Which package managers does Dependency Audit support?

It supports a wide range of manifests including package.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, pyproject.toml, go.mod, Gemfile, and Cargo.toml.

How does this skill detect security vulnerabilities?

The skill parses your manifest files and compares extracted versions against known vulnerability feeds such as CVE and the GitHub Advisory Database.

When is the dependency audit triggered?

The audit runs automatically whenever a change is detected in any of the supported dependency manifest or lockfile formats within your repository.

What information is included in the audit findings?

The output includes the package name, current version, specific issue (CVE, outdated status, or license violation), and a recommended fix such as an upgrade version or alternative package.

Dependency Audit

Name: Dependency Audit
Author: LieBieS

byLieBieS

•

보안 및 테스팅

Audits project dependency manifests automatically to identify vulnerabilities, outdated packages, and license violations.

The Dependency Audit skill continuously monitors your project's manifest and lockfiles to ensure your software supply chain remains secure and up-to-date. By parsing files like package.json, requirements.txt, and Cargo.toml upon any code change, it cross-references your dependencies against the GitHub Advisory Database and CVE feeds. This automated process identifies security risks, flags outdated versions, and detects organizational policy violations, providing developers with clear recommendations and migration notes to streamline the patching process.

주요 기능

011 GitHub stars

02Automatic vulnerability scanning against CVE and GitHub Advisory databases

03Support for major ecosystems including Node.js, Python, Go, Rust, and Ruby

04Real-time monitoring triggered by changes to manifests or lockfiles

05Policy compliance checks for blacklisted or unapproved packages

06Actionable upgrade paths including migration notes for breaking changes

사용 사례

01Automating security reviews during the development and PR process

02Maintaining software supply chain security in polyglot repositories

03Enforcing organizational standards for approved package versions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add liebies/newt dependency-audit

For use in Claude.ai and ChatGPT