Slash Command

/dependency-audit

Audits project dependencies for vulnerabilities and outdated packages using native tools, categorizes by severity, and generates prioritized upgrade plans with formatted reports.

Node

Python

Rust

security

code-quality

Install

npx claudepluginhub rohitg00/awesome-claude-code-toolkit

Details

Namespacesecurity/

Prompt Preview

Audit project dependencies for known vulnerabilities and outdated packages.

## Steps

1. Detect the package manager and run the native audit command:
   - npm: `npm audit --json`
   - pnpm: `pnpm audit --json`
   - yarn: `yarn audit --json`
   - pip: `pip-audit --format json` or `safety check --json`
   - cargo: `cargo audit --json`
   - go: `govulncheck ./...`
2. Parse audit results and categorize by severity (critical, high, moderate, low).
3. For each vulnerability:
   - Identify the affected package and version range.
   - Check if a patched version is available.
   - Determine if it i...

Command Content

Other plugins with /dependency-audit

/dependency-audit

Audits project dependencies for security vulnerabilities, outdated versions, licenses, maintenance, performance, conflicts, and supply chain risks; outputs health report and update plan.

commands-security-audit

2.7k

/dependency-audit

Audits project dependencies for security vulnerabilities, outdated versions, licenses, maintenance, performance, conflicts, and supply chain risks; outputs health report and update plan.

all-commands

2.7k

/dependency-audit

Audits project dependencies for security vulnerabilities, license compliance, outdated packages, bundle size, and performance issues, producing analysis reports and recommendations.

BashReadWrite+3

dependency-manager

/dependency-audit

Audits project dependencies across package.json, requirements.txt, go.mod, and Gemfile for unpinned versions, deprecated packages, missing lockfiles, and known CVEs.

dependency-audit

Stats

Stars1176

Forks337

Last CommitFeb 4, 2026

Used By2 plugins

Actions

View Source View Plugin View on GitHub View README

Tags

Audit project dependencies for known vulnerabilities and outdated packages. ## Steps 1. Detect the package manager and run the native audit command: - npm: `npm audit --json` - pnpm: `pnpm audit --json` - yarn: `yarn audit --json` - pip: `pip-audit --format json` or `safety check --json` - cargo: `cargo audit --json` - go: `govulncheck ./...` 2. Parse audit results and categorize by severity (critical, high, moderate, low). 3. For each vulnerability: - Identify the affected package and version range. - Check if a patched version is available. - Determine if it i...

Steps

Detect the package manager and run the native audit command:

npm: npm audit --json
pnpm: pnpm audit --json
yarn: yarn audit --json
pip: pip-audit --format json or safety check --json
cargo: cargo audit --json
go: govulncheck ./...

Parse audit results and categorize by severity (critical, high, moderate, low).

For each vulnerability:

Identify the affected package and version range.
Check if a patched version is available.
Determine if it is a direct or transitive dependency.
Assess actual exploitability in the project context.

Check for outdated dependencies: npm outdated, pip list --outdated.

Generate an upgrade plan prioritized by:

Critical vulnerabilities first.
Direct dependencies over transitive.
Minimal version bumps (patch > minor > major).

Test compatibility of recommended upgrades if possible.

Offer to apply safe upgrades automatically.

Format

Dependency Audit Report ======================= Vulnerabilities: <critical>C / <high>H / <moderate>M / <low>L | Package | Current | Patched | Severity | Type | CVE | |---------|---------|---------|----------|------|-----| Outdated (no vulnerabilities): | Package | Current | Latest | Type | |---------|---------|--------|------| Recommended actions: 1. <action with command>

Rules

Always distinguish between direct and transitive dependencies.

Do not auto-upgrade major versions without user confirmation.

Report vulnerabilities even if no fix is available yet.

Check that lock files are committed and up to date.

Verify upgrades do not break the test suite before recommending them.

Audit project dependencies for known vulnerabilities and outdated packages.

Steps

Detect the package manager and run the native audit command:
- npm: npm audit --json
- pnpm: pnpm audit --json
- yarn: yarn audit --json
- pip: pip-audit --format json or safety check --json
- cargo: cargo audit --json
- go: govulncheck ./...
Parse audit results and categorize by severity (critical, high, moderate, low).
For each vulnerability:
- Identify the affected package and version range.
- Check if a patched version is available.
- Determine if it is a direct or transitive dependency.
- Assess actual exploitability in the project context.
Check for outdated dependencies: npm outdated, pip list --outdated.
Generate an upgrade plan prioritized by:
- Critical vulnerabilities first.
- Direct dependencies over transitive.
- Minimal version bumps (patch > minor > major).
Test compatibility of recommended upgrades if possible.
Offer to apply safe upgrades automatically.

Format

Dependency Audit Report
=======================

Vulnerabilities: <critical>C / <high>H / <moderate>M / <low>L

| Package | Current | Patched | Severity | Type | CVE |
|---------|---------|---------|----------|------|-----|

Outdated (no vulnerabilities):
| Package | Current | Latest | Type |
|---------|---------|--------|------|

Recommended actions:
1. <action with command>

Rules

Always distinguish between direct and transitive dependencies.
Do not auto-upgrade major versions without user confirmation.
Report vulnerabilities even if no fix is available yet.
Check that lock files are committed and up to date.
Verify upgrades do not break the test suite before recommending them.