Use when the user wants to audit project dependencies for security vulnerabilities, outdated packages, license issues, or unused dependencies. Scans requirements.txt, pyproject.toml, or package.json.
Analyze project dependencies for security, freshness, licensing, and bloat.
requirements.txt, pyproject.toml, setup.py, setup.cfg, Pipfile, package.json, poetry.lock, uv.lock.pip-audit (Python) or npm audit (Node) if available. If not installed, check PyPI/npm advisory databases manually using web search.# Python
pip-audit # Best option
safety check # Alternative
pip list --outdated # Freshness only
# Node
npm audit
npx auditjs
Categorize each dependency:
Flag these license types:
# Check what's actually imported in the codebase
# Compare against what's declared in requirements
Cross-reference:
import X and from X import statements in the codebasePIL → Pillow, cv2 → opencv-python)| Package | Version | CVE | Severity | Fixed In |
|---|
| Package | Current | Latest | Behind By |
|---|
| Package | License | Risk |
|---|
| Package | Declared In | Reason |
|---|
Prioritized list of actions: what to update, what to remove, what to replace.
pip-audit or similar tools aren't installed, inform the user and suggest installing them, then proceed with manual analysis.