Skill

dep-audit

Audits security vulnerabilities in dependencies for Node (npm/yarn/pnpm), Python, Rust, Go, Java projects using native tools like npm audit, pip-audit, cargo audit. Supports --level and --fix.

Node

Python

Rust

Java

security

npx claudepluginhub sd0xdev/sd0x-dev-flow --plugin sd0x-dev-flow

Tool Access

This skill is limited to using the following tools:

Bash(yarn audit *)Bash(npm audit *)Bash(pnpm audit *)Bash(npx *)Bash(bash *)ReadGlob

Preview

- Keywords: dep audit, dependency audit, security audit dependencies, dep-audit

SKILL.md

Similar Skills

dependency-auditor

Audits project dependencies from package.json, requirements.txt, go.mod, Gemfile for CVEs, outdated packages, transitive issues, licenses, and supply chain risks. Provides severity assessments, remediation suggestions, and prioritized reports.

devkit

analyzing-dependencies

1.9k

Audits dependencies for vulnerabilities, outdated versions, transitive issues, and licenses in Node.js, Python, PHP, Ruby, Go, and Rust projects using npm audit, pip-audit, and equivalents.

7 files8 tools

dependency-checker

audit-deps

Audits project dependencies for CVEs using detected package manager, reports vulnerabilities with installed/fixed versions and exact upgrade commands. Includes auto-fix and banned-packages check.

sentinel

Stats

Stars147

Forks20

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Dependency Audit

Trigger

Keywords: dep audit, dependency audit, security audit dependencies, dep-audit

When NOT to Use

OWASP code review (use /codex-security)
Code review (use /codex-review-fast)
General security review (use /codex-security)

Workflow Steps

Step	Goal	Safety
audit	Scan dependencies for vulnerabilities	read-only

Failure behavior: report-all

Task

Arguments

$ARGUMENTS

--level <severity> — Minimum reporting level (low/moderate/high/critical), default: moderate
--fix — Attempt automatic fix

Step 1: Check for audit script

Use Glob to check if .claude/scripts/dep-audit.sh exists in the project root.

Found → run: bash .claude/scripts/dep-audit.sh $ARGUMENTS
- If script succeeds, use its output and skip to the Output section.
- If script fails, treat as a real audit failure (do not silently fallback).
NOT found → skip to Step 2 (do NOT attempt to run the script).

Step 2: Fallback (no audit script)

Detect the project ecosystem and run the audit manually.

Ecosystem detection (check project root for manifest files):

Manifest	Ecosystem	Audit Command	Fix Command
`package.json` + `pnpm-lock.yaml`	Node (pnpm)	`pnpm audit --audit-level {LEVEL}`	`pnpm audit --fix`
`package.json` + `yarn.lock`	Node (yarn)	`yarn audit --level {LEVEL}`	`yarn audit --fix` or `npx yarn-audit-fix`
`package.json`	Node (npm)	`npm audit --audit-level={LEVEL}`	`npm audit fix`
`pyproject.toml`	Python	`pip-audit` or `safety check`	`pip-audit --fix`
`Cargo.toml`	Rust	`cargo audit`	`cargo audit fix`
`go.mod`	Go	`govulncheck ./...`	(manual fix)
`build.gradle`	Java	`./gradlew dependencyCheckAnalyze`	(manual fix)

Default {LEVEL} is moderate unless --level argument is provided.

If --fix is specified, run the fix command for the detected ecosystem after audit. If no recognized manifest file exists, report an error.

Output

## Audit Results

| Severity | Count |
|----------|-------|
| Critical | 0 |
| High | 0 |
| Moderate | 0 |
| Low | 0 |

## Vulnerability Details

### [severity] Issue Title

- **Package**: package-name
- **Fix**: Available / Not available

## Gate

✅ **PASS** — No moderate or above vulnerabilities
❌ **FAIL** — Found high severity vulnerabilities

Examples

/dep-audit
/dep-audit --level high
/dep-audit --fix