audit-deps

Name: audit-deps
Author: hrconsultnj/claude-plugins

$npx mdskill add hrconsultnj/claude-plugins/audit-deps

Audits project dependencies for CVEs, providing version details and safe upgrade commands.

Helps identify and address security vulnerabilities in installed packages.
Integrates with the project's package manager and Sentinel banned-packages list.
Cross-references installed versions against known vulnerabilities to recommend fixes.
Delivers results through structured reports with optional JSON output and auto-fix capabilities.

SKILL.md

.github/skills/audit-depsView on GitHub ↗

---
name: audit-deps
description: Focused dependency CVE audit — reports vulnerabilities with version info and safe upgrade commands.
argument-hint: "[--fix] [--json]"
---

Run a focused dependency vulnerability audit using the project's detected package manager. Reports CVEs with installed versions, fixed versions, and exact upgrade commands. Cross-references installed packages against the Sentinel banned-packages list.

## Content Loading

Load each step through the fetch command (handles caching, decryption, and auth):

```bash
"~/.composure/bin/composure-fetch.mjs" skill sentinel audit-deps {step-filename}
```

**Do NOT read cache files directly** — they are encrypted at rest. Always use the fetch command above.

## Steps

| # | File | 
|---|------|
| 1 | `01-run-audit.md` |
| 2 | `02-parse-and-enrich.md` |
| 3 | `03-report-findings.md` |
| 4 | `04-propose-overrides.md` |
| 5 | `05-summary.md` |
| 6 | `06-auto-fix.md` |

More from hrconsultnj/claude-plugins

Skill	Description
app-architecture	Complete architecture guide for building features from database to UI. Routes to frontend/, fullstack/, mobile/, backend/, or sdks/ based on detected stack. Covers decomposition, multi-tenant isolation, auth model, query patterns, and component patterns.
backlog	Manage the tasks-plans/ workspace — add items to backlog, ideas, or reference. Process queued work. Organize by topic, not flat dumps.
build-graph	Build or update the code review knowledge graph, generate the visualization, and open it. Run this first to initialize, or let hooks keep it updated automatically.
calibrate	Calibrate test bench — detect test framework, read existing test conventions, generate .claude/testbench.json config. Query Context7 for test framework reference docs. Run once per project.
ci-generate	Generate CI/CD workflow from detected stack. GitHub Actions, GitLab CI, or Bitbucket Pipelines. Includes lint, typecheck, test, build, and deploy stages.
ci-validate	Validate CI/CD workflow files. Runs actionlint for GitHub Actions, checks for common mistakes, and reports issues with fix suggestions.
code-organizer	Restructure a messy project into conventional file layout based on detected framework. Analyzes, plans, executes with import updates, and verifies.
deps-check	Check dependency health -- known CVEs, outdated packages, unsafe versions. Recommends the highest safe version, not just "latest". Blocks Critical CVEs via Composure commit gate.
design-forge	This skill should be used when the user asks to "add premium animations", "create a canvas visualization", "build a glassmorphism panel", "add a custom cursor", "create a generative background", "build an interactive card", "add scroll progress", "add sound design", "create a Three.js hero", "build a creative portfolio", "add particle effects", "add scanlines", "add a typewriter effect", "design a landing page", "implement advanced animations", "add 3D elements", "design using Next.js Conf patterns", "create interactive experience", "add Framer Motion animations", "add GSAP scroll animations", "integrate Spline 3D", or needs guidance on premium web design patterns, creative coding, generative art, micro-interactions, accessibility for animations, or bespoke interactive experiences beyond standard UI components.
dockerfile	Generate or validate Dockerfiles with security best practices. Multi-stage builds, non-root user, layer caching, .dockerignore.