codebase-cleanup-deps-audit
Audit Dependencies for Security Vulnerabilities
Keep your projects secure by identifying vulnerable, outdated, or license-incompatible dependencies. This skill scans your dependency tree, checks vulnerability databases, and provides prioritized remediation steps.
Download the skill ZIP
Upload in Claude
Go to Settings → Capabilities → Skills → Upload skill
Toggle on and start using
Test it
Using "codebase-cleanup-deps-audit". Scan for vulnerabilities in a Node.js project with 45 dependencies
Expected outcome:
- Security Audit Summary
- Total Dependencies: 45
- Vulnerabilities Found: 3 (1 critical, 2 high)
- Critical: lodash <4.17.21 - Prototype Pollution (CVE-2021-23337) - Upgrade to 4.17.21
- High: minimist <1.2.6 - Prototype Pollution (CVE-2021-44906) - Upgrade to 1.2.6
- High: node-fetch <2.6.7 - Information Disclosure (CVE-2022-0235) - Upgrade to 2.6.7
- Recommended Action: Run npm audit fix --force to apply patches
Using "codebase-cleanup-deps-audit". Check license compliance for a commercial project
Expected outcome:
- License Compliance Report
- Project License: Proprietary
- Total Dependencies: 128
- Issues Found: 2
- GPL-3.0: package-name - Copyleft license incompatible with proprietary use
- Unknown: legacy-lib - License not specified, legal review required
- Recommendation: Replace GPL dependency with MIT alternative or obtain commercial license
Security Audit
Low RiskStatic analysis detected 50 patterns in 2 files (821 lines), but all findings are false positives from markdown documentation containing code examples. The skill is a legitimate dependency audit tool with no malicious intent. Minor risk indicators exist due to documented use of external commands and network APIs for dependency scanning.
Medium Risk Issues (1)
Low Risk Issues (2)
Risk Factors
⚙️ External commands (3)
🌐 Network access (3)
📁 Filesystem access (1)
Quality Score
What You Can Build
Pre-Release Security Audit
Run a comprehensive dependency audit before releasing a new version to identify and fix vulnerabilities that could affect users.
License Compliance Review
Verify that all dependencies have compatible licenses before integrating into a commercial product to avoid legal risks.
Technical Debt Assessment
Identify outdated dependencies and prioritize updates based on age, breaking changes, and security impact.
Try These Prompts
Scan my project for dependency vulnerabilities. Check package.json and report any critical or high severity issues with recommended fixes.
Perform a complete dependency audit including vulnerability scanning, license compliance check, and outdated package analysis. Prioritize findings by severity and provide actionable remediation steps.
Analyze all dependencies for license compatibility with our MIT-licensed project. Flag any GPL, AGPL, or proprietary licenses and suggest alternatives.
Create a prioritized dependency update plan. Group updates by risk level (security patches first, then major versions), estimate effort for each, and generate update commands.
Best Practices
- Run dependency audits on a regular schedule (weekly or before each release)
- Pin dependency versions in lock files to ensure reproducible builds
- Review and test security updates in staging before deploying to production
Avoid
- Ignoring critical vulnerabilities because tests pass locally
- Updating all dependencies at once without testing each change
- Using dependencies with unknown or incompatible licenses in commercial products
Frequently Asked Questions
What package managers does this skill support?
How does the skill check for vulnerabilities?
Can this skill automatically fix vulnerabilities?
What should I do if a dependency has no license?
How often should I run dependency audits?
Does this skill check transitive dependencies?
Developer Details
Author
sickn33License
MIT
Repository
https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/codebase-cleanup-deps-auditRef
main
File structure