← Back to Skills

Dependency Audit

🌐Community
by jezweb · vlatest · Repository

Identifies outdated, vulnerable, or unused dependencies in projects, improving security and reducing bloat.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add dependency-audit npx -- -y @trustedskills/dependency-audit
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "dependency-audit": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/dependency-audit"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill performs a comprehensive dependency audit for JavaScript projects managed by npm, pnpm, or yarn. It identifies potential issues including security vulnerabilities (categorized as Critical, High, Moderate, and Low), outdated packages (Major, Minor, and Patch updates), license compliance concerns (e.g., GPL licenses in commercial projects), and overall package health (deprecated or abandoned packages). The skill provides prioritized findings to help improve project security and reduce unnecessary bloat.

When to use it

  • Before deploying a new version of your JavaScript application to identify potential vulnerabilities.
  • As part of a regular maintenance routine to keep dependencies up-to-date and secure.
  • When onboarding a new project or taking over an existing codebase to quickly assess its dependency health.
  • To proactively address license compliance risks in commercial projects.

Key capabilities

  • Security Vulnerability Scanning: Identifies vulnerabilities with severity levels (Critical, High, Moderate, Low).
  • Outdated Package Detection: Flags packages needing updates categorized by the potential impact of the update (Major, Minor, Patch).
  • License Compliance Checks: Detects GPL licenses in commercial projects and missing/unknown licenses.
  • Dependency Health Assessment: Identifies deprecated or abandoned packages.
  • Supports npm, pnpm, and yarn package managers.

Example prompts

  • /audit-deps - Runs a full dependency audit.
  • /audit-deps --security-only - Only checks for security vulnerabilities.
  • /audit-deps --outdated - Only identifies outdated packages.
  • /audit-deps --fix - Attempts to automatically fix compatible updates.

Tips & gotchas

  • The skill requires a JavaScript project with either npm, pnpm, or yarn installed.
  • Review the output carefully, especially for "Major" updates which may introduce breaking changes and require changelog review.
  • Be aware that automatically fixing dependencies (--fix) might not always be possible or desirable without careful consideration of potential compatibility issues.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
jezweb
Installs
161
Repository (canonical source) →

🌐 Community

Passed automated security scans.