analyzing-dependencies

This skill analyzes project dependencies for security vulnerabilities, outdated packages, and license compliance issues. It helps identify potential risks in your project's dependencies using the dependency-checker plugin. Use this skill when you need to check dependencies for vulnerabilities, identify outdated packages that need updates, or ensure license compatibility. Trigger phrases include "check dependencies", "dependency check", "find vulnerabilities", "scan for outdated packages", "/depcheck", and "license compliance". This skill supports npm, pip, composer, gem, and go modules projects.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill analyzing-dependencies

What are skills?

Review — 60%

Does it follow best practices?

If you maintain this skill, you can automatically optimize it using the tessl CLI to improve its score:

npx tessl skill review --optimize ./path/to/skill

Learn more

Evaluation — 95%

Agent success when using this skill

Validation — 9 / 11 Passed

Validation for skill structure

SKILL.md

Review

Evals

Evaluation results

100%

27%

Pre-Deployment Dependency Review: PayFlow API

Vulnerability report structure and severity

Criteria

Without context

With context

Package manager identified

62%

100%

Vulnerability summary section

100%

Detailed vulnerability info

100%

Severity levels reported

100%

Recommended fixes present

100%

Outdated packages section

37%

100%

Update type classification

25%

100%

License compliance section

100%

Known vulnerable packages flagged

100%

Actionable remediation guidance

100%

Without context: $0.2754 · 1m 33s · 9 turns · 10 in / 5,196 out tokens

With context: $0.7248 · 3m 38s · 27 turns · 76 in / 9,551 out tokens

92%

Full-Stack Dependency Health Check: DataStream Platform

Multi-package-manager detection

Criteria

Without context

With context

npm detected

100%

pip detected

100%

Both ecosystems covered

100%

Frontend vulnerabilities

100%

Backend vulnerabilities

100%

Known vulnerable npm packages

100%

Known vulnerable Python packages

100%

Outdated packages section

100%

License compliance mentioned

100%

Scheduling recommendation

50%

Severity levels

100%

Without context: $0.2786 · 1m 38s · 9 turns · 9 in / 5,698 out tokens

With context: $1.3497 · 4m 46s · 44 turns · 43 in / 13,146 out tokens

92%

Dependency License Assessment: Meridian Acquisition Due Diligence

License compliance and integration reporting

Criteria

Without context

With context

Package manager identified

62%

100%

License compliance section

100%

Per-package license listed

100%

GPL flagged

100%

AGPL flagged

100%

Proprietary license flagged

100%

License risk explanation

100%

Vulnerability summary included

Actionable next steps

100%

Ongoing compliance recommendation

100%

Without context: $0.2380 · 1m 31s · 7 turns · 8 in / 4,818 out tokens

With context: $0.4508 · 2m 13s · 19 turns · 20 in / 6,827 out tokens

90%

Pre-Launch Security Audit for PHP Platform

Composer detection, pre-deployment check

Criteria

Without context

With context

Composer identified

100%

Vulnerability summary present

100%

Detailed vulnerability entries

100%

Severity levels reported

100%

Recommended fixes per vulnerability

100%

Outdated packages section

62%

75%

Update type classification

50%

20%

License compliance section

100%

Known vulnerable package flagged

100%

Pre-deployment framing

100%

Actionable remediation guidance

100%

Without context: $1.0873 · 8m 17s · 11 turns · 11 in / 8,072 out tokens

With context: $0.5597 · 2m 22s · 27 turns · 68 in / 8,264 out tokens

93%

17%

Quarterly Security Audit for Payment Microservice

Go modules detection and analysis

Criteria

Without context

With context

Go modules identified

60%

100%

Vulnerability summary present

100%

Detailed vulnerability entries

100%

Severity levels reported

100%

Recommended fixes present

100%

Outdated packages section

75%

100%

Update type classification

30%

License compliance section

100%

Known vulnerable package flagged

100%

golang.org/x/crypto flagged

100%

Prioritized remediation

100%

Without context: $0.2826 · 1m 38s · 10 turns · 59 in / 5,432 out tokens

With context: $1.3517 · 6m 15s · 45 turns · 44 in / 17,455 out tokens

97%

16%

Dependency Compliance Package for External Security Audit

Gem detection, integration, compliance report

Criteria

Without context

With context

Gem/Bundler identified

100%

Vulnerability summary present

100%

Detailed vulnerability entries

100%

Severity levels reported

100%

Outdated packages section

50%

100%

Update type classification

83%

License compliance section

100%

Known vulnerable gems flagged

100%

Remediation actions file produced

100%

PR-ready remediation format

100%

Scheduling recommendation

66%

Recommended fixes present

100%

Without context: $0.5655 · 3m 55s · 9 turns · 10 in / 13,952 out tokens

With context: $0.7902 · 4m 12s · 24 turns · 24 in / 14,926 out tokens

95%

Python API Security Audit

pip standalone detection and full report

Criteria

Without context

With context

pip identified

100%

Vulnerability summary section

100%

Detailed vulnerability entries

100%

Severity levels reported

100%

Recommended fixes present

100%

Known vulnerable packages flagged

100%

Outdated packages section

100%

Update type classification

40%

50%

License compliance section

100%

Prioritized remediation

100%

Actionable next steps

100%

Without context: $0.8659 · 3m 59s · 24 turns · 24 in / 12,397 out tokens

With context: $0.9690 · 4m 22s · 35 turns · 85 in / 13,271 out tokens

100%

Full-Stack Dependency Health Check

npm and Go modules multi-manager detection

Criteria

Without context

With context

npm detected

100%

Go modules detected

100%

Both ecosystems covered

100%

Frontend vulnerabilities

100%

Backend vulnerabilities

100%

Known vulnerable npm packages

100%

Known vulnerable Go packages

100%

Severity levels reported

100%

Outdated packages section

100%

Update type classification

100%

License compliance section

100%

Recommended fixes present

100%

Without context: $0.2989 · 1m 47s · 8 turns · 57 in / 6,721 out tokens

With context: $1.2438 · 5m 29s · 47 turns · 300 in / 12,924 out tokens

99%

Dependency Monitoring Program Setup

Scheduling recommendations and PR-ready remediation

Criteria

Without context

With context

npm identified

100%

Vulnerability summary section

100%

Detailed vulnerability entries

100%

Severity levels reported

100%

Outdated packages section

100%

Update type classification

62%

87%

License compliance section

100%

Known vulnerable packages flagged

100%

Separate remediation file produced

100%

PR-ready remediation format

100%

Scheduling recommendation

100%

Update reason provided

100%

Without context: $0.5116 · 3m 17s · 9 turns · 10 in / 12,300 out tokens

With context: $1.1223 · 5m 17s · 39 turns · 35 in / 17,850 out tokens

Evaluated: about 2 hours ago
Agent: Claude Code

Table of Contents

Pre-Deployment Dependency Review: PayFlow API Full-Stack Dependency Health Check: DataStream Platform Dependency License Assessment: Meridian Acquisition Due Diligence Pre-Launch Security Audit for PHP Platform Quarterly Security Audit for Payment Microservice Dependency Compliance Package for External Security Audit Python API Security Audit Full-Stack Dependency Health Check Dependency Monitoring Program Setup

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.