Dependency Audit
Commands
Run in parallel:
- •
npm audit- security vulnerabilities - •
npm outdated- outdated packages
Workflow
- •Run security audit and outdated check
- •Report critical vulnerabilities with fix commands
- •List outdated packages (major vs minor/patch)
- •Check for unused deps: grep imports in src/
Report
- •Critical vulns: package + CVE + fix command
- •Outdated: table of package/current/latest/type
- •Unused: packages in package.json but not imported
Rules
- •Use
npm audit, nevernpx - •Focus on actionable items
- •Prioritize: security > major updates > unused > minor updates