Which package managers does this skill support?

It currently supports Node.js (npm, yarn, pnpm), Python (pip, poetry, uv, Pipenv), Rust (cargo), and Go modules.

How does it identify unused dependencies?

It cross-references the dependencies declared in your manifest files with actual import or require statements found in your source code, while specifically excluding tools like test frameworks and build plugins.

Does it handle monorepos?

Yes, the skill uses global discovery to identify multiple workspaces and packages within a single repository, analyzing each ecosystem independently.

Can this skill automatically update my packages?

No, the skill is advisory only. It provides detailed analysis and recommendations, but it does not modify your manifest or lock files to ensure you maintain control over breaking changes.

What kind of security vulnerabilities does it detect?

It scans for known vulnerabilities using ecosystem-specific tools, reporting Vulnerability IDs (CVE, GHSA), severity levels, and whether the issue is in a direct or transitive dependency.

Dependency Management

Name: Dependency Management
Author: AnExiledDev

byAnExiledDev

•

보안 및 테스팅

Performs a comprehensive five-phase health analysis of software dependencies across multiple programming ecosystems to ensure security, currency, and compliance.

This skill empowers Claude to conduct deep audits of a project's dependency tree, covering Node.js, Python, Rust, and Go ecosystems. It systematically evaluates package currency, scans for known security vulnerabilities (CVEs/GHSAs), identifies unused dependencies to reduce attack surfaces, resolves version conflicts, and ensures license compliance. By treating dependency health as continuous hygiene rather than a one-time task, it helps developers maintain secure, efficient, and legally compliant codebases with actionable insights into version gaps and exploitability.

주요 기능

01Five-phase health analysis covering currency, security, usage, conflicts, and licenses

026 GitHub stars

03Multi-ecosystem support for npm, pip, cargo, and Go modules

04Automated vulnerability reporting with severity classification and fix versions

05Intelligent detection of unused packages while respecting implicit-use tools

06Detailed license compliance flagging for permissive vs. copyleft obligations

사용 사례

01Performing a comprehensive security audit and supply chain risk assessment

02Identifying and removing dead dependencies to optimize build times and security

03Planning major version upgrades by analyzing breaking changes and version gaps

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add anexileddev/codeforge dependency-management

For use in Claude.ai and ChatGPT

Download Skill