@apilium/dependency-audit

Detect outdated, vulnerable, and unused dependencies in npm, pnpm, and yarn projects.

Installation

Copy this skill directory into your Mayros skills folder:

cp -r skills/dependency-audit ~/.mayros/skills/dependency-audit

Or install via the Mayros CLI:

mayros skill install @apilium/dependency-audit

Prerequisites

Requires npm (bundled with Node.js):

node --version   # >= 18
npm --version    # >= 9

Optional: pnpm (npm install -g pnpm) or yarn (npm install -g yarn).

Usage

Once configured, the agent can:

• Vulnerability scan: run npm audit and classify findings by severity (critical/high/moderate/low)
• Outdated check: identify packages behind their latest published versions
• Unused detection: find dependencies declared but never imported (via depcheck)
• License audit: detect GPL/AGPL licenses in MIT-licensed projects (via license-checker)
• Remediation: suggest fix commands, overrides, and replacement packages

Example prompts

"Audit this project for vulnerable dependencies"
"Which packages are outdated?"
"Find unused dependencies in this project"
"Check if any dependencies use a GPL license"
"Fix the critical vulnerabilities"

Semantic Predicates

| Predicate | Scope | Description | |---|---|---| | deps:vulnerability_found | agent | Vulnerabilities detected by the agent | | deps:audit_context | namespace | Shared audit context for enrichment |

License

MIT