Audit Dependency Versions
Identifies outdated or vulnerable dependencies in project files, providing actionable upgrade recommendations from pjt222.
Install on your platform
We auto-selected Claude Code based on this skill’s supported platforms.
Run in terminal (recommended)
claude mcp add audit-dependency-versions npx -- -y @trustedskills/audit-dependency-versions
Or manually add to ~/.claude/settings.json
{
"mcpServers": {
"audit-dependency-versions": {
"command": "npx",
"args": [
"-y",
"@trustedskills/audit-dependency-versions"
]
}
}
}Requires Claude Code (claude CLI). Run claude --version to verify your install.
About This Skill
What it does
This skill analyzes a project's dependency file (e.g., package.json, requirements.txt) and identifies outdated or vulnerable versions of dependencies. It provides a report detailing the current versions, available updates, and potential security risks associated with those vulnerabilities. The tool aims to improve project stability and security by ensuring dependencies are up-to-date.
When to use it
- Security Audits: Regularly check for known vulnerabilities in your project's dependencies before deployment.
- Dependency Updates: Determine which dependencies require updates to maintain compatibility or access new features.
- New Project Setup: Ensure a clean and secure starting point by identifying potential dependency issues early on.
- Post-Merge Checks: Verify that merged pull requests haven’t introduced outdated or vulnerable dependencies.
Key capabilities
- Parses common dependency files (e.g.,
package.json,requirements.txt). - Identifies available updates for each dependency.
- Highlights potential security vulnerabilities within dependencies.
- Generates a report summarizing findings.
Example prompts
- "Audit the dependencies in my
package.jsonfile." - "Check for vulnerable versions in my Python project's
requirements.txt." - “Generate a report of outdated packages.”
Tips & gotchas
The skill requires access to the relevant dependency files within the project directory. Ensure the AI agent has appropriate permissions and context to locate and analyze these files accurately.
Tags
TrustedSkills Verification
Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.
Security Audits
| Gen Agent Trust Hub | Pass |
| Socket | Pass |
| Snyk | Pass |
🌐 Community
Passed automated security scans.