Slash Command

/audit-deps

Audits project dependencies for vulnerabilities, licensing issues, maintenance status, unused packages, tree depth; generates report with stats and prioritized actions.

Javascript

Python

Rust

security

code-quality

From dependency-manager

Install

Run in your terminal

npx claudepluginhub rohitg00/awesome-claude-code-toolkit --plugin dependency-manager

Command Content

Other plugins with /audit-deps

/audit-deps

Audits project dependencies for security vulnerabilities and outdated packages using detected package manager (npm/pnpm/yarn/bun), outputs prioritized findings with severity groupings and fix commands. Supports --security, --outdated, --fix flags and path targeting.

dependency-audit

276

/audit-deps

Audit and manage project dependencies

atn-claudecode-config

/audit-deps

Dependency vulnerability scan

jm-adk

/audit-deps

Dependency analysis — builds module dependency graph, detects circular dependencies, classifies hub/orphan modules, and scans for external dependency vulnerabilities. Runs in 1-2 minutes.

BashReadWrite+12

repo-audit

Stats

Parent Repo Stars1012

Parent Repo Forks275

Last CommitFeb 4, 2026

Actions

View Source View Plugin View on GitHub View README

Steps

Detect the package manager and run native audit:
- npm: npm audit --json
- pnpm: pnpm audit --json
- pip: pip-audit --format json
- cargo: cargo audit --json
Check package maintenance status:
- Last publish date for each dependency.
- Open issue count and response time.
- Whether the package is deprecated.
Verify license compatibility:
- List all dependency licenses.
- Flag any copyleft licenses (GPL) in permissive projects.
- Flag packages with no license specified.
Analyze dependency tree depth and size impact.
Identify unused dependencies by cross-referencing imports.
Generate a prioritized action list.

Format

Dependency Audit - <date>

Vulnerabilities: <C>critical, <H>high, <M>moderate, <L>low
Licenses: <N> permissive, <N> copyleft, <N> unknown
Maintenance: <N> actively maintained, <N> stale, <N> deprecated
Unused: <list>

Priority actions:
  1. [CRITICAL] Upgrade <pkg> to fix CVE-XXXX
  2. [WARNING] Replace deprecated <pkg> with <alternative>

Rules

Always report the full vulnerability chain (which direct dep pulls in the vulnerable transitive dep).
Flag any dependency with no updates in the last 12 months.
Check that lock files are present and committed.
Never recommend removing a dependency without verifying it is truly unused.