Skill

Dependency Audit

dependenciesauditagentic

Save the file as ~/.claude/skills/dependency-audit/SKILL.md (user-level, available everywhere) or .claude/skills/dependency-audit/SKILL.md (project-level). Claude Code loads it automatically when its trigger condition matches.

Dependency Audit Skill: Unused, Stale, Vulnerable

The standard "npm audit" output is 200 lines of "this CVE is in a dev dep that runs at build time only" noise. Useful, eventually, after an hour of reading. This skill collapses the noise into three actionable lists with a recommended action per entry.

Full Prompt
An installable dependency-audit skill. Three lists from one pass — unused (grep every import), stale (run the project's outdated tool), and vulnerable (the project's audit tool) — each with a concrete next action.

What It Does

  • Unused — greps every import for every declared dep, flags zero-hit packages
  • Stale — runs the project's outdated tool, separates safe minor bumps from major-version review-needed
  • Vulnerable — runs the project's audit tool, only flags when the affected API is actually reachable
  • Multi-language — Node, Python, Rust, Go all handled

Install in 30 Seconds

Pick your tool above and download:

  • Claude Code: ~/.claude/skills/dependency-audit/SKILL.md
  • OpenAI Codex CLI: append to AGENTS.md
  • Cursor: append to .cursorrules

Run quarterly, or after a security advisory lands.

Why Action Lists Beat Audit Walls

A long unfiltered audit output is read once, ignored, and added to the "I'll get to it" pile. An action list — "remove these 4 unused, bump these 6 patches safely, review this one major bump before upgrading" — gets done in a single afternoon. This skill is the differential between those two outcomes.

Install once, keep your deps lean and current.