Dependency Audit Skill
Overview
Run dependency vulnerability checks using native package manager audit tools.
Supported Ecosystems
| Ecosystem | Tool | Auto-fix |
|---|---|---|
| npm/yarn/pnpm/bun | npm audit / yarn audit | Yes |
| PHP/Composer | composer audit | Manual |
| Python/pip | pip-audit / safety check | Manual |
| Rust/Cargo | cargo audit | Yes |
| Go | govulncheck ./... | Manual |
| Swift/CocoaPods | pod audit | Manual |
| Ruby/Bundler | bundle audit | Manual |
Workflow
- •Detect package manager from lock files
- •Run appropriate audit command
- •Parse output for vulnerabilities
- •Classify by severity (CRITICAL/HIGH/MEDIUM/LOW)
- •Suggest fix versions or alternatives
Auto-Fix Support
When --fix flag is used:
- •
npm audit fixfor safe updates - •
cargo audit fixfor Rust - •Manual guidance for other ecosystems