nikiforovall/dotnet-dependency
plugins/handbook-dotnet/skills/dotnet-dependency/SKILL.md
This skill should be used when investigating .NET project dependencies, understanding why packages are included, listing references, or auditing for outdated/vulnerable packages.
$ install --global
skillsauthnpx skillsauth add nikiforovall/claude-code-rules dotnet-dependencyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 7, 2026, 8:19 PM4.4s2 files scanned
SKILL.md
- name:
- dotnet-dependency
- description:
- This skill should be used when investigating .NET project dependencies, understanding why packages are included, listing references, or auditing for outdated/vulnerable packages.
- allowed-tools:
- Bash(dotnet nuget why:*), Bash(dotnet list:*), Bash(dotnet outdated:*), Bash(dotnet package search:*), Bash(dotnet add package:*), Bash(dotnet remove package:*), Bash(dotnet tool:*), Read, Grep, Glob
.NET Dependencies
Investigate and manage .NET project dependencies using built-in dotnet CLI commands.
When to Use This Skill
Invoke when the user needs to:
- Search for NuGet packages or find latest versions
- Add, update, or remove package references
- Understand why a specific NuGet package is included
- List all project dependencies (NuGet packages or project references)
- Find outdated or vulnerable packages
- Trace transitive dependencies
- Manage dotnet tools (search, install, update)
Quick Reference
| Command | Purpose |
| ------------------------------------------- | -------------------------------------- |
| dotnet package search <term> | Search NuGet for packages |
| dotnet package search <name> --exact-match| List all versions of a package |
| dotnet add package <id> | Add/update package to latest version |
| dotnet add package <id> -v <ver> | Add/update package to specific version |
| dotnet remove package <id> | Remove package reference |
| dotnet nuget why <package> | Show dependency graph for a package |
| dotnet list package | List NuGet packages |
| dotnet list package --include-transitive | Include transitive dependencies |
| dotnet list reference --project <project> | List project-to-project references |
| dotnet list package --outdated | Find packages with newer versions |
| dotnet list package --vulnerable | Find packages with security issues |
| dotnet outdated | (Third-party) Check outdated packages |
| dotnet outdated -u | (Third-party) Auto-update packages |
| dotnet tool search <term> | Search for dotnet tools |
| dotnet tool update <id> | Update local tool to latest |
| dotnet tool update --all | Update all local tools |
Search NuGet Packages
Find packages and check latest versions directly from CLI:
# Search for packages by keyword
dotnet package search Serilog --take 5
# Find latest version of a specific package
dotnet package search Aspire.Hosting.AppHost --take 1
# Include prerelease versions
dotnet package search ModelContextProtocol --prerelease --take 3
# List ALL available versions of a package (version history)
dotnet package search Newtonsoft.Json --exact-match
# JSON output for scripting
dotnet package search Serilog --format json --take 3
Add and Update Packages
# Add package (installs latest stable version)
dotnet add package Serilog
# Add specific version
dotnet add package Serilog -v 4.0.0
# Add prerelease version
dotnet add package ModelContextProtocol --prerelease
# Add to specific project
dotnet add src/MyProject/MyProject.csproj package Serilog
# Update existing package to latest (same command as add)
dotnet add package Serilog
# Remove package
dotnet remove package Serilog
Note: dotnet add package both adds new packages and updates existing ones to the specified (or latest) version.
Manage Dotnet Tools
# Search for tools
dotnet tool search dotnet-outdated --take 3
# Update a local tool (from manifest)
dotnet tool update cake.tool
# Update with prerelease
dotnet tool update aspire.cli --prerelease
# Update all local tools
dotnet tool update --all
# Update global tool
dotnet tool update -g dotnet-ef
Investigate Package Dependencies
To understand why a package is included in your project:
# Why is this package included?
dotnet nuget why Newtonsoft.Json
# For a specific project
dotnet nuget why path/to/Project.csproj Newtonsoft.Json
# For a specific framework
dotnet nuget why Newtonsoft.Json --framework net8.0
Output shows the complete dependency chain from your project to the package.
List NuGet Packages
# Direct dependencies only
dotnet list package
# Include transitive (indirect) dependencies
dotnet list package --include-transitive
# For a specific project
dotnet list package --project path/to/Project.csproj
# JSON output for scripting
dotnet list package --format json
List Project References
# List project-to-project references
dotnet list reference --project path/to/Project.csproj
Transitive Project References
No built-in command shows transitive project dependencies. To find if Project A depends on Project B transitively:
- Recursive approach: Run
dotnet list referenceon each referenced project - Parse .csproj files: Search for
<ProjectReference>elements recursively:
# Find all ProjectReference elements
grep -r "ProjectReference" --include="*.csproj" .
Update Dependencies
Using dotnet outdated (Third-party)
If installed (dotnet tool install -g dotnet-outdated-tool):
# Check for outdated packages
dotnet outdated
# Auto-update to latest versions
dotnet outdated -u
# Update only specific packages
dotnet outdated -u -inc PackageName
Using built-in commands
# Check for outdated packages
dotnet list package --outdated
# Include prerelease versions
dotnet list package --outdated --include-prerelease
Progressive Disclosure
For security auditing (vulnerable, deprecated, outdated packages), load references/security-audit.md.
References
- dotnet package search
- dotnet add package
- dotnet remove package
- dotnet nuget why
- dotnet list reference
- dotnet list package
- dotnet tool
Related Skills
nikiforovall/visual-explainer
development
VerifiedTrustedCommunity
Generate beautiful, self-contained HTML pages that visually explain systems, code changes, plans, and data. Use when the user asks for a diagram, architecture overview, diff review, plan review, project recap, comparison table, or any visual explanation of technical concepts. Also use proactively when you are about to render a complex ASCII table (4+ rows or 3+ columns) — present it as a styled HTML page instead.
123SKILL.mdUpdated May 16, 2026
nikiforovall/glab
tools
VerifiedTrustedCommunity
Expert guidance for using the GitLab CLI (glab) to manage GitLab issues, merge requests, CI/CD pipelines, repositories, and other GitLab operations from the command line. Use this skill when the user needs to interact with GitLab resources or perform GitLab workflows.
123SKILL.mdUpdated May 16, 2026
nikiforovall/plugins/handbook-reflect/skills/reflect
tools
VerifiedTrustedCommunity
--- name: reflect description: Analyze a Claude Code session for "wrong-turn" moments (corrections, retries, waste, reversals, dead-ends) and produce an interactive HTML dashboard with copy-able recommendations (CLAUDE.md rules, docs, scripts, hooks, memory entries, sub-skills, etc.) that would help future agents reach the goal faster. Defaults to reflecting on the current in-context session; optionally accepts a session ID or JSONL path. Use when the user invokes /reflect or asks to learn from
119SKILL.mdUpdated Apr 26, 2026
nikiforovall/plugins/handbook-reflect/skills/reflect-tree
tools
VerifiedTrustedCommunity
--- name: reflect-tree description: Visualize a Claude Code session as a quest/skill tree — a navigable SVG graph where nodes are turns and edges show flow, with distinct visual encoding for normal flow, dead-ends, corrections, retries, reversals, and backtracking. Sibling to /reflect (which produces an incidents+recommendations dashboard); this one shows the journey itself. Defaults to the current in-context session; optionally accepts a session ID or JSONL path. Use when the user invokes /refl
119SKILL.mdUpdated Apr 26, 2026