zhongwei/gh-claudeforge-marketplace-plugins-commands-dependency-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
97b71eeb35b7832cbbb5a28712fce27bbe7be068
gh-claudeforge-marketplace-…/commands/dependency-audit.md
Zhongwei Li 97b71eeb35 Initial commit
2025-11-29 18:13:05 +08:00

7.8 KiB
Raw Blame History

allowed-tools, description, author, version
allowed-tools description author version
Bash, Read, Write, Edit, Grep, Glob Comprehensive dependency management, vulnerability scanning, package updates, and license compliance analysis for enhanced security and performance optimization. ClaudeForge Community 1.0.0

Enterprise Dependency Management & Security Audit

Execute comprehensive dependency analysis and optimization for project: $ARGUMENTS

OBJECTIVE

Transform dependency management from operational overhead into strategic security and performance optimization that enhances system security by 80-90%, improves bundle performance by 40-50%, and ensures compliance excellence through automated dependency governance.

EXECUTION FRAMEWORK

Phase 1: Comprehensive Dependency Analysis

# ClaudeForge Dependency Analysis Engine
project_path=$1
dependency_context=$(comprehensive_dependency_assessment $project_path)

# Strategic dependency evaluation
vulnerability_scan=$(execute_security_vulnerability_scanning $dependency_context)
license_compliance=$(perform_license_compliance_analysis $dependency_context)
bundle_analysis=$(analyze_bundle_size_optimization $dependency_context)
dependency_graph=(generate_dependency_visualization $dependency_context)
outdated_packages=(identify_outdated_dependencies $dependency_context)
security_advisories=(check_security_advisories $dependency_context)
performance_impact=(assess_performance_impact $dependency_context)

Phase 2: Security Vulnerability Assessment

  • Critical Vulnerabilities: Identify and prioritize CVEs and security advisories
  • Dependency Chain Analysis: Check transitive dependencies for vulnerabilities
  • Patch Management: Automated security updates and vulnerability remediation
  • Security Policy Enforcement: Ensure compliance with organizational security standards
  • Risk Assessment: Calculate security risk scores and mitigation strategies

Phase 3: License Compliance Management

  • License Detection: Identify all package licenses and potential conflicts
  • Compliance Validation: Ensure adherence to organizational and legal requirements
  • Policy Enforcement: Automated license policy checking and violation reporting
  • Legal Risk Assessment: Identify potential legal and compliance risks
  • Documentation Generation: Create comprehensive license compliance reports

Phase 4: Performance Optimization

  • Bundle Size Analysis: Identify large dependencies and optimization opportunities
  • Tree Shaking Optimization: Ensure unused code elimination
  • Dependency Deduplication: Remove duplicate dependencies and optimize imports
  • Loading Performance: Analyze and optimize dependency loading strategies
  • Caching Strategies: Implement optimal dependency caching mechanisms

Phase 5: Dependency Update Strategy

  • Safe Update Planning: Identify packages that can be safely updated
  • Breaking Change Detection: Analyze potential breaking changes and compatibility
  • Automated Testing: Test dependency updates in isolation before deployment
  • Rollback Strategies: Prepare contingency plans for failed updates
  • Update Scheduling: Plan optimal timing for dependency updates

DELIVERABLES

1. Security Vulnerability Report

🔒 Security Assessment Summary:
- Critical Vulnerabilities: [count]
- High Risk Issues: [count]
- Medium Risk Issues: [count]
- Low Risk Issues: [count]
- Overall Security Score: [score/100]

Recommended Actions:
1. Immediate patches required: [packages]
2. Security updates recommended: [packages]
3. Monitoring required: [packages]

2. License Compliance Analysis

📋 License Compliance Report:
- MIT License: [count] packages
- Apache 2.0: [count] packages
- GPL: [count] packages
- Commercial: [count] packages
- Restricted: [count] packages

Compliance Status: ✅ Compliant / ⚠️ Review Required / ❌ Violations

3. Performance Optimization Plan

⚡ Performance Optimization:
- Current Bundle Size: [size]
- Optimized Bundle Size: [size]
- Size Reduction: [percentage]
- Loading Time Improvement: [percentage]

Optimization Recommendations:
1. Remove unused dependencies: [packages]
2. Replace heavy dependencies: [packages]
3. Implement dynamic imports: [modules]

4. Dependency Update Roadmap

🗺️ Update Strategy:
- Safe Updates (Immediate): [packages]
- Minor Updates (Week): [packages]
- Major Updates (Month): [packages]
- Breaking Changes (Review): [packages]

Testing Requirements:
- Unit Tests: [required]
- Integration Tests: [required]
- E2E Tests: [required]
- Manual Testing: [required]

AUTOMATION INTEGRATION

CI/CD Pipeline Integration

# ClaudeForge Dependency Management Pipeline
dependency_management:
  stage: security
  script:
    - dependency-audit $PROJECT_PATH
    - security-scan --fail-on=critical
    - license-check --policy=enterprise
    - bundle-optimize --analyze
  artifacts:
    reports:
      dependency_scan: security-report.json
      license_compliance: license-report.json
      performance_analysis: bundle-report.json

Automated Monitoring Setup

  • Scheduled Scans: Daily/weekly automated dependency checks
  • Alert Configuration: Notifications for new vulnerabilities and updates
  • Dashboard Integration: Real-time dependency health monitoring
  • Reporting Automation: Automated generation and distribution of reports
  • Integration with Tools: GitHub, GitLab, Jira, Slack integrations

QUALITY ASSURANCE

Security Validation

  • All critical vulnerabilities patched
  • No high-risk dependencies present
  • Security policies enforced
  • Monitoring systems active
  • Incident response procedures ready

Compliance Verification

  • License policies adhered to
  • Legal requirements satisfied
  • Documentation complete
  • Audit trails maintained
  • Risk assessments documented

Performance Assurance

  • Bundle size optimized
  • Loading performance improved
  • Caching strategies implemented
  • Unused dependencies removed
  • Optimization recommendations applied

BUSINESS IMPACT METRICS

Security Enhancement

  • Vulnerability Reduction: 80-90% decrease in security vulnerabilities
  • Risk Mitigation: 85-95% improvement in security posture
  • Compliance Adherence: 90-100% improvement in regulatory compliance
  • Incident Prevention: 75-85% reduction in security incidents

Performance Optimization

  • Bundle Size Reduction: 30-50% decrease in bundle sizes
  • Loading Performance: 40-60% improvement in load times
  • Runtime Performance: 25-35% enhancement in execution speed
  • Resource Efficiency: 35-45% improvement in resource utilization

Operational Efficiency

  • Manual Effort Reduction: 70-80% decrease in manual dependency management
  • Update Velocity: 50-60% faster dependency updates
  • Testing Efficiency: 40-50% improvement in testing workflows
  • Deployment Confidence: 80-90% improvement in deployment reliability

CONTINUOUS IMPROVEMENT

Monitoring & Analytics

  • Dependency Health Tracking: Continuous monitoring of dependency ecosystem
  • Performance Trend Analysis: Historical analysis of performance improvements
  • Security Trend Monitoring: Tracking security posture over time
  • Compliance Trend Analysis: Monitoring compliance adherence trends

Optimization Iterations

  • Monthly Reviews: Regular dependency optimization assessments
  • Quarterly Audits: Comprehensive dependency ecosystem audits
  • Annual Strategy: Strategic dependency management planning
  • Continuous Learning: Knowledge capture and team skill development

Execute comprehensive dependency management with strategic focus on security, performance, compliance, and operational excellence. Transform dependency management from operational task into strategic business value creation engine.

Reference in New Issue View Git Blame Copy Permalink