Stats
Actions
Tags
From shipyard
Audits project dependencies for CVEs, outdated packages, and unsafe versions. Recommends highest safe version per package, unlike npm audit. Blocks critical CVEs via Composure commit gate.
How this skill is triggered — by the user, by Claude, or both
Slash command
/shipyard:deps-checkThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit project dependencies for known vulnerabilities (CVEs), outdated packages, and unsafe version ranges. Unlike basic `npm audit`, this skill determines the **highest safe version** for each vulnerable package -- not just "update to latest" which may itself be vulnerable.
Audit project dependencies for known vulnerabilities (CVEs), outdated packages, and unsafe version ranges. Unlike basic npm audit, this skill determines the highest safe version for each vulnerable package -- not just "update to latest" which may itself be vulnerable.
Load each step through the fetch command (handles caching, decryption, and auth):
"~/.composure/bin/composure-fetch.mjs" skill shipyard deps-check {step-filename}
Do NOT read cache files directly — they are encrypted at rest. Always use the fetch command above.
| # | File |
|---|---|
| 1 | 01-detect-pkg-manager.md |
| 2 | 02-run-audit.md |
| 3 | 03-enrich-results.md |
| 4 | 04-fix-report-tasks.md |
npx claudepluginhub hrconsultnj/claude-plugins --plugin shipyardAudits project dependencies for CVEs using detected package manager, reports vulnerabilities with installed/fixed versions and exact upgrade commands. Includes auto-fix and banned-packages check.
Audits npm dependencies for security vulnerabilities, outdated packages, and bundle impact. Guides upgrade planning with CVE research and per-dependency proposals.
Audits npm dependencies for vulnerabilities and outdated packages, reporting CVEs with fix commands and severity levels.