How does the skill handle security vulnerabilities?

It executes security audits via tools like npm audit or Snyk, identifies CVEs by severity, and requires a documented resolution path for all critical and high findings.

Which package managers does it support?

The skill is designed to work with standard Node.js ecosystems, reading from package.json and lock files from npm, Yarn, or pnpm.

Can this skill help with license compliance?

Yes, it scans your production dependencies and compares them against allowed or denied license lists to ensure your project remains compliant.

Does it automatically apply major version updates?

No, it categorizes updates by risk. Major updates are flagged for assessment and migration planning to prevent breaking changes on the main branch.

What is the output of a package audit?

The skill generates a structured YAML report containing triage decisions, update strategies, and license verification results.

Dependency Audit & Security Manager

Name: Dependency Audit & Security Manager
Author: hjemmesidekongen

byhjemmesidekongen

0•

安全与测试

Automates security vulnerability scans, license compliance checks, and dependency update strategies for Node.js projects.

The Package Audit skill provides a structured workflow for maintaining a healthy and secure codebase by analyzing project dependencies. It handles the full lifecycle of dependency management, from executing security audits (CVE triage) and identifying outdated packages to verifying license compliance against organizational standards. By applying specific update strategies for patch, minor, and major version bumps, it helps developers plan migrations safely, ensuring that critical vulnerabilities are addressed with documented resolution paths while minimizing the risk of breaking changes.

主要功能

01Comprehensive license compliance verification for production dependencies

02Automated security vulnerability scanning and severity-based CVE triage

03Structured audit report generation saved directly to your workspace

04Detailed outdated package analysis with categorized update strategies

05Integration guidance for Renovate and Dependabot configuration

060 GitHub stars

使用场景

01Conducting regular security health checks to identify and resolve high-severity vulnerabilities

02Planning large-scale dependency updates and migrations for complex monorepos

03Performing license audits before production releases to ensure legal compliance

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hjemmesidekongen/ai package-audit

For use in Claude.ai and ChatGPT