Stats
Actions
Tags
From hb
Audits npm dependencies for vulnerabilities and outdated packages, reporting CVEs with fix commands and severity levels.
How this skill is triggered — by the user, by Claude, or both
Slash command
/hb:deps-auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Run in parallel:
Run in parallel:
npm auditnpm outdatedsrc/| Level | CVSS | Action |
|---|---|---|
| Critical | 9.0-10.0 | Fix immediately, block merge |
| High | 7.0-8.9 | Fix before next release |
| Moderate | 4.0-6.9 | Fix in current sprint |
| Low | 0.1-3.9 | Fix when convenient |
For each critical/high vulnerability report:
Package: <name>@<version>
CVE: CVE-YYYY-XXXXX
Severity: Critical
Description: <one line>
Fix: npm audit fix --force (or: npm install <pkg>@<safe-version>)
npx directlynpm audit fails -- run npm install first to generate package-lock.json, then retrynpm outdated returns nothing -- report all dependencies are currentnpm not found -- report incompatibility; this skill requires npmnpx claudepluginhub helderberto/agent-skills --plugin hbAudits npm dependencies for security vulnerabilities, outdated packages, and bundle impact. Guides upgrade planning with CVE research and per-dependency proposals.
Audits project dependencies for CVEs using detected package manager, reports vulnerabilities with installed/fixed versions and exact upgrade commands. Includes auto-fix and banned-packages check.
Audits project dependencies from package.json, requirements.txt, go.mod, Gemfile for CVEs, outdated packages, transitive issues, licenses, and supply chain risks. Provides severity assessments, remediation suggestions, and prioritized reports.