Can it help me fix identified vulnerabilities?

Yes, the skill provides a comprehensive report that includes vulnerability summaries and specific remediation advice, such as the recommended version for updates.

Which package managers does this skill support?

The skill supports a wide range of ecosystems including npm (JavaScript), pip (Python), composer (PHP), gem (Ruby), and go modules (Go).

Does it check for license compliance?

Yes, it identifies the licenses of your dependencies to help you ensure they are compatible with your project's legal requirements.

When is the best time to use this skill?

It is best used during regular maintenance cycles, before major deployments, or whenever you add new third-party libraries to your project.

Dependency Health & Security Audit

Name: Dependency Health & Security Audit
Author: jeremylongshore

byjeremylongshore

•

883

セキュリティとテスト

Analyzes project dependencies to identify security vulnerabilities, outdated packages, and license compliance issues across multiple ecosystems.

概要

This skill empowers Claude to perform deep audits of your project's software supply chain by scanning manifest files for known security vulnerabilities (CVEs), identifying outdated libraries, and ensuring license compliance. By integrating directly with popular package managers like npm, pip, Go modules, RubyGems, and Composer, it provides actionable reports and remediation steps to help developers maintain secure, stable, and legally compliant codebases without manual overhead.

主な機能

883 GitHub stars
Real-time vulnerability scanning against known CVE databases
License compliance checking to mitigate legal risks
Multi-language support for npm, pip, composer, gem, and go modules
Automated identification of outdated packages with version recommendations
Comprehensive reporting with severity levels and remediation advice

ユースケース

Performing a security audit before deploying code to production environments
Identifying and upgrading deprecated or vulnerable third-party libraries
Auditing software licenses to ensure compatibility with project requirements

概要

主な機能

883 GitHub stars
Real-time vulnerability scanning against known CVE databases
License compliance checking to mitigate legal risks
Multi-language support for npm, pip, composer, gem, and go modules
Automated identification of outdated packages with version recommendations
Comprehensive reporting with severity levels and remediation advice

ユースケース

Performing a security audit before deploying code to production environments
Identifying and upgrading deprecated or vulnerable third-party libraries
Auditing software licenses to ensure compatibility with project requirements