zhongwei/gh-jeremylongshore-claude-code-plugins-plus-plugins-security-dependency-checker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3bc832a4cfaab810f8ab4447c8e436f7c6cfbc41
gh-jeremylongshore-claude-c…/commands/check-deps.md
Zhongwei Li 3bc832a4cf Initial commit
2025-11-30 08:22:07 +08:00

1.4 KiB
Raw Blame History

description, shortcut
description shortcut
Check dependencies for vulnerabilities and outdated packages depcheck

Dependency Checker

Analyze project dependencies for known vulnerabilities, outdated packages, and license compliance issues.

Analysis Process

  1. Detect Package Manager

    • Identify package.json (npm/yarn/pnpm)
    • Identify requirements.txt/Pipfile (pip)
    • Identify composer.json (PHP)
    • Identify Gemfile (Ruby)
    • Identify go.mod (Go)

  2. Vulnerability Scanning

    • Check against CVE databases
    • Identify known security advisories
    • Report CVSS scores
    • Check transitive dependencies

  3. Version Analysis

    • Identify outdated packages
    • Check for available security patches
    • Report breaking vs. non-breaking updates
    • Suggest safe upgrade paths

  4. License Compliance

    • Scan dependency licenses
    • Flag incompatible licenses
    • Report license obligations

Report Output

Generate comprehensive dependency report with:

  • Vulnerable packages with CVE details
  • Outdated packages with available versions
  • License compliance issues
  • Recommended updates with impact analysis
  • Upgrade commands for each package manager

Best Practices

  • Run before every deployment
  • Update dependencies regularly
  • Review transitive dependencies
  • Use lock files (package-lock.json, Pipfile.lock)
  • Test after updating dependencies
Reference in New Issue View Git Blame Copy Permalink