Does it help with reducing application bundle size?

Yes, it identifies unused dependencies that aren't actually imported in your code and flags redundant packages providing overlapping functionality.

How does it help with license compliance?

It classifies licenses (such as MIT, GPL, or Apache) and warns about incompatible combinations, legal risks, or potential 'GPL contamination' in your project.

Which programming languages does the Dependency Auditor support?

It supports a wide range of ecosystems including JavaScript/Node.js, Python, Go, Rust, Ruby, Java, PHP, and C#/.NET by parsing standard manifest and lockfiles.

Can this skill be integrated into CI/CD pipelines?

Absolutely. It is designed to work as a security gate, allowing you to fail builds based on vulnerability severity thresholds or license policy violations.

Can it detect transitive dependency vulnerabilities?

Yes, the tool maps complete dependency trees to identify security risks and license issues introduced by indirect or transitive dependencies.

Dependency Auditor

Name: Dependency Auditor
Author: alirezarezvani

byalirezarezvani

•

5,225

•

セキュリティとテスト

Audits and manages software dependencies across multiple languages to ensure security, license compliance, and optimal performance.

The Dependency Auditor is a comprehensive engineering tool designed to provide deep visibility into a project's dependency ecosystem. It automates the detection of security vulnerabilities (CVEs), identifies license compliance risks, and maps out safe upgrade paths while eliminating dependency bloat. Supporting a wide array of ecosystems including Node.js, Python, Go, and Rust, it helps development teams maintain high-quality, secure codebases by providing actionable insights into transitive risks and supply chain integrity.

主な機能

01Multi-language vulnerability scanning against real-time CVE databases

02Automated license classification and legal conflict detection

03Dependency bloat analysis to identify unused or redundant packages

045,225 GitHub stars

05Supply chain security verification including provenance and lockfile validation

06Strategic upgrade path planning with breaking change risk assessment

ユースケース

01Managing legal risk by identifying incompatible open-source licenses before software distribution

02Automating security audits in CI/CD to prevent vulnerable packages from reaching production

03Optimizing application performance and build times by removing unused or oversized dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add alirezarezvani/claude-skills dependency-auditor

For use in Claude.ai and ChatGPT

Download Skill