Dependency guardian — intercepts package installs to enforce latest versions and block vulnerable packages. Supports npm, pip, and composer. Hard-blocks when offline or scans unavailable.
npx claudepluginhub iwritec0de/claude-plugin-marketplace --plugin dep-guardDependency security for Claude Code — automatically intercepts package install commands to enforce latest versions and block vulnerable packages before they reach your project.
Every time Claude runs a package install command, dep-guard intercepts it and:
| Condition | Action |
|---|---|
| Registry offline | BLOCK — can't verify safety |
| Critical/High vulnerability | BLOCK — suggests alternatives |
| Medium vulnerability | WARN — allows with warning |
| Outdated version requested | BLOCK — provides corrected command |
| No issues found | ALLOW |
| Ecosystem | Install Commands | Registry |
|---|---|---|
| npm | npm install, npm i, npm add | npmjs.org |
| yarn | yarn add | npmjs.org |
| pnpm | pnpm add, pnpm install | npmjs.org |
| bun | bun add, bun install | npmjs.org |
| pip | pip install, pip3 install, uv add, uv pip install | pypi.org |
| composer | composer require | packagist.org |
Lockfile-only installs (npm ci, bare yarn, bare pnpm install, pip install -r requirements.txt, etc.) are skipped — no new packages means no checks needed.
> npm install event-stream@3.3.4
============================================================
BLOCKED: High/Critical vulnerabilities detected
============================================================
[HIGH] event-stream: GHSA-xxx-xxx
Malicious dependency injection via flatmap-stream
============================================================
> npm install express@4.17.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
VERSION UPGRADE: Installing latest versions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
express: 4.17.0 -> 5.1.0
Updated command: npm install express@5.1.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
BLOCKED: Outdated versions requested. Use this command instead:
npm install express@5.1.0
> pnpm add zod
✓ Registry online
✓ Latest version: 3.24.4
✓ No vulnerabilities found
/dep-guard:dep-check [package] — Check a specific package for vulnerabilities before installing/dep-guard:dep-audit [--fix] — Audit all installed dependencies in the current projectAdd to your project's .claude/settings.json:
{
"extraKnownMarketplaces": {
"iwritec0de-plugins": {
"source": { "source": "github", "repo": "iwritec0de/claude-plugin-marketplace" }
}
},
"enabledPlugins": {
"dep-guard@iwritec0de-plugins": true
}
}
Debug logs are written to /tmp/dep-guard.log for troubleshooting.
MIT
Battle-tested Claude Code plugin for engineering teams — 38 agents, 156 skills, 72 legacy command shims, production-ready hooks, and selective install workflows evolved through continuous real-world use
Efficient skill management system with progressive discovery — 410+ production-ready skills across 33+ domains
Complete developer workflow toolkit. Includes 34 reference skills, 34 specialized agents, and 21 slash commands covering TDD, debugging, code review, architecture, documentation, refactoring, security, testing, git workflows, API design, performance, UI/UX design, plugin development, and incident response. Full SDLC coverage with MCP integrations.
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use
Tools to maintain and improve CLAUDE.md files - audit quality, capture session learnings, and keep project memory current.
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.