All skills
Skillintermediate
audit deps
Audit all project dependencies for vulnerabilities, licensing issues, and maintenance status.
Claude Code Knowledge Pack7/10/2026
Overview
Audit all project dependencies for vulnerabilities, licensing issues, and maintenance status.
Steps
- Detect the package manager and run native audit:
- npm:
npm audit --json - pnpm:
pnpm audit --json - pip:
pip-audit --format json - cargo:
cargo audit --json
- npm:
- Check package maintenance status:
- Last publish date for each dependency.
- Open issue count and response time.
- Whether the package is deprecated.
- Verify license compatibility:
- List all dependency licenses.
- Flag any copyleft licenses (GPL) in permissive projects.
- Flag packages with no license specified.
- Analyze dependency tree depth and size impact.
- Identify unused dependencies by cross-referencing imports.
- Generate a prioritized action list.
Format
Dependency Audit - <date>
Vulnerabilities: critical, high, moderate, low
Licenses: permissive, copyleft, unknown
Maintenance: actively maintained, stale, deprecated
Unused: <list>
Priority actions:
1. [CRITICAL] Upgrade <pkg> to fix CVE-XXXX
2. [WARNING] Replace deprecated <pkg> with <alternative>
Rules
- Always report the full vulnerability chain (which direct dep pulls in the vulnerable transitive dep).
- Flag any dependency with no updates in the last 12 months.
- Check that lock files are present and committed.
- Never recommend removing a dependency without verifying it is truly unused.