yanis/awesome-claude-code-toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
awesome-claude-code-toolkit/commands/security/dependency-audit.md
Rohit Ghumare c3f43d8b61 Expand toolkit to 135 agents, 120 plugins, 796 total files 
- Add 60 new agents across all 10 categories (75 -> 135)
- Add 95 new plugins with command files (25 -> 120)
- Update all agents to use model: opus
- Update README with complete plugin/agent tables
- Update marketplace.json with all 120 plugins
2026-02-04 21:08:28 +00:00

52 lines
1.7 KiB
Markdown
Raw Permalink Blame History

Audit project dependencies for known vulnerabilities and outdated packages.
## Steps
1. Detect the package manager and run the native audit command:
- npm: `npm audit --json`
- pnpm: `pnpm audit --json`
- yarn: `yarn audit --json`
- pip: `pip-audit --format json` or `safety check --json`
- cargo: `cargo audit --json`
- go: `govulncheck ./...`
2. Parse audit results and categorize by severity (critical, high, moderate, low).
3. For each vulnerability:
- Identify the affected package and version range.
- Check if a patched version is available.
- Determine if it is a direct or transitive dependency.
- Assess actual exploitability in the project context.
4. Check for outdated dependencies: `npm outdated`, `pip list --outdated`.
5. Generate an upgrade plan prioritized by:
- Critical vulnerabilities first.
- Direct dependencies over transitive.
- Minimal version bumps (patch > minor > major).
6. Test compatibility of recommended upgrades if possible.
7. Offer to apply safe upgrades automatically.
## Format
```
Dependency Audit Report
=======================
Vulnerabilities: <critical>C / <high>H / <moderate>M / <low>L
| Package | Current | Patched | Severity | Type | CVE |
|---------|---------|---------|----------|------|-----|
Outdated (no vulnerabilities):
| Package | Current | Latest | Type |
|---------|---------|--------|------|
Recommended actions:
1. <action with command>
```
## Rules
- Always distinguish between direct and transitive dependencies.
- Do not auto-upgrade major versions without user confirmation.
- Report vulnerabilities even if no fix is available yet.
- Check that lock files are committed and up to date.
- Verify upgrades do not break the test suite before recommending them.
Reference in New Issue View Git Blame Copy Permalink