个人中心
今日签到
私信列表
消息中心
搜索全站
q_code

扫码关注官方微信
cell_code

扫码下载APP
返回顶部
技能集市 > AI智能 > dependency-audit
d

dependency-audit

Smart dependency health check — security audit, outdated detection, unused deps, and prioritized update plan

作者: admin | 来源: ClawHub
源自
ClawHub
版本
V 1.0.0
安全检测
已通过
838
下载量
0
收藏
概述
安装方式
版本历史

dependency-audit

# dependency-audit — Smart Dependency Health Check Detect your package manager, run security audits, find outdated and unused dependencies, and generate a prioritized update plan. ## Steps ### 1. Detect Package Manager Check for these files in the project root: | File | Ecosystem | Audit Command | |------|-----------|--------------| | `package.json` | Node.js (npm/yarn/pnpm) | `npm audit` | | `requirements.txt` / `pyproject.toml` / `Pipfile` | Python | `pip audit` | | `Cargo.toml` | Rust | `cargo audit` | | `go.mod` | Go | `govulncheck ./...` | | `Gemfile` | Ruby | `bundle audit check` | If multiple are found, audit all of them. If none found, stop and inform the user. ### 2. Run Security Audit **Node.js:** ```bash npm audit --json 2>/dev/null # Parse: advisories, severity (critical/high/moderate/low), affected package, fix available ``` **Python:** ```bash pip audit --format=json 2>/dev/null || pip audit 2>/dev/null # If pip-audit not installed: pip install pip-audit ``` **Rust:** ```bash cargo audit --json 2>/dev/null # If not installed: cargo install cargo-audit ``` ### 3. Check for Outdated Packages **Node.js:** ```bash npm outdated --json 2>/dev/null # Shows: current, wanted (semver-compatible), latest ``` **Python:** ```bash pip list --outdated --format=json 2>/dev/null ``` **Rust:** ```bash cargo outdated -R 2>/dev/null # If not installed: cargo install cargo-outdated ``` ### 4. Identify Unused Dependencies **Node.js — use depcheck:** ```bash npx depcheck --json 2>/dev/null ``` This reports unused dependencies and missing dependencies. If `npx` fails, scan source files manually: ```bash # List all deps from package.json, then grep for imports # Flag any dep not found in any .js/.ts/.jsx/.tsx file ``` **Python:** Scan imports vs installed packages: ```bash # Extract imports from .py files grep -rh "^import \|^from " --include="*.py" . | sort -u # Compare against requirements.txt entries ``` ### 5. Generate Prioritized Update Plan Organize findings into priority tiers: ```markdown ## 🔴 Critical — Security Vulnerabilities | Package | Severity | Current | Fixed In | Command | |---------|----------|---------|----------|---------| | lodash | CRITICAL | 4.17.19 | 4.17.21 | `npm install lodash@4.17.21` | ## 🟠 High — Breaking Updates Available | Package | Current | Latest | Breaking Changes | |---------|---------|--------|-----------------| | express | 4.18.2 | 5.0.0 | New router API | ## 🟡 Medium — Minor/Patch Updates | Package | Current | Latest | Command | |---------|---------|--------|---------| | axios | 1.5.0 | 1.6.2 | `npm install axios@1.6.2` | ## 🟢 Low — Unused Dependencies | Package | Action | |---------|--------| | moment | `npm uninstall moment` | ``` ### 6. Provide Safe Update Commands For batch updates, generate copy-pasteable commands: ```bash # Security fixes (safe — patch updates only) npm audit fix # All compatible updates (non-breaking) npm update # Specific breaking update (test thoroughly) npm install express@5.0.0 ``` For Python: ```bash pip install --upgrade package_name ``` ### 7. Output Summary ```markdown # Dependency Health Report — [project-name] **Date:** 2025-02-15 | **Ecosystem:** Node.js (npm) | Category | Count | |----------|-------| | 🔴 Security vulnerabilities | 2 | | 🟠 Major updates available | 3 | | 🟡 Minor/patch updates | 8 | | 🟢 Unused dependencies | 1 | | ✅ Up-to-date | 42 | ``` ## Edge Cases - **Lock file conflicts**: If `package-lock.json` is out of sync, run `npm install` first - **Private registries**: `npm audit` may fail — suggest `--registry=https://registry.npmjs.org` - **Monorepo**: Check each workspace. For npm: `npm audit --workspaces` - **No internet**: Report that audit requires network access - **Audit tool not installed**: Provide install command (e.g., `pip install pip-audit`) ## Error Handling | Error | Resolution | |-------|-----------| | `npm audit` returns non-zero | Normal — means vulnerabilities found, parse the output | | `pip-audit` not found | `pip install pip-audit` then retry | | `cargo audit` not found | `cargo install cargo-audit` then retry | | Network error | Check connectivity; suggest `--offline` if available | | Permission denied | Suggest running without `sudo`; check file ownership | --- *Built by Clawb (SOVEREIGN) — more skills at [coming soon]*

标签

skill ai

通过对话安装

该技能支持在以下平台通过对话安装:

OpenClaw WorkBuddy QClaw Kimi Claude

方式一:安装 SkillHub 和技能

帮我安装 SkillHub 和 dependency-audit-1776419997 技能

方式二:设置 SkillHub 为优先技能安装源

设置 SkillHub 为我的优先技能安装源,然后帮我安装 dependency-audit-1776419997 技能

通过命令行安装

skillhub install dependency-audit-1776419997

下载 Zip 包

⬇ 下载 dependency-audit v1.0.0

文件大小: 2.64 KB | 发布时间: 2026-4-17 19:13

v1.0.0 最新 2026-4-17 19:13
Initial release of dependency-audit skill.

- Automatically detects package managers (Node.js, Python, Rust, Go, Ruby) and audits for security issues, outdated, and unused dependencies.
- Produces a prioritized update plan with clear actions for critical vulnerabilities, major, minor updates, and unused dependencies.
- Suggests safe update commands for batch and individual updates.
- Handles edge cases including missing tools, lock file conflicts, monorepos, and connectivity issues.
- Presents a summary report for quick dependency health overview.

相关推荐

s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392880
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392875
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3195 ⬇ 389506
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3177 ⬇ 386565
AI智能

多链集团旗下-闲社网

闲社网热线
免费联系电话
0527-80111111
            qqline

服务时间:周一到周日 8:00-24:00

  • 公众号
    闲社 闲社线报社区
关注闲社网
  • wxkf

    闲社在线客服

  • wx

    关注闲社网微信

  • app

    闲社网APP

Archiver·手机版·闲社网·闲社论坛·羊毛社区· 多链控股集团有限公司 · 苏ICP备2025199260号-1

Powered by Discuz! X5.0   © 2024-2025 闲社网·线报更新论坛·羊毛分享社区·http://xianshe.com

p2p_official_large
返回顶部