safer-dependencies
Newsafer-dependencies is a security layer for Claude Code that audits packages before they’re added to your project. It detects and fixes risky dependencies, including CVEs, typosquats, abandoned packages, version-age issues, and adds package-cooldown violations across npm, PyPI, RubyGems, Maven, Go, and Rust.
Summary
safer-dependencies is a security layer for Claude Code that audits packages before they are added to your project.
- It detects and fixes risky dependencies, including CVEs, typosquats, abandoned packages, version-age issues, and package-cooldown violations across npm, PyPI, RubyGems, Maven, Go, and Rust.
- This skill helps developers proactively prevent supply chain attacks and maintain a healthy dependency tree.
Install & Usage
mkdir -p .claude/skillsAdd the configuration to .claude/skills/safer-dependencies.md
/safer-dependenciesUse Cases
Usage Examples
/safer-dependencies check [email protected]
Audit the package requests for typosquats and CVEs before adding it to requirements.txt.
/safer-dependencies scan --ecosystem rust
Security Audits
Frequently Asked Questions
What is safer-dependencies?
safer-dependencies is a security layer for Claude Code that audits packages before they are added to your project. It detects and fixes risky dependencies, including CVEs, typosquats, abandoned packages, version-age issues, and package-cooldown violations across npm, PyPI, RubyGems, Maven, Go, and Rust. This skill helps developers proactively prevent supply chain attacks and maintain a healthy dependency tree.
How to install safer-dependencies?
To install safer-dependencies: create the skills directory (mkdir -p .claude/skills), then add the config to .claude/skills/safer-dependencies.md. Finally, /safer-dependencies in Claude Code.
What is safer-dependencies best for?
safer-dependencies is a other categorized under General. It is designed for: security, rust. Created by robert-auger.
What can I use safer-dependencies for?
safer-dependencies is useful for: Audit a new npm package for known CVEs and typosquatting before adding it to your project.; Check if a proposed PyPI dependency is abandoned or has version-age issues.; Scan your existing Rust project for packages that violate a cooldown policy.; Prevent adding a RubyGem that is a known typosquat of a popular library.; Evaluate a Maven dependency for security vulnerabilities and license risks.; Review a Go module for outdated or deprecated packages before upgrading..