Skip to main content
Run any Skill in Manus
with one click

dependency-cve-audit

Stars2
Forks0
UpdatedJune 19, 2026 at 03:29

Audit project dependencies for known CVEs — fulfills 紅線 18 (Critical/High CVE must be 0 to merge). Class-level skill that covers BOTH npm + bun projects, lockfile quirks, and the "package is unmaintained, no fix available" trap (xlsx, node-ipc, etc.). Trigger conditions: - 紅線 18 enforcement (任何 ship / release 之前) - User 問「check security」、「CVE」、「npm audit」、「vulnerability」 - 任何 `package.json` / `bun.lock` / `package-lock.json` / `yarn.lock` 改動後 - 任何 new dep 引入(`bun add X`, `npm install X`) - Project 入面有 `xlsx`, `node-ipc`, `event-stream`, `getcookies`, `coa`, `rc`, `flatmap-stream` 等 known-unmaintained 嘅 package

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

File Explorer
3 files
SKILL.md
readonly