when-mapping-dependencies-use-dependency-mapper
À propos
Cette compétence offre une cartographie et une analyse complète des dépendances pour les projets logiciels, prenant en charge plusieurs gestionnaires de paquets. Elle extrait les arbres de dépendances, détecte les problèmes, audite les vulnérabilités et génère des visualisations. Utilisez-la lorsque vous avez besoin de comprendre, analyser ou visualiser les dépendances d'un projet et leurs implications en matière de sécurité.
Installation rapide
Claude Code
Recommandénpx skills add DNYoussef/ai-chrome-extension/plugin add https://github.com/DNYoussef/ai-chrome-extensiongit clone https://github.com/DNYoussef/ai-chrome-extension.git ~/.claude/skills/when-mapping-dependencies-use-dependency-mapperCopiez et collez cette commande dans Claude Code pour installer cette compétence
Documentation
Dependency Mapper Skill
Overview
When mapping dependencies, use dependency-mapper to extract, analyze, visualize, and audit dependency trees across multiple package managers (npm, pip, cargo, maven, go.mod).
MECE Breakdown
Mutually Exclusive Components:
- Extraction Phase: Parse lock files and manifests
- Analysis Phase: Build dependency graph and detect issues
- Security Phase: Audit for vulnerabilities
- Visualization Phase: Generate interactive dependency graphs
- Reporting Phase: Create actionable recommendations
Collectively Exhaustive Coverage:
- All major package managers (npm, pip, cargo, maven, go)
- Direct and transitive dependencies
- Circular dependency detection
- License compliance checking
- Security vulnerability scanning
- Outdated package detection
- Duplicate dependency identification
Features
Core Capabilities:
- Multi-language dependency extraction
- Dependency graph construction
- Circular dependency detection
- Security vulnerability scanning
- License compliance auditing
- Outdated package detection
- Interactive visualization generation
- Dependency optimization recommendations
Supported Package Managers:
- JavaScript/Node: npm, yarn, pnpm
- Python: pip, poetry, pipenv
- Rust: cargo
- Java: maven, gradle
- Go: go.mod
- Ruby: bundler
- PHP: composer
- C#: nuget
Usage
Slash Command:
/dep-map [path] [--format json|html|svg] [--security] [--circular] [--outdated]
Subagent Invocation:
Task("Dependency Mapper", "Analyze dependencies for ./project with security audit", "code-analyzer")
MCP Tool:
mcp__dependency-mapper__analyze({
project_path: "./project",
include_security: true,
detect_circular: true,
visualization_format: "html"
})
Architecture
Phase 1: Discovery
- Detect project type and package manager
- Locate manifest and lock files
- Parse dependency declarations
Phase 2: Extraction
- Extract direct dependencies
- Resolve transitive dependencies
- Build dependency tree structure
Phase 3: Analysis
- Detect circular dependencies
- Identify duplicate dependencies
- Check for outdated packages
- Analyze dependency depth
Phase 4: Security
- Query vulnerability databases
- Check license compliance
- Identify supply chain risks
- Generate security scores
Phase 5: Visualization
- Generate graph data structure
- Create interactive HTML visualization
- Export SVG/PNG diagrams
- Generate dependency reports
Output Formats
JSON Report:
{
"project": "my-app",
"package_manager": "npm",
"total_dependencies": 847,
"direct_dependencies": 23,
"vulnerabilities": {
"critical": 0,
"high": 2,
"medium": 5,
"low": 12
},
"circular_dependencies": [],
"outdated_packages": 15,
"license_issues": 0,
"dependency_tree": {...}
}
HTML Visualization:
Interactive D3.js graph with:
- Zoomable dependency tree
- Vulnerability highlighting
- Circular dependency paths
- Click-to-expand nodes
- Search and filter capabilities
SVG/PNG Export:
Static GraphViz-generated diagrams
Examples
Example 1: Basic Analysis
/dep-map ./my-project
Example 2: Security-Focused Audit
/dep-map ./my-project --security --format json
Example 3: Circular Dependency Detection
/dep-map ./my-project --circular --visualization svg
Example 4: Full Comprehensive Analysis
/dep-map ./my-project --security --circular --outdated --format html
Integration with Claude-Flow
Coordination Pattern:
// Step 1: Initialize swarm for complex analysis
mcp__claude-flow__swarm_init({ topology: "hierarchical", maxAgents: 4 })
// Step 2: Spawn agents via Claude Code Task tool
[Parallel Execution]:
Task("Dependency Extractor", "Extract all dependencies from package.json and package-lock.json", "code-analyzer")
Task("Security Auditor", "Run npm audit and cross-reference CVE databases", "security-manager")
Task("Graph Builder", "Construct dependency graph and detect circular deps", "code-analyzer")
Task("Visualization Generator", "Create interactive HTML dependency graph", "coder")
Configuration
Default Settings:
{
"max_depth": 10,
"include_dev_dependencies": true,
"security_scan_enabled": true,
"circular_detection_enabled": true,
"license_check_enabled": true,
"outdated_check_enabled": true,
"visualization_default_format": "html",
"cache_results": true,
"cache_ttl": 3600
}
Performance Considerations
- Caching: Results cached for 1 hour by default
- Parallel Processing: Multiple package managers analyzed concurrently
- Incremental Analysis: Only re-analyze changed dependencies
- Lazy Loading: Visualization loads nodes on-demand for large graphs
Error Handling
- Graceful degradation if package manager unavailable
- Fallback to partial analysis if network issues
- Clear error messages for invalid project structures
- Retry logic for transient failures
Best Practices
- Run dependency mapping before major releases
- Integrate into CI/CD pipelines for automated auditing
- Set up alerts for critical vulnerabilities
- Review circular dependencies regularly
- Keep dependency depth shallow (< 5 levels)
- Audit licenses for compliance requirements
- Update outdated packages incrementally
Troubleshooting
Issue: No dependencies found
Solution: Ensure lock files are present (package-lock.json, yarn.lock, etc.)
Issue: Visualization too large to render
Solution: Use --max-depth 5 to limit tree depth
Issue: Security scan taking too long
Solution: Use cached results or run offline mode
See Also
- PROCESS.md - Detailed step-by-step workflow
- README.md - Quick start guide
- subagent-dependency-mapper.md - Agent implementation details
- slash-command-dep-map.sh - Command-line interface
- mcp-dependency-mapper.json - MCP tool schema
Dépôt GitHub
Compétences associées
network-security-setup
DéveloppementThis skill configures Claude Code sandbox network isolation by setting up trusted domain whitelists and custom access policies. It helps developers secure code execution by managing environment variables and preventing unauthorized network access. Use it to implement zero-trust architecture and prevent prompt injection attacks via network controls.
sandbox-configurator
DéveloppementThe sandbox-configurator skill automatically configures Claude Code's execution environment with security boundaries for file system and network isolation. It enables developers to define trusted domains, manage file permissions, and control network access for secure code execution. Use this skill when you need to set up a secure, isolated sandbox for running untrusted code or building applications.
github-workflow-automation
AutreThis skill automates GitHub Actions workflows with AI swarm coordination for intelligent CI/CD pipelines and repository management. It generates, analyzes, and orchestrates workflows using adaptive automation capabilities. Use it when you need to streamline GitHub automation with self-organizing, multi-agent coordination.
when-profiling-performance-use-performance-profiler
AutreThis skill provides comprehensive performance profiling to measure, analyze, and optimize application performance across CPU, memory, I/O, and network dimensions. It helps developers identify bottlenecks, perform root cause analysis, and implement optimizations using tools like perf, Instruments, and clinic.js. Use it when you need systematic performance improvement through baseline measurement, detection, and optimization phases.