--- name: dependency-scanner description: Scan for outdated packages, security vulnerabilities, and available updates across all projects. Supports npm, Go modules, Python pip, and Docker images. --- # Dependency Scanner Skill Proactively identify outdated dependencies and security vulnerabilities. ## Scan Types ### 1. NPM/Node.js ```bash # Check outdated packages npm outdated --json # Security audit npm audit --json # Update check npx npm-check-updates ``` ### 2. Go Modules ```bash # List outdated go list -u -m all # Check vulnerabilities govulncheck ./... # Update all go get -u ./... ``` ### 3. Python/Pip ```bash # Check outdated pip list --outdated --format=json # Security check pip-audit # Safety check safety check ``` ### 4. Docker Images ```bash # Check for updates docker images --format '{{.Repository}}:{{.Tag}}' | while read img; do # Compare with registry docker pull $img --dry-run 2>/dev/null done # Vulnerability scan docker scout cves IMAGE trivy image IMAGE ``` ## Scan Report Template ``` 📦 DEPENDENCY SCAN REPORT Project: rima Scanned: 2026-01-29 19:30 UTC ┌─────────────────────────────────────────────┐ │ NPM Packages (frontend) │ ├─────────────────────────────────────────────┤ │ Outdated: 5 packages │ │ ├─ svelte: 4.2.0 → 5.0.0 (major) │ │ ├─ vite: 5.0.0 → 5.1.0 (minor) │ │ └─ tailwindcss: 3.4.0 → 3.4.1 (patch) │ │ │ │ Security: 1 vulnerability │ │ └─ postcss: high severity (CVE-2024-XXXX) │ └─────────────────────────────────────────────┘ ┌─────────────────────────────────────────────┐ │ Go Modules (backend) │ ├─────────────────────────────────────────────┤ │ Outdated: 3 packages │ │ ├─ fiber/v2: 2.51.0 → 2.52.0 │ │ ├─ gorm: 1.25.5 → 1.25.7 │ │ └─ jwt/v5: 5.1.0 → 5.2.0 │ │ │ │ Vulnerabilities: None ✅ │ └─────────────────────────────────────────────┘ ┌─────────────────────────────────────────────┐ │ Docker Images │ ├─────────────────────────────────────────────┤ │ postgres:16-alpine: Up to date ✅ │ │ redis:7-alpine: Update available (7.2.4) │ │ node:20-alpine: Update available (20.11) │ └─────────────────────────────────────────────┘ Summary: - 🔴 1 security issue (requires immediate action) - 🟡 8 outdated packages - 🟢 0 critical vulnerabilities Recommended Actions: 1. Update postcss immediately (security) 2. Consider svelte 5.0 migration (breaking changes) 3. Update redis image (minor update) ``` ## Auto-Update Rules ### Safe to Auto-Update (patch versions): - Security patches - Bug fixes - No breaking changes ### Requires Review (minor/major): - New features (minor) - Breaking changes (major) - Framework upgrades ## Integration with Proactive Mode Weekly scan (or on-demand): 1. Scan all projects 2. Categorize by severity 3. Auto-update safe patches 4. Create report for review items 5. Alert on security issues ## CVE Database Check against: - NVD (National Vulnerability Database) - GitHub Advisory Database - Snyk Vulnerability DB - OSV (Open Source Vulnerabilities) ## Scheduled Scans ```cron # Weekly full scan (Sunday 3am) 0 3 * * 0 /scripts/dependency-scan.sh --full # Daily security check (6am) 0 6 * * * /scripts/dependency-scan.sh --security-only ```