tenet-dependencieslisted

# Tenet Dependencies — Dependency Health Audit > Audits project dependencies for security vulnerabilities, maintenance status, duplication, staleness, and unused packages. Combines deterministic toolchain output with heuristic analysis of manifest files. ## Purpose This skill evaluates the health of a project's dependency tree across five dimensions: known CVEs (security vulnerabilities with published advisories), unmaintained packages (no release in >2 years), duplicate dependencies (multiple packages serving the same purpose), unused dependencies (declared but never imported), and severely outdated versions (pinned to old majors when newer majors exist). It consumes toolchain output from vulnerability scanners and supplements with its own manifest analysis. ## Language Support Matrix ```yaml support: native: [typescript, javascript, python, go, rust] heuristic: [java, ruby, php] skip: [yaml, json, markdown, css, html, shell, terraform, dockerfile] ``` - **Native** (npm/pip/go/cargo): Full manifest parsing, lockfile analysis, vulnerability cross-referencing, outdated version detection. - **Heuristic** (Java/Ruby/PHP): Manifest parsing (`pom.xml`/`build.gradle`, `Gemfile`, `composer.json`) with limited version analysis. Vulnerability detection depends on toolchain (trivy/osv-scanner). ## Toolchain Inputs This skill consumes the following `.healthcheck/toolchain/` files **if available**: | File | Tool | What It Provides | |---|---|---| | `npm_audit.json` | npm a