package-search

# Vulnetix Package Search Skill This skill searches for packages across ecosystems and provides a comprehensive security risk assessment before adding them as dependencies. ## Output & Analysis Guidelines **Primary output format:** Markdown. All reports, tables, summaries, and diffs MUST be presented as formatted markdown text directly — never generate scripts or programs to produce output that can be expressed as markdown. **Visual data — use Mermaid diagrams** to display data visually when it aids comprehension. Mermaid renders natively in markdown and requires no external tools. Use it for: - Dependency trees / upgrade paths → `graph TD` or `graph LR` - Version comparison timelines → `timeline` - Risk breakdowns → `pie` or `quadrantChart` - Decision flow (add/skip/alternatives) → `flowchart` Example — vulnerability distribution for a package: ````markdown ```mermaid pie title Vulnerability Severity "Critical" : 1 "High" : 2 "Medium" : 5 "Low" : 3 ``` ```` **If `uv` is available**, richer visualizations can be generated with Python (matplotlib, plotly) and saved to `.vulnetix/`: ```bash command -v uv &>/dev/null && uv run --with matplotlib python3 -c ' import matplotlib.pyplot as plt # ... generate chart ... plt.savefig(".vulnetix/chart.png", dpi=150, bbox_inches="tight") ' ``` When Python charts are generated, display them inline and keep the Mermaid version as a text fallback. **Data processing — tooling cascade (strict order):** 1. **jq / yq + bas...