review-dependencies
Review Dependencies
Detect package managers and discover outdated or vulnerable dependencies. Analysis only. Does not upgrade.
Step 1: Detect Package Managers
Identify which package managers are in use by searching for config files:
| Config file | Package manager | Lockfile | Ecosystem |
|---|---|---|---|
package.json |
npm / yarn / pnpm | package-lock.json / yarn.lock / pnpm-lock.yaml |
Node.js |
Package.swift, *.xcodeproj |
Swift Package Manager | Package.resolved |
Swift |
pyproject.toml, requirements.txt, setup.py |
pip / poetry / uv | poetry.lock, uv.lock |
Python |
Cargo.toml |
cargo | Cargo.lock |
Rust |
go.mod |
Go modules | go.sum |
Go |
Gemfile |
Bundler | Gemfile.lock |
Ruby |
pom.xml |
Maven | — | Java |
build.gradle, build.gradle.kts |
Gradle | gradle.lockfile |
Java/Kotlin |
More from tobihagemann/turbo
find-dead-code
Find dead code using parallel subagent analysis and optional CLI tools, treating code only referenced from tests as dead. Use when the user asks to \"find dead code\", \"find unused code\", \"find unused exports\", \"find unreferenced functions\", \"clean up dead code\", or \"what code is unused\". Analysis-only — does not modify or delete code.
31simplify-code
Run a multi-agent review of changed files for reuse, quality, efficiency, and clarity issues followed by automated fixes. Use when the user asks to \"simplify code\", \"review changed code\", \"check for code reuse\", \"review code quality\", \"review efficiency\", \"simplify changes\", \"clean up code\", \"refactor changes\", or \"run simplify\".
24investigate
Systematically investigate bugs, test failures, build errors, performance issues, or unexpected behavior by cycling through characterize-isolate-hypothesize-test steps. Use when the user asks to \"investigate this bug\", \"debug this\", \"figure out why this fails\", \"find the root cause\", \"why is this broken\", \"troubleshoot this\", \"diagnose the issue\", \"what's causing this error\", \"look into this failure\", \"why is this test failing\", or \"track down this bug\".
23smoke-test
Launch the app and hands-on verify that it works by interacting with it. Use when the user asks to \"smoke test\", \"test it manually\", \"verify it works\", \"try it out\", \"run a smoke test\", \"check it in the browser\", or \"does it actually work\". Not for unit/integration tests.
23finalize
Run the post-implementation quality assurance workflow including tests, code polishing, review, and commit. Use when the user asks to \"finalize implementation\", \"finalize changes\", \"wrap up implementation\", \"finish up\", \"ready to commit\", or \"run QA workflow\".
23evaluate-findings
Critically assess external feedback (code reviews, AI reviewers, PR comments) and decide which suggestions to apply using adversarial verification. Use when the user asks to \"evaluate findings\", \"assess review comments\", \"triage review feedback\", \"evaluate review output\", or \"filter false positives\".
23