Can I filter the audit reports by severity?

Yes, you can use the --severity flag to filter findings by critical, high, medium, or low levels to focus on the most urgent security risks first.

Does this skill automatically update my packages?

No, this skill is strictly for analysis and reporting. It identifies risks and recommends upgrades but does not modify your code, manifests, or lock files.

Which programming languages and package managers are supported?

It supports a wide range of ecosystems including Node.js (npm/yarn/pnpm), Python (pip/uv/poetry), Rust (Cargo), Go, PHP (Composer), Ruby (Bundler), .NET (NuGet), and Java (Maven/Gradle).

How does it prevent AI hallucinations regarding vulnerabilities?

The skill follows strict anti-hallucination guidelines, requiring raw output from native audit tools and verified CVE/GHSA data before reporting any findings to ensure 100% accuracy.

Dependency Reviewer & Security Auditor

Name: Dependency Reviewer & Security Auditor
Author: mgiovani

bymgiovani

•

安全与测试

Audits project dependencies for security vulnerabilities, license compliance risks, and version staleness across multiple programming ecosystems.

Review Deps is a comprehensive diagnostic skill designed to secure and modernize your software supply chain by performing deep-dive audits of project dependencies. It automatically detects package managers, executes native security tools like npm audit or pip-audit, and utilizes parallel AI agents to analyze CVEs, license risks, and upgrade complexity. This skill provides actionable, evidence-based reports with health scores and prioritized upgrade paths without modifying your source code, making it an essential tool for maintaining project integrity and compliance across Node.js, Python, Rust, Go, and more.

主要功能

012 GitHub stars

02License compliance auditing to identify copyleft risks and commercial compatibility

03Security vulnerability scanning with CVE/GHSA triage and exploitability assessment

04Integration with GitHub Dependabot alerts for cloud-synced security insights

05Automated detection of multi-language package managers and monorepo structures

06Staleness analysis and prioritized upgrade planning with breaking change warnings

使用场景

01Performing license compliance checks before releasing a proprietary project to ensure legal safety

02Auditing a legacy codebase to identify critical security vulnerabilities and outdated packages

03Planning a major version migration by assessing upgrade complexity and breaking changes across the dependency tree

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mgiovani/cc-arsenal review-deps

For use in Claude.ai and ChatGPT

Download Skill