deps-check
$
npx mdskill add hrconsultnj/claude-plugins/deps-checkAudits project dependencies for vulnerabilities, outdated packages, and unsafe versions, recommending the highest safe version.
- Helps developers identify and mitigate security risks and outdated dependencies in their projects.
- Integrates with package managers and uses Composure's fetch command for secure content loading.
- Determines recommendations by analyzing CVEs and version safety, not just suggesting the latest update.
- Presents results through reports and tasks, with options for JSON output and automated fixes.
SKILL.md
.github/skills/deps-checkView on GitHub ↗
---
name: deps-check
description: Check dependency health -- known CVEs, outdated packages, unsafe versions. Recommends the highest safe version, not just "latest". Blocks Critical CVEs via Composure commit gate.
argument-hint: "[--fix] [--json]"
---
Audit project dependencies for known vulnerabilities (CVEs), outdated packages, and unsafe version ranges. Unlike basic `npm audit`, this skill determines the **highest safe version** for each vulnerable package -- not just "update to latest" which may itself be vulnerable.
## Content Loading
Load each step through the fetch command (handles caching, decryption, and auth):
```bash
"~/.composure/bin/composure-fetch.mjs" skill shipyard deps-check {step-filename}
```
**Do NOT read cache files directly** — they are encrypted at rest. Always use the fetch command above.
## Steps
| # | File |
|---|------|
| 1 | `01-detect-pkg-manager.md` |
| 2 | `02-run-audit.md` |
| 3 | `03-enrich-results.md` |
| 4 | `04-fix-report-tasks.md` |
More from hrconsultnj/claude-plugins
- app-architectureComplete architecture guide for building features from database to UI. Routes to frontend/, fullstack/, mobile/, backend/, or sdks/ based on detected stack. Covers decomposition, multi-tenant isolation, auth model, query patterns, and component patterns.
- audit-depsFocused dependency CVE audit — reports vulnerabilities with version info and safe upgrade commands.
- backlogManage the tasks-plans/ workspace — add items to backlog, ideas, or reference. Process queued work. Organize by topic, not flat dumps.
- build-graphBuild or update the code review knowledge graph, generate the visualization, and open it. Run this first to initialize, or let hooks keep it updated automatically.
- calibrateCalibrate test bench — detect test framework, read existing test conventions, generate .claude/testbench.json config. Query Context7 for test framework reference docs. Run once per project.
- ci-generateGenerate CI/CD workflow from detected stack. GitHub Actions, GitLab CI, or Bitbucket Pipelines. Includes lint, typecheck, test, build, and deploy stages.
- ci-validateValidate CI/CD workflow files. Runs actionlint for GitHub Actions, checks for common mistakes, and reports issues with fix suggestions.
- code-organizerRestructure a messy project into conventional file layout based on detected framework. Analyzes, plans, executes with import updates, and verifies.
- design-forgeThis skill should be used when the user asks to "add premium animations", "create a canvas visualization", "build a glassmorphism panel", "add a custom cursor", "create a generative background", "build an interactive card", "add scroll progress", "add sound design", "create a Three.js hero", "build a creative portfolio", "add particle effects", "add scanlines", "add a typewriter effect", "design a landing page", "implement advanced animations", "add 3D elements", "design using Next.js Conf patterns", "create interactive experience", "add Framer Motion animations", "add GSAP scroll animations", "integrate Spline 3D", or needs guidance on premium web design patterns, creative coding, generative art, micro-interactions, accessibility for animations, or bespoke interactive experiences beyond standard UI components.
- dockerfileGenerate or validate Dockerfiles with security best practices. Multi-stage builds, non-root user, layer caching, .dockerignore.