원클릭으로
dependency-analyzer
Analyzes project dependencies for security vulnerabilities, version drift, licensing, and upgrade paths
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Analyzes project dependencies for security vulnerabilities, version drift, licensing, and upgrade paths
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Analyzes project structure, module dependencies, imports, and entry points to generate architecture diagrams in Mermaid format
Analyzes ETL and data pipeline code for optimization opportunities across Python (Pandas, PySpark), Rust (polars, datafusion), SQL, and general pipeline descriptions
Validates environment variable configurations and config files (YAML, TOML, JSON, .env) for missing required variables, type mismatches, deprecated keys, naming convention violations, secret exposure risks, and invalid value ranges
Analyzes code for performance bottlenecks including N+1 queries, O(n^2) or worse algorithms, unnecessary allocations, sync I/O in async contexts, excessive cloning, missing caching opportunities, and large payload transfers. Supports Rust, Python, TypeScript, and Go.
Analyzes, improves, and restructures LLM prompts for clarity, efficiency, and reliability
Analyzes source code for common security vulnerabilities including SQL injection, XSS, command injection, hardcoded secrets, insecure deserialization, path traversal, and SSRF
| name | dependency-analyzer |
| description | Analyzes project dependencies for security vulnerabilities, version drift, licensing, and upgrade paths |
| version | 1.0.0 |
| author | go-on-team |
| tags | ["dependencies","security","licensing","audit","cargo","npm","pip","go"] |
| min_go_on_version | 1.0.0 |
Scans project dependency manifests (Cargo.toml, package.json, requirements.txt, go.mod) and produces a structured report covering security advisories, outdated packages, license compatibility, and suggested upgrade paths. Annotates findings by severity and provides actionable remediation advice.
| Parameter | Type | Description |
|---|---|---|
manifest | string | Content of the dependency manifest file |
manifest_type | string | Manifest format: cargo, npm, pip, go-mod, gem, maven |
include_license_check | boolean | Optional: include license analysis (default: true) |
include_upgrade_suggestions | boolean | Optional: suggest specific version upgrades (default: true) |
depth | integer | Optional: dependency tree depth to analyze (default: 1, max: 3) |
{
"manifest": "[package]\nname = \"my-app\"\nversion = \"0.1.0\"\n\n[dependencies]\ntokio = { version = \"1.28\", features = [\"full\"] }\nserde = \"1.0\"\nserde_json = \"1.0\"\nreqwest = { version = \"0.11.14\", features = [\"json\"] }\nopenssl = \"0.10.55\"\nlegacy-lib = \"0.5\"\nimage = \"0.24\"\n",
"manifest_type": "cargo",
"include_license_check": true,
"include_upgrade_suggestions": true,
"depth": 1
}
Example output (abbreviated):
# Dependency Analysis Report
## Critical
| Package | Version | Issue | Recommendation |
|---------|---------|-------|---------------|
| openssl | 0.10.55 | CVE-2024-XXXX: buffer overflow in TLS handshake | Upgrade to 0.10.60+ |
## Medium
| Package | Version | Issue | Recommendation |
|---------|---------|-------|---------------|
| reqwest | 0.11.14 | 6 minor versions behind (latest: 0.12.7) | Upgrade to 0.12.x (breaking: native-tls → rustls default) |
| image | 0.24 | 1 major version behind (latest: 0.25) | Upgrade to 0.25 (breaking: decoder API changes) |
## License Summary
| Package | License | Risk |
|---------|---------|------|
| tokio | MIT | ✅ Low |
| openssl | Apache-2.0 | ✅ Low |
| image | MIT/Apache-2.0 | ✅ Low |
## Suggested Actions
1. **Immediate**: Update openssl to 0.10.60 (security fix)
2. **This quarter**: Migrate reqwest to 0.12.x (documented migration guide)
3. **Backlog**: Plan image 0.24 → 0.25 migration (breaking changes in decoder API)