Analyzing Dependencies

Overview

Analyze project dependencies for known security vulnerabilities, outdated versions, and license compliance issues across multiple package ecosystems. This skill inspects npm, pip, Composer, Gem, Go module, and Cargo manifests and lock files, cross-references findings against CVE databases, and produces actionable remediation guidance with upgrade paths.

Prerequisites

• Access to the target project directory and manifest files in ${CLAUDE_SKILL_DIR}/
• At least one package manager CLI available: npm, pip/pip-audit, composer, gem, go, or cargo
• Network access for querying vulnerability databases (NVD, GitHub Advisory Database, OSV)
• Reference: ${CLAUDE_SKILL_DIR}/references/README.md for npm/pip audit report formats, license compatibility matrix, and dependency management best practices

Instructions

1. Detect the project ecosystem by scanning ${CLAUDE_SKILL_DIR}/ for manifest files: package.json and package-lock.json (npm/Node.js), requirements.txt/pyproject.toml/Pipfile.lock (Python), composer.json/composer.lock (PHP), Gemfile/Gemfile.lock (Ruby), go.mod/go.sum (Go), Cargo.toml/Cargo.lock (Rust).