when-mapping-dependencies-use-dependency-mapper
について
このスキルは、複数のパッケージマネージャーにわたるソフトウェアプロジェクトの包括的な依存関係マッピングと分析を提供します。依存関係ツリーの抽出、問題の検出、脆弱性の監査、および可視化の生成を行います。プロジェクトの依存関係とそのセキュリティへの影響を理解、分析、または可視化する必要がある場合にご利用ください。
クイックインストール
Claude Code
推奨npx skills add DNYoussef/ai-chrome-extension/plugin add https://github.com/DNYoussef/ai-chrome-extensiongit clone https://github.com/DNYoussef/ai-chrome-extension.git ~/.claude/skills/when-mapping-dependencies-use-dependency-mapperこのコマンドをClaude Codeにコピー&ペーストしてスキルをインストールします
ドキュメント
Dependency Mapper Skill
Overview
When mapping dependencies, use dependency-mapper to extract, analyze, visualize, and audit dependency trees across multiple package managers (npm, pip, cargo, maven, go.mod).
MECE Breakdown
Mutually Exclusive Components:
- Extraction Phase: Parse lock files and manifests
- Analysis Phase: Build dependency graph and detect issues
- Security Phase: Audit for vulnerabilities
- Visualization Phase: Generate interactive dependency graphs
- Reporting Phase: Create actionable recommendations
Collectively Exhaustive Coverage:
- All major package managers (npm, pip, cargo, maven, go)
- Direct and transitive dependencies
- Circular dependency detection
- License compliance checking
- Security vulnerability scanning
- Outdated package detection
- Duplicate dependency identification
Features
Core Capabilities:
- Multi-language dependency extraction
- Dependency graph construction
- Circular dependency detection
- Security vulnerability scanning
- License compliance auditing
- Outdated package detection
- Interactive visualization generation
- Dependency optimization recommendations
Supported Package Managers:
- JavaScript/Node: npm, yarn, pnpm
- Python: pip, poetry, pipenv
- Rust: cargo
- Java: maven, gradle
- Go: go.mod
- Ruby: bundler
- PHP: composer
- C#: nuget
Usage
Slash Command:
/dep-map [path] [--format json|html|svg] [--security] [--circular] [--outdated]
Subagent Invocation:
Task("Dependency Mapper", "Analyze dependencies for ./project with security audit", "code-analyzer")
MCP Tool:
mcp__dependency-mapper__analyze({
project_path: "./project",
include_security: true,
detect_circular: true,
visualization_format: "html"
})
Architecture
Phase 1: Discovery
- Detect project type and package manager
- Locate manifest and lock files
- Parse dependency declarations
Phase 2: Extraction
- Extract direct dependencies
- Resolve transitive dependencies
- Build dependency tree structure
Phase 3: Analysis
- Detect circular dependencies
- Identify duplicate dependencies
- Check for outdated packages
- Analyze dependency depth
Phase 4: Security
- Query vulnerability databases
- Check license compliance
- Identify supply chain risks
- Generate security scores
Phase 5: Visualization
- Generate graph data structure
- Create interactive HTML visualization
- Export SVG/PNG diagrams
- Generate dependency reports
Output Formats
JSON Report:
{
"project": "my-app",
"package_manager": "npm",
"total_dependencies": 847,
"direct_dependencies": 23,
"vulnerabilities": {
"critical": 0,
"high": 2,
"medium": 5,
"low": 12
},
"circular_dependencies": [],
"outdated_packages": 15,
"license_issues": 0,
"dependency_tree": {...}
}
HTML Visualization:
Interactive D3.js graph with:
- Zoomable dependency tree
- Vulnerability highlighting
- Circular dependency paths
- Click-to-expand nodes
- Search and filter capabilities
SVG/PNG Export:
Static GraphViz-generated diagrams
Examples
Example 1: Basic Analysis
/dep-map ./my-project
Example 2: Security-Focused Audit
/dep-map ./my-project --security --format json
Example 3: Circular Dependency Detection
/dep-map ./my-project --circular --visualization svg
Example 4: Full Comprehensive Analysis
/dep-map ./my-project --security --circular --outdated --format html
Integration with Claude-Flow
Coordination Pattern:
// Step 1: Initialize swarm for complex analysis
mcp__claude-flow__swarm_init({ topology: "hierarchical", maxAgents: 4 })
// Step 2: Spawn agents via Claude Code Task tool
[Parallel Execution]:
Task("Dependency Extractor", "Extract all dependencies from package.json and package-lock.json", "code-analyzer")
Task("Security Auditor", "Run npm audit and cross-reference CVE databases", "security-manager")
Task("Graph Builder", "Construct dependency graph and detect circular deps", "code-analyzer")
Task("Visualization Generator", "Create interactive HTML dependency graph", "coder")
Configuration
Default Settings:
{
"max_depth": 10,
"include_dev_dependencies": true,
"security_scan_enabled": true,
"circular_detection_enabled": true,
"license_check_enabled": true,
"outdated_check_enabled": true,
"visualization_default_format": "html",
"cache_results": true,
"cache_ttl": 3600
}
Performance Considerations
- Caching: Results cached for 1 hour by default
- Parallel Processing: Multiple package managers analyzed concurrently
- Incremental Analysis: Only re-analyze changed dependencies
- Lazy Loading: Visualization loads nodes on-demand for large graphs
Error Handling
- Graceful degradation if package manager unavailable
- Fallback to partial analysis if network issues
- Clear error messages for invalid project structures
- Retry logic for transient failures
Best Practices
- Run dependency mapping before major releases
- Integrate into CI/CD pipelines for automated auditing
- Set up alerts for critical vulnerabilities
- Review circular dependencies regularly
- Keep dependency depth shallow (< 5 levels)
- Audit licenses for compliance requirements
- Update outdated packages incrementally
Troubleshooting
Issue: No dependencies found
Solution: Ensure lock files are present (package-lock.json, yarn.lock, etc.)
Issue: Visualization too large to render
Solution: Use --max-depth 5 to limit tree depth
Issue: Security scan taking too long
Solution: Use cached results or run offline mode
See Also
- PROCESS.md - Detailed step-by-step workflow
- README.md - Quick start guide
- subagent-dependency-mapper.md - Agent implementation details
- slash-command-dep-map.sh - Command-line interface
- mcp-dependency-mapper.json - MCP tool schema
GitHub リポジトリ
関連スキル
network-security-setup
開発This skill configures Claude Code sandbox network isolation by setting up trusted domain whitelists and custom access policies. It helps developers secure code execution by managing environment variables and preventing unauthorized network access. Use it to implement zero-trust architecture and prevent prompt injection attacks via network controls.
sandbox-configurator
開発The sandbox-configurator skill automatically configures Claude Code's execution environment with security boundaries for file system and network isolation. It enables developers to define trusted domains, manage file permissions, and control network access for secure code execution. Use this skill when you need to set up a secure, isolated sandbox for running untrusted code or building applications.
github-workflow-automation
その他This skill automates GitHub Actions workflows with AI swarm coordination for intelligent CI/CD pipelines and repository management. It generates, analyzes, and orchestrates workflows using adaptive automation capabilities. Use it when you need to streamline GitHub automation with self-organizing, multi-agent coordination.
when-profiling-performance-use-performance-profiler
その他This skill provides comprehensive performance profiling to measure, analyze, and optimize application performance across CPU, memory, I/O, and network dimensions. It helps developers identify bottlenecks, perform root cause analysis, and implement optimizations using tools like perf, Instruments, and clinic.js. Use it when you need systematic performance improvement through baseline measurement, detection, and optimization phases.