Audit Dependency Versions

Audit project dependencies for version staleness, known security vulnerabilities, and compatibility issues. This skill inventories all dependencies from lock files, checks each against the latest available version, classifies staleness levels, identifies security concerns, and produces a prioritized upgrade report with recommended actions.

When to Use

Before a release to ensure dependencies are current and secure
During periodic maintenance (monthly or quarterly dependency reviews)
After receiving a security advisory affecting a project dependency
When upgrading a project to a new language version (e.g., R 4.4 to 4.5)
Before submitting a package to CRAN, npm, or crates.io
When inheriting a project and assessing its dependency health

Inputs

Required: Project root directory containing dependency/lock files
Optional: Ecosystem type if not auto-detectable (R, Node.js, Python, Rust)
Optional: Security-only mode flag (skip staleness, focus on CVEs)
Optional: Allowlist of dependencies to skip (known acceptable older versions)

audit-dependency-versions

Audit Dependency Versions

When to Use

Inputs

More from pjt222/development-guides

review-ux-ui

search-prior-art

create-work-breakdown-structure

review-software-architecture

write-standard-operating-procedure

draft-project-charter