dependency-audit-assistantlisted

# Dependency Audit Assistant This skill helps audit project dependencies for security vulnerabilities, outdated packages, and license compliance issues. ## When to Use This Skill - User requests a dependency audit or security check - Before major releases or deployments - User asks about outdated packages or vulnerabilities - License compliance review needed - User mentions "npm audit", "security", "dependencies", or "vulnerabilities" ## Instructions ### 1. Detect Package Manager Identify which package manager(s) the project uses: **JavaScript/Node.js:** - npm: `package.json` + `package-lock.json` - Yarn: `package.json` + `yarn.lock` - pnpm: `package.json` + `pnpm-lock.yaml` **Python:** - pip: `requirements.txt` or `setup.py` - Poetry: `pyproject.toml` + `poetry.lock` - Pipenv: `Pipfile` + `Pipfile.lock` **Ruby:** - Bundler: `Gemfile` + `Gemfile.lock` **Java:** - Maven: `pom.xml` - Gradle: `build.gradle` or `build.gradle.kts` **Go:** - Go modules: `go.mod` + `go.sum` **Rust:** - Cargo: `Cargo.toml` + `Cargo.lock` **PHP:** - Composer: `composer.json` + `composer.lock` Use Glob to find these files. ### 2. Run Security Audit Execute the appropriate audit command based on package manager: **npm:** `npm audit --json` or `npm audit` **Yarn:** `yarn audit --json` or `yarn audit` **pnpm:** `pnpm audit --json` **pip:** `pip-audit` or `safety check` **Poetry:** `poetry check` **Bundler:** `bundle audit check --update` **Maven:** `mvn dependency:tree` + OWASP Dependency