depchecklisted

Checks projects and packages for CVEs using Socket.dev CLI and native audit commands. Use when auditing dependencies for vulnerabilities, evaluating a package before install, or scanning a project's dependency tree.
usrrname/agent-skills · ★ 0 · AI & Automation · score 54

Install: claude install-skill usrrname/agent-skills

# Dependency Analysis with Socket Uses the [Socket CLI](https://docs.socket.dev/docs/socket-cli) (`@socketsecurity/cli`) to check for CVEs in direct and transitive dependencies. Also covers native audit commands for npm, yarn, pnpm, and bun. ## Prerequisites ```bash npm install -g @socketsecurity/cli socket login # or: export SOCKET_SECURITY_API_TOKEN=<token> ``` ## Check a single package for CVEs ```bash socket package score npm <package> --markdown # deep (includes transitives) socket package shallow npm <package> # shallow (package only) socket package shallow npm react lodash eslint # multiple packages ``` ## Check a project for CVEs ```bash socket scan create <dir> --report # full scan socket ci # CI gate (non-zero on failure) socket scan create . --json | jq '.alerts[] | select(.severity == "critical")' ``` ## Native audit commands (no Socket required) ### npm ```bash npm audit --audit-level=high npm audit --json | jq '.vulnerabilities | to_entries[] | select(.value.severity == "high" or .value.severity == "critical")' ``` ### yarn v1 ```bash yarn audit --level high ``` ### yarn v4+ (berry) ```bash yarn npm audit --all --severity high ``` ### pnpm ```bash pnpm audit --audit-level=high ``` ### bun ```bash bun audit --audit-level high ``` ### ad-hoc (no lockfile) ```bash npx audit-ci --high ``` ## Secure install wrapper ```bash socket npm install # drop-in npm repla