name: audit-dependencies description: Run npm audit and check for outdated/vulnerable dependencies. Returns structured output with vulnerability counts by severity, outdated packages, and recommended updates. Used for security validation and dependency health checks.

Audit Dependencies

Executes npm audit and outdated checks to validate dependency security and freshness.

Usage

This skill runs dependency audits and returns structured security/maintenance results.

Checks Performed

1. Security Audit (npm audit)

   • Vulnerability scanning
   • Severity classification (critical/high/moderate/low)
   • Affected packages

2. Outdated Packages (npm outdated)

   • Packages behind latest versions
   • Semver distance (patch/minor/major)
   • Update recommendations

Output Format

Success (No Vulnerabilities)

{
  "status": "success",
  "audit": {
    "vulnerabilities": {
      "critical": 0,
      "high": 0,
      "moderate": 0,
      "low": 0,
      "total": 0
    },
    "outdated": {
      "count": 5,
      "packages": [
        {"name": "react", "current": "18.2.0", "latest": "18.3.1", "type": "minor"}
      ]
    }
  },
  "canProceed": true
}

Vulnerabilities Found

{
  "status": "error",
  "audit": {
    "vulnerabilities": {
      "critical": 2,
      "high": 5,
      "moderate": 10,
      "low": 3,
      "total": 20
    },
    "packages": [
      {
        "name": "lodash",
        "severity": "high",
        "via": ["prototype pollution"],
        "fix": "npm install lodash@latest"
      }
    ],
    "outdated": {
      "count": 12,
      "packages": []
    }
  },
  "canProceed": false,
  "details": "2 critical and 5 high severity vulnerabilities must be fixed"
}

When to Use

• Security validation (before deployment)
• Regular maintenance checks
• Conductor Phase 3 (Quality Assurance)
• Security audit agent workflows
• Dependency update planning

Requirements

• npm or package manager installed
• package.json and package-lock.json present
• Internet connection for vulnerability database