Evaluates packages and manages dependencies securely. Benefits developers and operations teams by automating dependency checks and ensuring secure package management. Integrates with Claude Code, Codex CLI, and other Agent Skills-compatible agents.
git clone https://github.com/andrew/managing-dependencies.gitmanaging-dependencies is a skill that automates package evaluation and dependency management with a focus on supply chain security. It detects typosquatting and dependency confusion attacks, reviews lockfile changes, and guides teams through secure dependency decisions. The skill activates automatically when you ask Claude Code or compatible agents about packages, dependencies, or security concerns. It helps developers and operations teams reduce risk by providing security audit guidance, package trustworthiness analysis, and PR dependency change reviews. Works seamlessly with Claude Code, Codex CLI, and other Agent Skills-compatible platforms.
Install via the plugin marketplace with '/plugin marketplace add andrew/managing-dependencies' or copy SKILL.md to your .claude/skills or .codex/skills directory. The skill activates automatically when you ask about dependencies, packages, or supply chain security.
Evaluate new packages for security risks before adding to a project
Detect typosquatting and dependency confusion attacks
Review lockfile changes and version constraints in pull requests
Run and interpret security audits on project dependencies
No install command available. Check the GitHub repository for manual installation instructions.
git clone https://github.com/andrew/managing-dependenciesCopy the install command above and run it in your terminal.
Launch Claude Code, Cursor, or your preferred AI coding agent.
Use the prompt template or examples below to test the skill.
Adapt the skill to your specific use case and workflow.
Analyze the dependencies for the [PROJECT_NAME] repository located at [REPO_URL]. Identify any outdated or vulnerable packages. For each issue, suggest specific updates or alternatives. Also, provide a summary of the overall dependency health score on a scale of 1-10.
After analyzing the dependencies for the 'E-Commerce Platform' repository at github.com/ecom-platform/main, I've identified several issues: 1. Package 'express' is outdated (4.17.1) and has a known vulnerability. Recommend updating to version 4.18.2. 2. 'lodash' is using version 4.17.15, which is 5 minor versions behind. Suggest updating to 4.17.21. 3. 'bcrypt' is at version 5.0.0 but should be updated to 5.1.0 for security patches. 4. 'mongoose' is using version 5.12.3, which is 2 major versions behind. Consider updating to 7.0.3. Overall dependency health score: 5/10. The project has several critical updates needed for security and compatibility.
AI assistant built for thoughtful, nuanced conversation
Get more done every day with Microsoft Teams – powered by AI
Automate security compliance and monitor real-time security posture seamlessly.
Automate your spreadsheet tasks with AI power
Agentic AI Workflow platform
Connected workspace for docs, wikis, and projects
Take a free 3-minute scan and get personalized AI skill recommendations.
Take free scan