MCP HubMCP Hub
Retour aux compétences

analyzing-dependencies

jeremylongshore
Mis à jour Yesterday
113 vues
712
74
712
Voir sur GitHub
Métageneral

À propos

Cette compétence analyse les dépendances de projet à travers npm, pip, composer, gem et les modules Go pour détecter les vulnérabilités de sécurité, les paquets obsolètes et les problèmes de conformité des licences. Utilisez-la via des phrases déclencheuses telles que "vérifier les dépendances" ou "/depcheck" pour identifier les risques dans votre base de code. Elle est idéale pour les développeurs ayant besoin d'audits automatisés des dépendances lors des revues de projet ou de la maintenance.

Installation rapide

Claude Code

Recommandé
Principal
npx skills add jeremylongshore/claude-code-plugins-plus
Commande PluginAlternatif
/plugin add https://github.com/jeremylongshore/claude-code-plugins-plus
Git CloneAlternatif
git clone https://github.com/jeremylongshore/claude-code-plugins-plus.git ~/.claude/skills/analyzing-dependencies

Copiez et collez cette commande dans Claude Code pour installer cette compétence

Documentation

Overview

This skill empowers Claude to automatically analyze your project's dependencies for security vulnerabilities, outdated packages, and license compliance issues. It uses the dependency-checker plugin to identify potential risks and provides insights for remediation.

How It Works

  1. Detecting Package Manager: The skill identifies the relevant package manager (npm, pip, composer, gem, go modules) based on the presence of manifest files (e.g., package.json, requirements.txt, composer.json).
  2. Scanning Dependencies: The skill utilizes the dependency-checker plugin to scan the identified dependencies against known vulnerability databases (CVEs), outdated package lists, and license information.
  3. Generating Report: The skill presents a comprehensive report summarizing the findings, including vulnerability summaries, detailed vulnerability information, outdated packages with recommended updates, and license compliance issues.

When to Use This Skill

This skill activates when you need to:

  • Check a project for known security vulnerabilities in its dependencies.
  • Identify outdated packages that may contain security flaws or performance issues.
  • Ensure that the project's dependencies comply with licensing requirements.

Examples

Example 1: Identifying Vulnerabilities Before Deployment

User request: "Check dependencies for vulnerabilities before deploying to production."

The skill will:

  1. Detect the relevant package manager (e.g., npm).
  2. Scan the project's dependencies for known vulnerabilities using the dependency-checker plugin.
  3. Generate a report highlighting any identified vulnerabilities, their severity, and recommended fixes.

Example 2: Updating Outdated Packages

User request: "Scan for outdated packages and suggest updates."

The skill will:

  1. Detect the relevant package manager (e.g., pip).
  2. Scan the project's dependencies for outdated packages.
  3. Generate a report listing the outdated packages and their available updates, including major, minor, and patch releases.

Best Practices

  • Regular Scanning: Schedule dependency checks regularly (e.g., weekly or monthly) to stay informed about new vulnerabilities and updates.
  • Pre-Deployment Checks: Always run a dependency check before deploying any code to production to prevent introducing vulnerable dependencies.
  • Review and Remediation: Carefully review the generated reports and take appropriate action to remediate identified vulnerabilities and update outdated packages.

Integration

This skill seamlessly integrates with other Claude Code tools, allowing you to use the identified vulnerabilities to guide further actions, such as automatically creating pull requests to update dependencies or generating security reports for compliance purposes.

Dépôt GitHub

jeremylongshore/claude-code-plugins-plus
Chemin: backups/skills-batch-20251204-000554/plugins/security/dependency-checker/skills/dependency-checker
aiautomationclaude-codedevopsmarketplacemcp

Compétences associées

algorithmic-art

Méta

This Claude Skill creates original algorithmic art using p5.js with seeded randomness and interactive parameters. It generates .md files for algorithmic philosophies, plus .html and .js files for interactive generative art implementations. Use it when developers need to create flow fields, particle systems, or other computational art while avoiding copyright issues.

Voir la compétence

subagent-driven-development

Développement

This skill executes implementation plans by dispatching a fresh subagent for each independent task, with code review between tasks. It enables fast iteration while maintaining quality gates through this review process. Use it when working on mostly independent tasks within the same session to ensure continuous progress with built-in quality checks.

Voir la compétence

executing-plans

Design

Use the executing-plans skill when you have a complete implementation plan to execute in controlled batches with review checkpoints. It loads and critically reviews the plan, then executes tasks in small batches (default 3 tasks) while reporting progress between each batch for architect review. This ensures systematic implementation with built-in quality control checkpoints.

Voir la compétence

cost-optimization

Autre

This Claude Skill helps developers optimize cloud costs through resource rightsizing, tagging strategies, and spending analysis. It provides a framework for reducing cloud expenses and implementing cost governance across AWS, Azure, and GCP. Use it when you need to analyze infrastructure costs, right-size resources, or meet budget constraints.

Voir la compétence