audit-deps
$
npx mdskill add hrconsultnj/claude-plugins/audit-depsAudits project dependencies for CVEs, providing version details and safe upgrade commands.
- Helps identify and address security vulnerabilities in installed packages.
- Integrates with the project's package manager and Sentinel banned-packages list.
- Cross-references installed versions against known vulnerabilities to recommend fixes.
- Delivers results through structured reports with optional JSON output and auto-fix capabilities.
SKILL.md
.github/skills/audit-depsView on GitHub ↗
---
name: audit-deps
description: Focused dependency CVE audit — reports vulnerabilities with version info and safe upgrade commands.
argument-hint: "[--fix] [--json]"
---
Run a focused dependency vulnerability audit using the project's detected package manager. Reports CVEs with installed versions, fixed versions, and exact upgrade commands. Cross-references installed packages against the Sentinel banned-packages list.
## Content Loading
Load each step through the fetch command (handles caching, decryption, and auth):
```bash
"~/.composure/bin/composure-fetch.mjs" skill sentinel audit-deps {step-filename}
```
**Do NOT read cache files directly** — they are encrypted at rest. Always use the fetch command above.
## Steps
| # | File |
|---|------|
| 1 | `01-run-audit.md` |
| 2 | `02-parse-and-enrich.md` |
| 3 | `03-report-findings.md` |
| 4 | `04-propose-overrides.md` |
| 5 | `05-summary.md` |
| 6 | `06-auto-fix.md` |
More from hrconsultnj/claude-plugins
- app-architectureComplete architecture guide for building features from database to UI. Routes to frontend/, fullstack/, mobile/, backend/, or sdks/ based on detected stack. Covers decomposition, multi-tenant isolation, auth model, query patterns, and component patterns.
- backlogManage the tasks-plans/ workspace — add items to backlog, ideas, or reference. Process queued work. Organize by topic, not flat dumps.
- build-graphBuild or update the code review knowledge graph, generate the visualization, and open it. Run this first to initialize, or let hooks keep it updated automatically.
- calibrateCalibrate test bench — detect test framework, read existing test conventions, generate .claude/testbench.json config. Query Context7 for test framework reference docs. Run once per project.
- ci-generateGenerate CI/CD workflow from detected stack. GitHub Actions, GitLab CI, or Bitbucket Pipelines. Includes lint, typecheck, test, build, and deploy stages.
- ci-validateValidate CI/CD workflow files. Runs actionlint for GitHub Actions, checks for common mistakes, and reports issues with fix suggestions.
- code-organizerRestructure a messy project into conventional file layout based on detected framework. Analyzes, plans, executes with import updates, and verifies.
- deps-checkCheck dependency health -- known CVEs, outdated packages, unsafe versions. Recommends the highest safe version, not just "latest". Blocks Critical CVEs via Composure commit gate.
- design-forgeThis skill should be used when the user asks to "add premium animations", "create a canvas visualization", "build a glassmorphism panel", "add a custom cursor", "create a generative background", "build an interactive card", "add scroll progress", "add sound design", "create a Three.js hero", "build a creative portfolio", "add particle effects", "add scanlines", "add a typewriter effect", "design a landing page", "implement advanced animations", "add 3D elements", "design using Next.js Conf patterns", "create interactive experience", "add Framer Motion animations", "add GSAP scroll animations", "integrate Spline 3D", or needs guidance on premium web design patterns, creative coding, generative art, micro-interactions, accessibility for animations, or bespoke interactive experiences beyond standard UI components.
- dockerfileGenerate or validate Dockerfiles with security best practices. Multi-stage builds, non-root user, layer caching, .dockerignore.