47network/dependency-audit
skills/security/dependency-audit/SKILL.md
Audit project dependencies for known CVEs, license compliance, typosquatting, and supply chain integrity risks. Cross-references packages against vulnerability databases.
$ install --global
skillsauthnpx skillsauth add 47network/Sven dependency-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 6:17 PM67.9s2 files scanned
SKILL.md
- name:
- dependency-audit
- description:
- Audit project dependencies for known CVEs, license compliance, typosquatting, and supply chain integrity risks. Cross-references packages against vulnerability databases.
- version:
- 2026.4.11
- publisher:
- 47Network
- handler_language:
- typescript
- handler_file:
- handler.ts
- inputs_schema:
- {"type":"object","properties":{"action":{"type":"string","enum":["audit","check_license","check_typosquat","parse_deps"],"default":"audit"},"dependencies":{"type":"object","additionalProperties":{"type":"string"}},"devDependencies":{"type":"object","additionalProperties":{"type":"string"}},"known_vulns":{"type":"array","items":{"type":"object"}},"licenses":{"type":"object","additionalProperties":{"type":"string"}},"package_name":{"type":"string"},"license":{"type":"string"}},"required":["action"],"additionalProperties":false}
- outputs_schema:
- {"type":"object","properties":{"action":{"type":"string"},"result":{"type":"object"}},"required":["action","result"]}
Dependency Audit Skill
Audit npm/Node.js dependencies for CVEs, license compliance, typosquatting, and supply chain integrity. Generates scored reports with remediation guidance.
Actions
audit— Run full dependency audit (CVEs, licenses, supply chain)check_license— Classify a single license stringcheck_typosquat— Check if a package name might be a typosquatparse_deps— Parse package.json dependencies into audit format
Scope Mapping
security.dependencies: read (analysis only)
Related Skills
47network/webapp-tester
development
VerifiedTrustedCommunity
Automated web testing advisor — generate Playwright test scripts, accessibility checks, and performance audits.
3SKILL.mdUpdated Apr 23, 2026
47network/security-posture
testing
VerifiedTrustedCommunity
Unified security posture reporting — combines SAST, dependency audit, secret scan, infrastructure scan, and pentest results into a single scored report with OWASP and SOC 2 compliance mapping, top risks, and remediation recommendations.
3SKILL.mdUpdated Apr 23, 2026
47network/secret-scanner
development
VerifiedTrustedCommunity
Detect hardcoded secrets, API keys, tokens, private keys, and credentials in source code and config files. 20 built-in patterns covering AWS, GitHub, Slack, Stripe, database URLs, JWTs, and more.
3SKILL.mdUpdated Apr 23, 2026
47network/sast-scanner
development
VerifiedTrustedCommunity
Static Application Security Testing — scan TypeScript/JavaScript source code for SQL injection, XSS, SSRF, path traversal, command injection, hardcoded secrets, insecure crypto, auth bypass, prototype pollution, and more. 14 built-in rules mapped to OWASP Top 10 and CWE.
3SKILL.mdUpdated Apr 23, 2026