Files
wehub-resource-sync bb5c75ce05
Component Security Validation / Security Audit (push) Has been cancelled
Deploy to Cloudflare Pages / deploy (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:38:58 +08:00

32 lines
1.5 KiB
Markdown

---
allowed-tools: Read, Bash, Grep
argument-hint: [scope] | --security | --licenses | --updates | --all
description: Audit dependencies for security vulnerabilities, license compliance, and update recommendations
---
# Dependency Audit
Audit dependencies for security vulnerabilities and compliance: **$ARGUMENTS**
## Current Dependencies
- Package files: @package.json or @requirements.txt or @Cargo.toml or @pom.xml
- Lock files: @package-lock.json or @poetry.lock or @Cargo.lock
- Security scan: !`npm audit --audit-level=moderate 2>/dev/null || pip check 2>/dev/null || cargo audit 2>/dev/null || echo "No security scanner available"`
- Outdated packages: !`npm outdated 2>/dev/null || pip list --outdated 2>/dev/null || echo "Check manually"`
## Task
Perform comprehensive dependency security and compliance audit:
**Audit Scope**: Use $ARGUMENTS to focus on security, licenses, updates, or complete audit
**Analysis Areas**:
1. **Vulnerability Scanning** - Known CVEs, security advisories, exploit availability
2. **Version Analysis** - Outdated packages, breaking changes, update recommendations
3. **License Compliance** - License compatibility, restrictions, legal obligations
4. **Supply Chain Security** - Package authenticity, maintainer status, suspicious dependencies
5. **Performance Impact** - Bundle size, unused dependencies, optimization opportunities
**Output**: Prioritized security report with critical vulnerabilities, recommended actions, and compliance status.