AgentSkillsCN

dependency-analysis

分析项目依赖项,查找安全漏洞、过时的软件包和升级路径。用于审计依赖项或规划升级时使用。

SKILL.md
--- frontmatter
name: dependency-analysis
description: Analyze project dependencies for security vulnerabilities, outdated
  packages, and upgrade paths. Use when auditing dependencies or planning upgrades.

Dependency Analysis Skill

Purpose

Systematic analysis of project dependencies for security and maintenance.

When to Use

  • Security audits
  • Before adding new dependencies
  • Planning version upgrades
  • Regular maintenance checks

Analysis Process

Step 1: Identify Package Manager

Detect from files:

  • package-lock.json / yarn.lock / pnpm-lock.yaml → Node.js
  • requirements.txt / Pipfile.lock / poetry.lock → Python
  • go.sum → Go

Step 2: Run Security Audit

Execute appropriate command:

bash
# Node.js
npm audit --json || yarn audit --json

# Python (if pip-audit installed)
pip-audit --format json

# Go
govulncheck ./...

Step 3: Check Outdated

bash
# Node.js
npm outdated --json

# Python
pip list --outdated --format json

# Go
go list -u -m all

Step 4: Analyze Results

Categorize findings:

  • Critical: Security vulnerabilities with known exploits
  • High: Security issues or major version behind
  • Medium: Minor version behind or deprecated
  • Low: Patch version behind

Output Format

Use templates/dep-report.md

Storage Location

Save to: docs/research/dependency-audit-{date}.md