool with a defined number of exposed commands. The documentation references many distinct commands across different ecosystems.
Installation
npx skills add bobmatnyc/claude-mpm-skillsRuns the Vercel skills CLI (skills.sh) via npx — needs Node.js locally and at least one installed skills-compatible agent (Claude Code, Cursor, Codex, …). Assumes the repo follows the agentskills.io format.
Quality Score
VerifiedSimilar Extensions
Clawsec Scanner
100Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.
Dependency Management
98Manage third-party libraries, runtimes, and SaaS dependencies. Use this skill when setting an update cadence, responding to security advisories, dealing with deprecated dependencies, evaluating new dependencies, auditing what's installed, or unblocking a dependency upgrade. Triggers on dependency, package update, security patch, lockfile, deprecated, breaking change, supply chain, dependency audit, npm audit, dependabot, renovate. Also triggers when a build breaks after an update or when an advisory is published for a used package.
Dependency Upgrade
95Manage major dependency version upgrades with compatibility analysis, staged rollout, and comprehensive testing. Use when upgrading framework versions, updating major dependencies, or managing breaking changes in libraries.
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Monorepo Management
95Master monorepo management with Turborepo, Nx, and pnpm workspaces to build efficient, scalable multi-package repositories with optimized builds and dependency management. Use when setting up monorepos, optimizing builds, or managing shared dependencies.
Cleanup Dashboards
100Audit and consolidate HubSpot reporting dashboards. Identifies unused, duplicate, or outdated dashboards. Must be performed manually — no dashboard API is available.