dependency-check
Scan project dependencies for known vulnerabilities and CVEs
Best for CI pipelinesWorks with GitHubLow risk
⌘source
- author
@ruvnet- repo
- ruvnet/ruflo
- language
- TypeScript
★46kstars
5.1kforks
May 5, 2026
✦overview.md
Key Features
- ·Scan dependencies for CVEs
- ·Audit with severity actions
- ·Auto-fix command available
- ·Continuous monitoring via MCP
Use Cases
- →Check for vulnerabilities before a deployment
- →Automate dependency audits in CI pipeline
- →Prioritize fixes based on severity levels
- →Track low-severity issues in backlog
Best for
- ✓CI pipelines
- ✓release teams
- ✓security audits
Not ideal for
- !non-npm projects
- !one-off scripts without dependencies
FAQs
name
dependency-check
description
Scan project dependencies for known vulnerabilities and CVEs
argument-hint:[--path PATH]
allowed-tools:Bash(npx * npm *) mcp__claude-flow__memory_store Read
Check dependencies for CVEs and outdated packages:
npx @claude-flow/cli@latest security cve --check
npx @claude-flow/cli@latest security audit --include-dev
npm audit --json
| Severity | Action |
|---|---|
| critical | Block deployment, fix immediately |
| high | Fix before next release |
| moderate | Schedule fix within sprint |
| low | Track in backlog |
Auto-fix: npx @claude-flow/cli@latest security cve --fix
For continuous monitoring, dispatch via MCP:
mcp__claude-flow__hooks_worker-dispatch({ trigger: "audit" })
$install
1-click copynpx skills add ruvnet/ruflo --skill dependency-checkSafety assessment
★
Clarity score
How clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
4/ 5
very goodClear and well structured, with only minor parts that might need a second read.
◎
Actionability score
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
4/ 5
highMostly actionable with clear steps; only a few small gaps remain.