analyze-dependencies
Analyze Dependencies
Overview
Audit the project's dependency tree across five risk dimensions: freshness, vulnerabilities, bundle impact, license compliance, and maintenance status. Produce a risk-scored report with actionable recommendations for each dependency.
Workflow
-
Read project context — Check
.chalk/docs/engineering/for:- Architecture docs (to understand which dependencies are critical path)
- Previous dependency audits
- Any documented dependency policies or license requirements
-
Locate dependency manifests — Scan the project for:
package.json/package-lock.json/yarn.lock/pnpm-lock.yaml(Node.js)pyproject.toml/requirements.txt/Pipfile/poetry.lock(Python)pubspec.yaml/pubspec.lock(Dart/Flutter)Cargo.toml/Cargo.lock(Rust)go.mod/go.sum(Go)
More from generaljerel/chalk-skills
python-clean-architecture
Clean architecture patterns for Python services — service layer, repository pattern, domain models, dependency injection, error hierarchy, and testing strategy
24create-handoff
Generate a handoff document after implementation work is complete — summarizes changes, risks, and review focus areas for the review pipeline. Use when done coding and ready to hand off for review.
16create-review
Bootstrap a local AI review pipeline and generate a paste-ready review prompt for any reviewer agent. Use after creating a handoff or when ready to get an AI code review.
15fix-findings
Fix findings from the active review session — reads reviewer findings files, applies fixes by priority, and updates the resolution log. Use after pasting reviewer output into findings files.
15fix-review
When the user asks to fix, address, or work on PR review comments — fetch review comments from a GitHub pull request and apply fixes to the local codebase. Requires gh CLI.
15review-changes
End-to-end review pipeline — creates a handoff, generates a review (self-review or paste-ready for another provider), then offers to fix findings. Use when you want to review your changes before pushing.
13