32 lines
1.5 KiB
Markdown
32 lines
1.5 KiB
Markdown
---
|
|
allowed-tools: Read, Bash, Grep
|
|
argument-hint: [scope] | --security | --licenses | --updates | --all
|
|
description: Audit dependencies for security vulnerabilities, license compliance, and update recommendations
|
|
---
|
|
|
|
# Dependency Audit
|
|
|
|
Audit dependencies for security vulnerabilities and compliance: **$ARGUMENTS**
|
|
|
|
## Current Dependencies
|
|
|
|
- Package files: @package.json or @requirements.txt or @Cargo.toml or @pom.xml
|
|
- Lock files: @package-lock.json or @poetry.lock or @Cargo.lock
|
|
- Security scan: !`npm audit --audit-level=moderate 2>/dev/null || pip check 2>/dev/null || cargo audit 2>/dev/null || echo "No security scanner available"`
|
|
- Outdated packages: !`npm outdated 2>/dev/null || pip list --outdated 2>/dev/null || echo "Check manually"`
|
|
|
|
## Task
|
|
|
|
Perform comprehensive dependency security and compliance audit:
|
|
|
|
**Audit Scope**: Use $ARGUMENTS to focus on security, licenses, updates, or complete audit
|
|
|
|
**Analysis Areas**:
|
|
1. **Vulnerability Scanning** - Known CVEs, security advisories, exploit availability
|
|
2. **Version Analysis** - Outdated packages, breaking changes, update recommendations
|
|
3. **License Compliance** - License compatibility, restrictions, legal obligations
|
|
4. **Supply Chain Security** - Package authenticity, maintainer status, suspicious dependencies
|
|
5. **Performance Impact** - Bundle size, unused dependencies, optimization opportunities
|
|
|
|
**Output**: Prioritized security report with critical vulnerabilities, recommended actions, and compliance status.
|