Which package managers does Dependency Guardian support?

Dependency Guardian supports a wide range of ecosystems including JavaScript (npm, yarn, pnpm), Python (pip, poetry, pipenv), Rust (cargo), Go (go mod), Ruby (bundler), and Java (maven, gradle).

Can I define a custom license policy?

Yes, you can configure an allowed list of licenses (like MIT or Apache-2.0). The skill will flag any dependencies that violate your organizational policy or have incompatible licenses.

How does it handle security vulnerabilities?

The skill scans your project against CVE databases to identify critical, high, medium, and low severity vulnerabilities, providing specific remediation steps or automated fixes where available.

How does this skill reduce token usage?

By offloading dependency analysis and database lookups to local scripts rather than having the LLM manually process large manifest files, it can achieve up to 95% token savings.

Can it automatically apply updates?

Yes, it can be configured to automatically apply patch updates and create pull requests. It can also perform dry runs to preview changes before they are applied.

Dependency Guardian

Name: Dependency Guardian
Author: benreceveur

bybenreceveur

•

セキュリティとテスト

Manages project dependencies with automated security scanning, intelligent update orchestration, and license compliance audits.

Dependency Guardian is a comprehensive orchestration skill designed to secure and maintain software supply chains across multiple ecosystems including JavaScript, Python, Rust, and Go. It automates the lifecycle of dependencies by identifying vulnerabilities via CVE databases, classifying available updates, and safely applying patches with built-in test validation. By integrating with Claude’s workflow, it ensures that projects stay compliant with license policies and remain performant through optimized dependency trees, significantly reducing manual maintenance overhead and token consumption.

主な機能

01Intelligent update orchestration with breaking change detection

02Comprehensive license compliance auditing and compatibility reporting

03Automated vulnerability scanning against global CVE databases

04Multi-language support for NPM, Pip, Poetry, Cargo, Go Mod, and more

05Automated PR creation with integrated post-update test validation

063 GitHub stars

ユースケース

01Performing automated weekly security health checks and vulnerability patching

02Auditing projects for open-source license compliance and identifying dependency bloat

03Preparing for major releases by identifying and updating outdated packages safely

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add benreceveur/claude-workflow-engine dependency-guardian

For use in Claude.ai and ChatGPT

Download Skill