返回 Skill 列表
extension
分类: 开发与工程无需 API Key

audit-dependencies

运行npm audit并检查过时/易受攻击的依赖项。返回按严重性划分的漏洞计数、过时的软件包和推荐更新的结构化输出。用于安全验证和依赖健康检查。

person作者: jakexiaohubgithub

Audit Dependencies

Executes npm audit and outdated checks to validate dependency security and freshness.

Usage

This skill runs dependency audits and returns structured security/maintenance results.

Checks Performed

  1. Security Audit (npm audit)

    • Vulnerability scanning
    • Severity classification (critical/high/moderate/low)
    • Affected packages
  2. Outdated Packages (npm outdated)

    • Packages behind latest versions
    • Semver distance (patch/minor/major)
    • Update recommendations

Output Format

Success (No Vulnerabilities)

{
  "status": "success",
  "audit": {
    "vulnerabilities": {
      "critical": 0,
      "high": 0,
      "moderate": 0,
      "low": 0,
      "total": 0
    },
    "outdated": {
      "count": 5,
      "packages": [
        {"name": "react", "current": "18.2.0", "latest": "18.3.1", "type": "minor"}
      ]
    }
  },
  "canProceed": true
}

Vulnerabilities Found

{
  "status": "error",
  "audit": {
    "vulnerabilities": {
      "critical": 2,
      "high": 5,
      "moderate": 10,
      "low": 3,
      "total": 20
    },
    "packages": [
      {
        "name": "lodash",
        "severity": "high",
        "via": ["prototype pollution"],
        "fix": "npm install lodash@latest"
      }
    ],
    "outdated": {
      "count": 12,
      "packages": []
    }
  },
  "canProceed": false,
  "details": "2 critical and 5 high severity vulnerabilities must be fixed"
}

When to Use

  • Security validation (before deployment)
  • Regular maintenance checks
  • Conductor Phase 3 (Quality Assurance)
  • Security audit agent workflows
  • Dependency update planning

Requirements

  • npm or package manager installed
  • package.json and package-lock.json present
  • Internet connection for vulnerability database