Initial commit

2025-11-30 08:22:07 +08:00
commit 3bc832a4cf
9 changed files with 347 additions and 0 deletions
--- a/.claude-plugin/plugin.json
+++ b/.claude-plugin/plugin.json
@@ -0,0 +1,15 @@
+{
+  "name": "dependency-checker",
+  "description": "Check dependencies for known vulnerabilities, outdated packages, and license compliance",
+  "version": "1.0.0",
+  "author": {
+    "name": "Jeremy Longshore",
+    "email": "[email protected]"
+  },
+  "skills": [
+    "./skills"
+  ],
+  "commands": [
+    "./commands"
+  ]
+}
--- a/README.md
+++ b/README.md
@@ -0,0 +1,3 @@
+# dependency-checker
+
+Check dependencies for known vulnerabilities, outdated packages, and license compliance
--- a/commands/check-deps.md
+++ b/commands/check-deps.md
@@ -0,0 +1,51 @@
+---
+description: Check dependencies for vulnerabilities and outdated packages
+shortcut: depcheck
+---
+
+# Dependency Checker
+
+Analyze project dependencies for known vulnerabilities, outdated packages, and license compliance issues.
+
+## Analysis Process
+
+1. **Detect Package Manager**
+   - Identify package.json (npm/yarn/pnpm)
+   - Identify requirements.txt/Pipfile (pip)
+   - Identify composer.json (PHP)
+   - Identify Gemfile (Ruby)
+   - Identify go.mod (Go)
+
+2. **Vulnerability Scanning**
+   - Check against CVE databases
+   - Identify known security advisories
+   - Report CVSS scores
+   - Check transitive dependencies
+
+3. **Version Analysis**
+   - Identify outdated packages
+   - Check for available security patches
+   - Report breaking vs. non-breaking updates
+   - Suggest safe upgrade paths
+
+4. **License Compliance**
+   - Scan dependency licenses
+   - Flag incompatible licenses
+   - Report license obligations
+
+## Report Output
+
+Generate comprehensive dependency report with:
+- Vulnerable packages with CVE details
+- Outdated packages with available versions
+- License compliance issues
+- Recommended updates with impact analysis
+- Upgrade commands for each package manager
+
+## Best Practices
+
+- Run before every deployment
+- Update dependencies regularly
+- Review transitive dependencies
+- Use lock files (package-lock.json, Pipfile.lock)
+- Test after updating dependencies
--- a/plugin.lock.json
+++ b/plugin.lock.json
@@ -0,0 +1,65 @@
+{
+  "$schema": "internal://schemas/plugin.lock.v1.json",
+  "pluginId": "gh:jeremylongshore/claude-code-plugins-plus:plugins/security/dependency-checker",
+  "normalized": {
+    "repo": null,
+    "ref": "refs/tags/v20251128.0",
+    "commit": "bdb4e78aa805b3b297f11674eeec08b30ed02aea",
+    "treeHash": "63934f5758b783780427fc2b6c732685e79b50a88755c8a3d95cb19fa34624ba",
+    "generatedAt": "2025-11-28T10:18:23.114639Z",
+    "toolVersion": "publish_plugins.py@0.2.0"
+  },
+  "origin": {
+    "remote": "git@github.com:zhongweili/42plugin-data.git",
+    "branch": "master",
+    "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
+    "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
+  },
+  "manifest": {
+    "name": "dependency-checker",
+    "description": "Check dependencies for known vulnerabilities, outdated packages, and license compliance",
+    "version": "1.0.0"
+  },
+  "content": {
+    "files": [
+      {
+        "path": "README.md",
+        "sha256": "cd8c6ada5787013aaa3c91f7a8a607d5b9b373d4b78862b818d43c5b5af424eb"
+      },
+      {
+        "path": ".claude-plugin/plugin.json",
+        "sha256": "50363b20ea7da1faef7a0e3cfe3c46a0af396804780d1d6eb94d41431c71d13b"
+      },
+      {
+        "path": "commands/check-deps.md",
+        "sha256": "a81df86ff295a5293e0e7eb44c8be1a1228eaf1704793fab7e499084813754d2"
+      },
+      {
+        "path": "skills/dependency-checker/SKILL.md",
+        "sha256": "6afe10ee2439ac426fd9ad529ccf804cf74bf85c3c2ab255f117b886f2320b18"
+      },
+      {
+        "path": "skills/dependency-checker/references/README.md",
+        "sha256": "0921ee1a1d7f2c519d1b947e6ab4c87b95da9b3ee728f0c213d05f7a1a63a09c"
+      },
+      {
+        "path": "skills/dependency-checker/scripts/README.md",
+        "sha256": "b44bdaa79ba29a77ce6f83863efe108a34be7a9ee5ed6bd7ba8d3d83313f77ad"
+      },
+      {
+        "path": "skills/dependency-checker/assets/report_template.md",
+        "sha256": "bd3b022e69952a5eb648d6da96851fc164b77d8f583d21cd04038a9e741833d1"
+      },
+      {
+        "path": "skills/dependency-checker/assets/README.md",
+        "sha256": "5b084b6ad8496e67826e7c2fbfef85904272b4236e0a8b8642faea4e5712e501"
+      }
+    ],
+    "dirSha256": "63934f5758b783780427fc2b6c732685e79b50a88755c8a3d95cb19fa34624ba"
+  },
+  "security": {
+    "scannedAt": null,
+    "scannerVersion": null,
+    "flags": []
+  }
+}
--- a/skills/dependency-checker/SKILL.md
+++ b/skills/dependency-checker/SKILL.md
@@ -0,0 +1,54 @@
+---
+name: analyzing-dependencies
+description: |
+  This skill analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance issues. It helps identify potential risks in your project's dependencies using the dependency-checker plugin. Use this skill when you need to check dependencies for vulnerabilities, identify outdated packages that need updates, or ensure license compatibility. Trigger phrases include "check dependencies", "dependency check", "find vulnerabilities", "scan for outdated packages", "/depcheck", and "license compliance". This skill supports npm, pip, composer, gem, and go modules projects.
+allowed-tools: Read, Write, Edit, Grep, Glob, Bash
+version: 1.0.0
+---
+
+## Overview
+
+This skill empowers Claude to automatically analyze your project's dependencies for security vulnerabilities, outdated packages, and license compliance issues. It uses the dependency-checker plugin to identify potential risks and provides insights for remediation.
+
+## How It Works
+
+1. **Detecting Package Manager**: The skill identifies the relevant package manager (npm, pip, composer, gem, go modules) based on the presence of manifest files (e.g., package.json, requirements.txt, composer.json).
+2. **Scanning Dependencies**: The skill utilizes the dependency-checker plugin to scan the identified dependencies against known vulnerability databases (CVEs), outdated package lists, and license information.
+3. **Generating Report**: The skill presents a comprehensive report summarizing the findings, including vulnerability summaries, detailed vulnerability information, outdated packages with recommended updates, and license compliance issues.
+
+## When to Use This Skill
+
+This skill activates when you need to:
+- Check a project for known security vulnerabilities in its dependencies.
+- Identify outdated packages that may contain security flaws or performance issues.
+- Ensure that the project's dependencies comply with licensing requirements.
+
+## Examples
+
+### Example 1: Identifying Vulnerabilities Before Deployment
+
+User request: "Check dependencies for vulnerabilities before deploying to production."
+
+The skill will:
+1. Detect the relevant package manager (e.g., npm).
+2. Scan the project's dependencies for known vulnerabilities using the dependency-checker plugin.
+3. Generate a report highlighting any identified vulnerabilities, their severity, and recommended fixes.
+
+### Example 2: Updating Outdated Packages
+
+User request: "Scan for outdated packages and suggest updates."
+
+The skill will:
+1. Detect the relevant package manager (e.g., pip).
+2. Scan the project's dependencies for outdated packages.
+3. Generate a report listing the outdated packages and their available updates, including major, minor, and patch releases.
+
+## Best Practices
+
+- **Regular Scanning**: Schedule dependency checks regularly (e.g., weekly or monthly) to stay informed about new vulnerabilities and updates.
+- **Pre-Deployment Checks**: Always run a dependency check before deploying any code to production to prevent introducing vulnerable dependencies.
+- **Review and Remediation**: Carefully review the generated reports and take appropriate action to remediate identified vulnerabilities and update outdated packages.
+
+## Integration
+
+This skill seamlessly integrates with other Claude Code tools, allowing you to use the identified vulnerabilities to guide further actions, such as automatically creating pull requests to update dependencies or generating security reports for compliance purposes.
--- a/skills/dependency-checker/assets/README.md
+++ b/skills/dependency-checker/assets/README.md
@@ -0,0 +1,7 @@
+# Assets
+
+Bundled resources for dependency-checker skill
+
+- [ ] report_template.md: A template for generating dependency check reports.
+- [ ] example_npm_audit_report.json: An example npm audit report for demonstration purposes.
+- [ ] example_pip_audit_report.json: An example pip audit report for demonstration purposes.
--- a/skills/dependency-checker/assets/report_template.md
+++ b/skills/dependency-checker/assets/report_template.md
--- a/skills/dependency-checker/references/README.md
+++ b/skills/dependency-checker/references/README.md
@@ -0,0 +1,8 @@
+# References
+
+Bundled resources for dependency-checker skill
+
+- [ ] npm_audit_format.md: Documentation on the format of npm audit reports.
+- [ ] pip_audit_format.md: Documentation on the format of pip audit reports.
+- [ ] license_compatibility_matrix.md: A matrix detailing license compatibility between common open-source licenses.
+- [ ] dependency_checker_best_practices.md: A guide to best practices for dependency management and security.
--- a/skills/dependency-checker/scripts/README.md
+++ b/skills/dependency-checker/scripts/README.md
@@ -0,0 +1,7 @@
+# Scripts
+
+Bundled resources for dependency-checker skill
+
+- [ ] dependency_check.sh: A shell script to execute dependency checks using various package managers.
+- [ ] vulnerability_report_parser.py: A Python script to parse vulnerability reports and format them for Claude.
+- [ ] license_compliance_checker.py: A Python script to check license compatibility of dependencies.