From shipyard
Audits project dependencies for CVEs, outdated packages, and unsafe versions. Recommends highest safe version per package, unlike npm audit. Blocks critical CVEs via Composure commit gate.
npx claudepluginhub hrconsultnj/claude-plugins --plugin shipyardThis skill uses the workspace's default tool permissions.
Audit project dependencies for known vulnerabilities (CVEs), outdated packages, and unsafe version ranges. Unlike basic `npm audit`, this skill determines the **highest safe version** for each vulnerable package -- not just "update to latest" which may itself be vulnerable.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Audit project dependencies for known vulnerabilities (CVEs), outdated packages, and unsafe version ranges. Unlike basic npm audit, this skill determines the highest safe version for each vulnerable package -- not just "update to latest" which may itself be vulnerable.
Load each step through the fetch command (handles caching, decryption, and auth):
"~/.composure/bin/composure-fetch.mjs" skill shipyard deps-check {step-filename}
Do NOT read cache files directly — they are encrypted at rest. Always use the fetch command above.
| # | File |
|---|---|
| 1 | 01-detect-pkg-manager.md |
| 2 | 02-run-audit.md |
| 3 | 03-enrich-results.md |
| 4 | 04-fix-report-tasks.md |