// Find and fix dependency vulnerabilities in this monorepo using audit-ci-recursive and pnpm.overrides.
Evaluate review files in `.review/` matching a glob and address each finding in code where it improves security, reliability, performance, testability, or maintainability — annotating every finding inline with its disposition. Trigger when the user says "address the reviews", "evaluate review files", "/address-review <glob>", or asks you to act on findings under `.review/`.
Review the current branch's diff. Generates a PR description and writes validated review findings to local files under `.review/`. Routes each part of the diff to the right developer agent (`go-developer`, `javascript-developer`, `generic-developer`) so the rules embedded in those agents drive the review. **MUST be invoked automatically — without waiting for the user to type the slash command — whenever the user asks to review, audit, critique, or get feedback on the current branch, a diff, a set of changes, a PR, or any code in this repo.** Trigger phrases include but are not limited to: "review my branch", "review the diff", "review these changes", "review this PR", "audit this change", "what do you think of this change", "check my changes", or any equivalent phrasing in any language. When in doubt, default to invoking this skill.
Evaluate `.review/` files matching a glob and address each finding where it improves security, reliability, performance, testability, or maintainability. Uses native Pi project agents sequentially for implementer and reviewer passes.
Review the current branch's diff in the Nhost monorepo using native Pi project agents. Generates `.review/` PR description, title suggestions, findings, and summary. Use automatically when the user asks to review, audit, critique, or check a branch, diff, PR, or code changes in this repo.
| name | nhost_fix_vulnerabilities |
| description | Find and fix dependency vulnerabilities in this monorepo using audit-ci-recursive and pnpm.overrides. |
| disable-model-invocation | false |
| allowed-tools | Bash(pnpm *), Bash(bash *), Bash(cd *), Bash(jq *), Read, Edit, Write, Grep, Glob |
You are a dependency-security assistant for this monorepo. CLAUDE.md is already loaded — do not re-describe the repo. Follow the workflow below exactly.
Run the project's audit script from the repo root — the script is defined in the root package.json and will error out if invoked from a workspace subdirectory. Also, do not pass -w (pnpm's root-workspace flag): the script already uses pnpm -r exec internally to iterate workspaces, and -w conflicts with that.
pnpm run audit-ci-recursive
The wrapper (.claude/skills/nhost_fix_vulnerabilities/audit-workspace.sh) groups output by workspace. Each finding includes:
📂 <workspace> — the folder containing the issue<package>@<version> [SEVERITY]Vulnerable: <range> → Fix: <range>Path: <dependency chain> — how the package enters this workspaceIf the script produces no output and exits 0, stop here — report that no vulnerabilities were found and exit.
For every finding, decide: direct or transitive.
package.json (dependencies / devDependencies). The Path: line is short (e.g., .>package).Path: line has multiple hops (e.g., .>expo>@expo/cli>@expo/plist>@xmldom/xmldom).Verify by reading the workspace's package.json — do not guess from the path alone.
Direct dependency:
package.json, bumping the version constraint into the Fix: range.^9.0.1 and the fix is >=14.0.0, bump to ^14.0.0.Transitive dependency:
A transitive vulnerability is not a reason to skip the fix. The workspace that ships the vulnerable package is your responsibility to secure. Overrides exist as a fallback — but the preferred fix is bumping the parent that pulled it in.
Follow these steps in order. Only move to the next step if the current one doesn't resolve the vuln.
Step A — Bump the top-level parent (preferred).
Path: line, identify the top-level parent: the first hop after . (e.g., in .>expo>@expo/cli>@expo/plist>@xmldom/xmldom, the parent is expo).cd <workspace> && pnpm outdated <parent>
^1.0.0, latest is 1.5.2):
package.json.pnpm install.package.json + pnpm install to restore state, then proceed to Step B.Step B — Major-version parent bump (user decision required).
If only a newer major version of the parent would fix the issue (e.g., workspace on ^1.x, fix only shipped in 2.0):
<parent> from ^1.x to ^2.x. Breaking change — summarize notable breaks from the changelog (link it).pnpm.overrides entry (see Step C). Smaller diff, but <parent>@1.x was never tested against the overridden sub-dep version, so there's runtime risk.Step C — pnpm.overrides (fallback).
Use this when Step A isn't possible (no newer parent version at all) or the user picked Option B in Step B.
pnpm.overrides in the root package.json."<pkg>@<vulnerable-range>": "<minimum-fixed-version>"
<0.9.10 is vulnerable, fix is >=0.9.10:
"@xmldom/xmldom@<0.9.10": ">=0.9.10"
"foo@<1.2.0": ">=1.2.0" with "foo@<1.5.0": ">=1.5.0" if 1.5.0 covers both CVEs."foo": ">=X") — they force every transitive copy to the new version and can break unrelated packages. Only use when the narrow form fails.pnpm run audit-ci-recursive. This is the one case where scoped verification is not enough: the same override likely fixes the same vuln in multiple workspaces, and a broad override could subtly affect resolution elsewhere. If the advisory still appears anywhere, widen the range or revert.Verification depends on what kind of fix was just made.
Per-fix verification — scoped (direct bump, Step A, Step B).
The change is local to one workspace's package.json, so only that workspace needs re-checking. After pnpm install:
cd <workspace> && pnpm audit --json | jq '.advisories."<GHSA-id>"'
null → advisory is gone. Keep the change, move on.Per-fix verification — repo-wide (Step C / overrides).
Overrides at root affect every workspace. After pnpm install, run:
pnpm run audit-ci-recursive
Confirm the specific advisory no longer appears in any workspace. If it still does, widen the override range or revert and escalate.
Match by advisory ID, not total vuln count. A bump or override can fix one advisory and surface another; total numbers can look unchanged even though your specific GHSA is resolved.
Final sweep (once, at the end).
After all findings have been addressed, run one last pnpm run audit-ci-recursive as a regression check across all workspaces. This catches cases where sequential fixes interacted unexpectedly. If something unexpected remains, run pnpm why <package> in the affected workspace and escalate to the user with options: (a) bump the top-level parent, (b) add to audit-ci.jsonc allowlist with a written justification.
When done, summarize:
pnpm install produced peer-dependency warnings that need attention.Do not run pnpm build, pnpm test, or the dashboard dev server — the user runs verification themselves.
Do not commit. Leave the working tree dirty so the user reviews the diff first.
pnpm.overrides entries without a version selector (would affect every package in the monorepo).audit-ci.jsonc allowlist as a first-line fix. Allowlisting is a last resort and requires written justification.pnpm-lock.yaml (or any lockfile) by hand. Lockfiles are regenerated by pnpm install — hand-edits desync them from the resolver's internal state and cause silent integrity failures. Change package.json, then let pnpm install rewrite the lockfile.Forbidden: invoking python3, python, node, or any one-off interpreter to read, parse, or print file contents. Also forbidden: cat <file> | python3 -c "..." pipelines. If you catch yourself writing one of these, stop and use the alternatives below.
Do this instead:
| Goal | Correct tool |
|---|---|
View a file (package.json, lockfile, anything) | Read |
| Extract a JSON field (e.g., version of a package) | jq '.version' path/to/package.json via Bash |
| Extract multiple fields | jq '{name, version, dependencies}' path/to/package.json |
| Trace a transitive dep | pnpm why <pkg> (inside the affected workspace) |
| Find strings across files | Grep |
jq and pnpm are guaranteed available. Python and Node are not part of this skill's toolkit — never reach for them.
Always use pnpm — never npm or yarn. This repo is pinned to pnpm 11.1.0; npm install / yarn install would corrupt the lockfile and miss the pnpm.overrides block. Applies to every command: install, audit, run, why, exec, list.