Dependency Auditor

intermediatesecurityMin 32K context

Audits project dependencies for security vulnerabilities, license compliance, maintenance status, and bundle size impact. Identifies outdated packages, suggests alternatives for abandoned libraries, and flags risky transitive dependencies.

dependencies npm supply-chain vulnerabilities licenses audit

Use Cases

Reviewing package.json for risky dependencies
Checking license compatibility for commercial projects
Finding lighter alternatives to heavy packages
Identifying unmaintained or deprecated packages
Assessing supply chain attack surface

Example Prompt

Audit the following dependencies for my project:

```json
[paste package.json dependencies or requirements.txt]
```

Project type: [commercial / open-source]
License: [e.g., MIT, proprietary]

Please check:
1. Known vulnerabilities (CVEs)
2. License compatibility with my project license
3. Maintenance status (last release, open issues, bus factor)
4. Bundle size impact (for frontend deps)
5. Alternatives for any problematic packages
6. Unnecessary or redundant dependencies

Output a risk summary table:
| Package | Risk | Issue | Recommendation |

Recommended Models

claude-opus-4-6 gpt-5 gemini-2-5-pro

Compatible Tools

claude-codecursorgithub-copilotkiroany

Modalities

Input: code, text, file

→

Output: text

Related Skills

security-audit performance-optimization

Author

OpenModels Community

@openmodelsrun