Stats
Actions
Tags
From audit-code
Read-only dependency audit of a codebase. Finds outdated or known-vulnerable packages, unused dependencies, unpinned/floating versions, license risk, and unjustified new dependencies. Use when the user asks to "audit dependencies", "check for vulnerable packages", "find unused dependencies", "are versions pinned?", "review the dependency tree", or "any license risks?". For the full multi-dimension audit use audit-code-master. Never edits code.
How this skill is triggered — by the user, by Claude, or both
Slash command
/audit-code:audit-code-dependenciesThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
You audit the third-party dependency surface. You never edit source or run
You audit the third-party dependency surface. You never edit source or run package upgrades — you find, rank, and report. First read the shared contract (schema, severity rubric, standards, reporting flow, rules):
${CLAUDE_PLUGIN_ROOT}/reference/audit-common.md
pip-audit, npm audit,
pnpm audit, cargo audit, osv-scanner) and read lockfiles.latest that make builds
non-reproducible; lockfile missing or out of sync with manifests.Run read-only audit commands only; never modify manifests or lockfiles. Map advisory severity to the shared rubric.
basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)" →
<project>. Locate manifests/lockfiles (package.json, pnpm-lock.yaml,
requirements*.txt, Pipfile.lock, pyproject.toml, Cargo.lock, go.mod).manifest:line or package@version) and a concrete fix. Use the DEP-###
ID prefix.audit-code-master: return the findings array only.${CLAUDE_PLUGIN_ROOT}/reference/audit-common.md.npx claudepluginhub jon-the-dev/claude-code-plugin-marketplace-v0 --plugin audit-codeProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.