Which programming languages and package managers does Dep Check support?

Dep Check supports TypeScript and JavaScript (npm/yarn/pnpm), Python (pip/poetry), Go (go mod), and Rust (cargo).

Does it work with lock files?

While it prioritizes manifest files for rule enforcement, it encourages the use of lock files and exact pinning (DEP-5) to ensure reproducible builds and environment parity.

Can Dep Check automatically fix dependency issues?

Yes, for certain rules like DEP-3 (unused dependencies) and DEP-4 (misclassified dev dependencies), it can apply fixes. However, for major version upgrades (DEP-2), it provides documentation and migration paths rather than auto-upgrading to prevent breaking changes.

What is the 'version lag' threshold in this skill?

Under rule DEP-2, the skill triggers a warning if a dependency is two or more major versions behind the current stable release, helping to prevent the accumulation of technical debt.

How does Dep Check handle security vulnerabilities?

It implements the DEP-1 rule, which automatically blocks work if HIGH or CRITICAL severity vulnerabilities are detected in production dependencies, requiring a patch or mitigation before proceeding.

Dependency Health and Security Checker

Name: Dependency Health and Security Checker
Author: mikecubed

bymikecubed

0•

安全与测试

Enforces comprehensive dependency health rules to eliminate security vulnerabilities, version lag, and configuration bloat across multiple programming languages.

The Dep Check skill provides an automated framework for auditing and maintaining the health of your software dependencies. By enforcing a set of five core rules (DEP-1 through DEP-5), it helps developers block critical security vulnerabilities (CVEs), track major version lag, identify unused packages, and ensure correct classification between production and development environments. Supporting major ecosystems like TypeScript, Python, Go, and Rust, this skill is essential for maintaining a secure supply chain, reducing technical debt, and optimizing production build sizes during active development or CI/CD pipelines.

主要功能

01Automated vulnerability scanning for HIGH and CRITICAL CVEs via internal audit scripts

02Version lag detection to prevent dependencies from falling more than two major versions behind

03Multi-language support for npm, yarn, pip, poetry, go mod, and cargo manifests

040 GitHub stars

05Identification of unused dependencies to reduce package bloat and attack surface

06Validation of production versus development dependency classification

使用场景

01Refactoring legacy projects by identifying and removing unimported or obsolete packages

02Automating dependency hygiene checks within CI/CD pipelines to ensure compliance with team standards

03Performing security audits before production deployments to block known vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mikecubed/clean-code-codex dep-check

For use in Claude.ai and ChatGPT

主要功能

01Automated vulnerability scanning for HIGH and CRITICAL CVEs via internal audit scripts

02Version lag detection to prevent dependencies from falling more than two major versions behind

03Multi-language support for npm, yarn, pip, poetry, go mod, and cargo manifests

040 GitHub stars

05Identification of unused dependencies to reduce package bloat and attack surface

06Validation of production versus development dependency classification

使用场景

01Refactoring legacy projects by identifying and removing unimported or obsolete packages

02Automating dependency hygiene checks within CI/CD pipelines to ensure compliance with team standards

03Performing security audits before production deployments to block known vulnerabilities