Installation

Open Claude Code and run this command:

/plugin install dependency-checker@claude-code-plugins-plus

Use --global to install for all projects, or --project for current project only.

What It Does

Check dependencies for known vulnerabilities, outdated packages, and license compliance across multiple package managers.

Features

Multi-Language Support - npm, pip, composer, gem, go modules
CVE Detection - Known vulnerability scanning
Version Analysis - Identify outdated packages
License Scanning - Check license compatibility
Transitive Dependencies - Scan entire dependency tree
Remediation Guidance - Safe upgrade recommendations

Skills (1)

analyzing-dependencies SKILL.md View full skill →

Analyze dependencies for known security vulnerabilities and outdated versions.

ReadWriteEditGrepGlobBash(security:*)Bash(scan:*)Bash(audit:*)

Analyzing Dependencies

Overview

Analyze project dependencies for known security vulnerabilities, outdated

versions, and license compliance issues across multiple package ecosystems.

This skill inspects npm, pip, Composer, Gem, Go module, and Cargo manifests

and lock files, cross-references findings against CVE databases, and produces

actionable remediation guidance with upgrade paths.

Prerequisites

Access to the target project directory and manifest files in ${CLAUDESKILLDIR}/
At least one package manager CLI available: npm, pip/pip-audit, composer, gem, go, or cargo
Network access for querying vulnerability databases (NVD, GitHub Advisory Database, OSV)
Reference: ${CLAUDESKILLDIR}/references/README.md for npm/pip audit report formats, license compatibility matrix, and dependency management best practices

Instructions

Detect the project ecosystem by scanning ${CLAUDESKILLDIR}/ for manifest files: package.json and package-lock.json (npm/Node.js), requirements.txt/pyproject.toml/Pipfile.lock (Python), composer.json/composer.lock (PHP), Gemfile/Gemfile.lock (Ruby), go.mod/go.sum (Go), Cargo.toml/Cargo.lock (Rust).
For npm projects, run npm audit --json and parse the structured output. Map each advisory to its CVE identifier, CVSS score, severity level, vulnerable version range, and patched version.
For Python projects, run pip-audit --format=json or parse safety check --json output. Cross-reference each vulnerability against the OSV database for additional context.
For other ecosystems, run the equivalent audit command (composer audit, bundle audit, cargo audit, govulncheck) and normalize the output to a common finding format.
Analyze the dependency tree for transitive vulnerabilities -- identify which direct dependency pulls in the vulnerable transitive dependency, and whether upgrading the direct dependency resolves the issue.
Check for outdated packages by comparing installed versions against the latest available versions. Categorize updates as patch (safe), minor (likely safe), or major (breaking changes possible).
Audit license compliance by extracting license declarations from each dependency. Flag packages using copyleft licenses (GPL, AGPL) in proprietary projects, packages with no declared license, and packages with license conflicts per the compatibility matrix in ${CLAUDESKILLDIR}/references/README.md.
Identify abandoned

How It Works


/check-deps

/depcheck

Use Cases


/depcheck


npm audit fix

/depcheck

npm test

git add package.json package-lock.json
git commit -m "fix: update vulnerable dependencies"

dependency-checker

Installation

What It Does

Features

Skills (1)

Analyzing Dependencies

Overview

Prerequisites

Instructions

How It Works

Use Cases

Ready to use dependency-checker?

Related Plugins

dependency-checker

Installation

What It Does

Features

Skills (1)

Analyzing Dependencies

Overview

Prerequisites

Instructions

How It Works

Use Cases

Ready to use dependency-checker?

Related Plugins

access-control-auditor

authentication-validator

compliance-report-generator

cors-policy-validator

csrf-protection-validator

data-privacy-scanner