Skill

version-check

Verifies npm/pnpm dependencies are current stable versions, non-deprecated, recently updated, Node 22.x compatible, and free of security advisories. Use before adding packages or at project setup.

npm

pnpm

npx claudepluginhub williamzujkowski/nexus-agents

Tool Access

This skill is limited to using the following tools:

BashReadWebFetch

Preview

SKILL.md

Similar Skills

deps

Audits vulnerabilities, checks outdated packages, analyzes dependency trees with npm explain/ls/why, finds unused deps via depcheck, and upgrades packages safely using npm/yarn/pnpm.

johnlindquist-claude

Dependency Audit Workflow

Audits npm dependencies for security vulnerabilities, outdated versions, and bundle size impact; plans and implements upgrades with CVE research and testing. Use for dep audits, CVE fixes, package updates.

hatch3r

deps

Audits dependencies for CVEs, outdated packages, deprecations, and modern alternatives. Generates prioritized reports with optional batch upgrades, test verification, and rollback.

arc

Stats

Stars10

Forks1

Last CommitMay 5, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Version Check Skill

Full documentation: CLAUDE.md

Quick Process

1. Check Package Status

npm view <package> version npm view <package> deprecated npm view <package> time.modified npm view <package> engines

2. Evaluate Criteria

Criterion

Pass

Fail

Deprecation

Not deprecated

Deprecated

Last update

Within 12 months

Over 12 months

Node version

Compatible with 22.x

Incompatible

Security

No advisories

Has advisories

3. Run Security Audit

pnpm audit

Actions

If deprecated or outdated:

Find replacement

Create GitHub issue to track migration

Document migration path

See CLAUDE.md for complete version verification protocol.

Anti-rationalization — Dependency choice

Excuse

Counter

"It's the most-starred package"

Stars correlate with marketing, not maintenance. Check last-commit, open-issues-vs-resolved-rate, recent CVE response time.

"Latest version is fine, just install it"

Latest may be a 0.x with breaking changes, or a v2 alpha. Check stability marker — latest tag isn't always stable.

"I'll fix any issues that come up"

Cost of npm uninstall + replacement is a multiple of npm view upfront. Ten seconds of due diligence saves an afternoon.

Red flags

Dependency added via npm install <name> without a version-check cite in the PR

Last commit > 12 months on a non-trivial dep

Maintenance signal poor (open issues piling, no recent releases) but added anyway

License incompatible with our MIT (e.g., AGPL, GPLv3 in CLI/library code)

Verification checklist

npm view <pkg> dist-tags confirms latest is intentional (not alpha/beta)

Last commit < 6 months on main of upstream

License compatible (npm view <pkg> license)

No critical/high in npm audit <pkg>

Bundle size impact known (use bundlephobia or npm view <pkg> dist.tarball size)

Version Check Skill

Full documentation: CLAUDE.md

Quick Process

1. Check Package Status

npm view <package> version
npm view <package> deprecated
npm view <package> time.modified
npm view <package> engines

2. Evaluate Criteria

Criterion	Pass	Fail
Deprecation	Not deprecated	Deprecated
Last update	Within 12 months	Over 12 months
Node version	Compatible with 22.x	Incompatible
Security	No advisories	Has advisories

3. Run Security Audit

pnpm audit

Actions

If deprecated or outdated:

Find replacement
Create GitHub issue to track migration
Document migration path

See CLAUDE.md for complete version verification protocol.

Anti-rationalization — Dependency choice

Excuse	Counter
"It's the most-starred package"	Stars correlate with marketing, not maintenance. Check last-commit, open-issues-vs-resolved-rate, recent CVE response time.
"Latest version is fine, just install it"	Latest may be a 0.x with breaking changes, or a v2 alpha. Check stability marker — `latest` tag isn't always stable.
"I'll fix any issues that come up"	Cost of `npm uninstall + replacement` is a multiple of `npm view` upfront. Ten seconds of due diligence saves an afternoon.

Red flags

Dependency added via npm install <name> without a version-check cite in the PR
Last commit > 12 months on a non-trivial dep
Maintenance signal poor (open issues piling, no recent releases) but added anyway
License incompatible with our MIT (e.g., AGPL, GPLv3 in CLI/library code)

Verification checklist

npm view <pkg> dist-tags confirms latest is intentional (not alpha/beta)
Last commit < 6 months on main of upstream
License compatible (npm view <pkg> license)
No critical/high in npm audit <pkg>
Bundle size impact known (use bundlephobia or npm view <pkg> dist.tarball size)