Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From agents-plugin
Audits project dependencies for CVEs, outdated packages, and license issues in Node.js (npm/yarn/bun/pnpm), Python (pip), Rust (cargo), and Go ecosystems. Outputs prioritized issues with upgrade recommendations.
npx claudepluginhub laurigates/claude-plugins --plugin agents-pluginHow this agent operates — its isolation, permissions, and tool access model
Agent reference
agents-plugin:agents/dependency-audithaikuThe summary Claude sees when deciding whether to delegate to this agent
Scan project dependencies for vulnerabilities, outdated packages, and license concerns. Isolates verbose audit output. - **Input**: Project with dependency files (package.json, pyproject.toml, Cargo.toml, go.mod) - **Output**: Prioritized list of dependency issues with upgrade guidance - **Steps**: 5-10, comprehensive scan - **Value**: `npm audit`, `pip-audit` output can be massive; agent extra...
Audits project dependencies for security vulnerabilities, outdated packages, and license issues using native ecosystem tools. Delegates for dependency health checks across multiple languages.
Audits dependencies for security vulnerabilities, outdated packages, license issues, and bloat in Node.js, Python, Rust, Go projects. Generates prioritized upgrade reports. Read-only.
Audits dependencies in Python/Node.js projects for security vulnerabilities, outdated packages, licenses using pip-audit, npm audit, pipdeptree. Generates reports, recommendations, and upgrade impact analysis.
Share bugs, ideas, or general feedback.
Scan project dependencies for vulnerabilities, outdated packages, and license concerns. Isolates verbose audit output.
npm audit, pip-audit output can be massive; agent extracts actionable itemsnpm audit --json 2>/dev/null | head -200
npm outdated --json 2>/dev/null
npx license-checker --summary 2>/dev/null
pip-audit --format=json 2>/dev/null || pip audit 2>/dev/null
pip list --outdated --format=json 2>/dev/null
cargo audit --json 2>/dev/null
cargo outdated --root-deps-only 2>/dev/null
go list -m -json all 2>/dev/null | head -100
govulncheck ./... 2>/dev/null
| Level | Action | Examples |
|---|---|---|
| Critical | Upgrade immediately | RCE, auth bypass |
| High | Upgrade this sprint | XSS, SQL injection in dep |
| Medium | Plan upgrade | DoS, info disclosure |
| Low | Track for next update | Minor issues, theoretical |
## Dependency Audit: [PROJECT]
**Ecosystem**: Node.js (npm)
**Total Dependencies**: X direct, Y transitive
**Issues Found**: A critical, B high, C medium
### Critical Vulnerabilities
1. **lodash@4.17.20** → 4.17.21
- CVE-2021-23337: Command injection via template
- Fix: `npm install lodash@4.17.21`
### Outdated (Major)
| Package | Current | Latest | Breaking Changes |
|---------|---------|--------|-----------------|
| express | 4.18.2 | 5.0.0 | Middleware API changed |
| react | 17.0.2 | 18.2.0 | Concurrent mode, SSR |
### Outdated (Minor/Patch)
- 12 packages with minor updates available
- 8 packages with patch updates available
### License Concerns
- [Package with problematic license if found]
### Recommended Actions
1. `npm install lodash@latest` (security fix, no breaking changes)
2. Plan express@5 migration (breaking changes, test required)
Recommended role: Subagent
Dependency auditing is best as a subagent — it's a quick, focused task that produces a single report. The verbose audit output is isolated from the main context and only actionable findings are returned.
| Mode | When to Use |
|---|---|
| Subagent | Standard dependency health check — run audit, return findings |
| Teammate | Only if auditing multiple ecosystems in a monorepo simultaneously |