Dependency Audit
技能 已验证 活跃Dependency audit and cleanup workflow for maintaining healthy project dependencies. Use for regular maintenance, security updates, and removing unused packages.
To help developers maintain healthy project dependencies by providing a systematic workflow for auditing, updating, and cleaning up packages, ensuring security and reducing bloat.
功能
- Comprehensive dependency auditing commands
- Security vulnerability scanning and fixing
- Identification and removal of unused dependencies
- Guidance on updating packages and handling deprecations
- Cross-ecosystem support (npm, pnpm, yarn, pip, poetry)
使用场景
- Regularly maintaining project dependencies
- Responding to security advisories (CVEs)
- Cleaning up unused packages to reduce bundle size
- Migrating from deprecated libraries or frameworks
非目标
- Managing build tools or CI/CD pipelines
- Performing code linting or formatting
- Handling application deployment or infrastructure
Scope
- info:Tool surface sizeThe skill is more of a collection of documentation and commands for various package managers rather than a single tool with a defined number of exposed commands. The documentation references many distinct commands across different ecosystems.
安装
npx skills add bobmatnyc/claude-mpm-skills通过 npx 运行 Vercel skills CLI(skills.sh)— 需要本地安装 Node.js,以及至少一个兼容 skills 的智能体(Claude Code、Cursor、Codex 等)。前提是仓库遵循 agentskills.io 格式。
质量评分
已验证类似扩展
Clawsec Scanner
100Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.
Dependency Management
98Manage third-party libraries, runtimes, and SaaS dependencies. Use this skill when setting an update cadence, responding to security advisories, dealing with deprecated dependencies, evaluating new dependencies, auditing what's installed, or unblocking a dependency upgrade. Triggers on dependency, package update, security patch, lockfile, deprecated, breaking change, supply chain, dependency audit, npm audit, dependabot, renovate. Also triggers when a build breaks after an update or when an advisory is published for a used package.
Dependency Upgrade
95Manage major dependency version upgrades with compatibility analysis, staged rollout, and comprehensive testing. Use when upgrading framework versions, updating major dependencies, or managing breaking changes in libraries.
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Monorepo Management
95Master monorepo management with Turborepo, Nx, and pnpm workspaces to build efficient, scalable multi-package repositories with optimized builds and dependency management. Use when setting up monorepos, optimizing builds, or managing shared dependencies.
Cleanup Dashboards
100Audit and consolidate HubSpot reporting dashboards. Identifies unused, duplicate, or outdated dashboards. Must be performed manually — no dashboard API is available.