Skip to main content
Securitymelodic-software

check-deps

Check dependencies for known CVEs and security vulnerabilities

Stars
74
Source
melodic-software/claude-code-plugins
Updated
2026-04-07
Slug
melodic-software--claude-code-plugins--check-deps
View on GitHubRaw SKILL.md

// install — copy + paste into any project

mkdir -p .claude/skills && curl -fsSL https://raw.githubusercontent.com/melodic-software/claude-code-plugins/HEAD/plugins/security/skills/check-deps/SKILL.md -o .claude/skills/check-deps.md

Drops the SKILL.md into .claude/skills/check-deps.md. Works with Claude Code, Cursor, and any agent that loads SKILL.md files from .claude/skills/.

Check Dependencies Command

Analyze project dependencies for known vulnerabilities and security issues.

Usage

/security:check-deps               # Auto-detect and check all ecosystems
/security:check-deps --npm         # Check npm dependencies only
/security:check-deps --pip         # Check Python dependencies only
/security:check-deps --dotnet      # Check .NET dependencies only
/security:check-deps --cargo       # Check Rust dependencies only
/security:check-deps --all         # Explicitly check all ecosystems

Execution

Delegate to the dependency-checker agent with the following prompt:

If no arguments or --all: "Analyze this project's dependencies for known vulnerabilities. Auto-detect the package ecosystem(s) in use (npm, pip, .NET, Rust, etc.) and run appropriate security audits. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."

If --npm argument: "Analyze npm/Node.js dependencies for known vulnerabilities using npm audit. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations including upgrade paths and override options."

If --pip argument: "Analyze Python dependencies for known vulnerabilities using pip-audit. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."

If --dotnet argument: "Analyze .NET dependencies for known vulnerabilities using dotnet list package --vulnerable. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."

If --cargo argument: "Analyze Rust dependencies for known vulnerabilities using cargo audit. Generate a dependency security report with CVE details, CVSS scores, fix availability, and prioritized remediation recommendations."

Output

The dependency-checker agent produces a report including:

  • Summary table by severity (Critical/High/Medium/Low) with fixable counts
  • Detailed CVE information for each vulnerability
  • Affected dependency paths (direct vs transitive)
  • Remediation plan with upgrade recommendations
  • Supply chain risk factors (abandoned packages, typosquatting, etc.)