// Audit npm dependencies for security vulnerabilities, outdated packages, and unused dependencies. Use when checking for security issues, updating packages, or cleaning up dependencies.
HyperFrames CLI dev loop — use `npx hyperframes` for scaffolding (init), validation (lint, inspect), preview, render, and environment troubleshooting (doctor, browser, info, upgrade). Use when working in or alongside a HyperFrames project and the user asks to scaffold, preview, render, lint, install a registry block, or diagnose a broken environment.
Asset preprocessing for HyperFrames compositions — text-to-speech narration (Kokoro), audio/video transcription (Whisper), and background removal for transparent overlays. Use when a HyperFrames project needs a voiceover, captions/subtitles from existing audio, or a clean cutout from a photo/video for use as an overlay.
Capture a website and create a HyperFrames video from it. Use whenever the user (1) provides a URL and wants a video, (2) says "capture this site", "turn this into a video", "make a video tour of this page", or (3) wants a scrolling product walkthrough, marketing reel, or before/after visual built from a real site.
Create video compositions, animations, title cards, overlays, captions, voiceovers, audio-reactive visuals, and scene transitions. Use whenever the user asks to build a video, motion graphic, animated explainer, intro, outro, title card, or convert a website / podcast / talk into a video. HyperFrames is HTML-based — fast iteration, real rendering.
Audit websites for accessibility issues and WCAG compliance. Use when checking accessibility, fixing a11y issues, or ensuring WCAG compliance.
Generate REST API endpoints with proper structure, validation, error handling, and types. Use when creating new API routes, endpoints, or backend services.
| name | dependency-auditor |
| description | Audit npm dependencies for security vulnerabilities, outdated packages, and unused dependencies. Use when checking for security issues, updating packages, or cleaning up dependencies. |
When auditing dependencies:
# NPM audit
npm audit
# Get JSON output for processing
npm audit --json
# Fix automatically (safe fixes only)
npm audit fix
# Force fix (may have breaking changes)
npm audit fix --force
# PNPM
pnpm audit
# Yarn
yarn audit
# NPM
npm outdated
# Interactive update
npx npm-check-updates -i
# Update all to latest
npx npm-check-updates -u
npm install
# Check specific package
npm view <package> versions
# Using depcheck
npx depcheck
# With details
npx depcheck --detailed
# Ignore patterns
npx depcheck --ignores="@types/*,eslint-*"
Depcheck may flag these as unused when they're actually needed:
@types/* packages (used by TypeScript)# For Next.js
npx @next/bundle-analyzer
# General purpose
npx source-map-explorer dist/**/*.js
# Check package size before installing
npx package-phobia <package-name>
# Compare alternatives
npx bundlephobia-cli compare lodash ramda
# Update patch versions only
npm update
# Update specific package
npm install package@latest
# Update everything
npx npm-check-updates -u
npm install
npm test
npx npm-check-updates -i
# Options:
# a - update all
# space - toggle selection
# enter - apply selected
{
"dependencies": {
// Runtime dependencies only
},
"devDependencies": {
// Build/test tools only
},
"peerDependencies": {
// For libraries only
},
"optionalDependencies": {
// Platform-specific (rare)
}
}
npm ci in CI/CD (not npm install)# .github/dependabot.yml
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
groups:
dev-dependencies:
dependency-type: "development"