From security
Audit project dependencies for known vulnerabilities, outdated packages, and unnecessary bloat
npx claudepluginhub silviaare95/xari-plugins --plugin securityThis skill uses the workspace's default tool permissions.
Implements structured self-debugging workflow for AI agent failures: capture errors, diagnose patterns like loops or context overflow, apply contained recoveries, and generate introspection reports.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.
Package manager: $0 (default: npm)
Mode: $1 (default: audit)
Check for known vulnerabilities:
npm audit (or equivalent) and parse resultsCheck for outdated packages:
Check for unnecessary dependencies:
lodash + underscore)moment → Intl.DateTimeFormat)Check supply chain risks:
package-lock.json committed?)## Dependency Audit: <project>
### Vulnerabilities
| Package | Severity | Current | Fixed In | Direct/Transitive |
|---------|----------|---------|----------|-------------------|
| <pkg> | critical | 1.2.3 | 1.2.4 | direct |
### Outdated
| Package | Current | Latest | Type | Breaking Changes |
|---------|---------|--------|------|-----------------|
| <pkg> | 2.0.0 | 3.1.0 | major | yes — see changelog |
### Cleanup Candidates
| Package | Reason | Replacement |
|---------|--------|-------------|
| moment | unmaintained, 300KB | date-fns or native Intl |
### Recommended Actions
1. `npm update <pkg>` — fix critical vulnerability
2. `npm uninstall <pkg>` — unused dependency
package-lock.json is committed and up to date