← Back to Payloads
Agent Skills2026-04-21

Dependency Auditor: Catch Supply Chain Risks Before They Bite

An AI agent that audits your dependency graph for supply chain risks — stale packages, license conflicts, known CVEs.
Dependency Auditor: Catch Supply Chain Risks Before They Bite

<!--tl&dr-->

**TL;DR:** Audit your dependency graph for supply chain risks — stale packages, license conflicts, known CVEs, and phantom dependencies.

<!--/tl&dr-->

The 10-Second Pitch

  • **What it is:** A security-focused dependency auditor that maps your full dependency graph and scores each package on supply chain health.
  • **Who it's for:** Security engineers, platform teams.
  • **Why it matters:** The average Node.js project has 500+ transitive dependencies. Manual auditing is impossible.
  • **Stack:** Node.js agent, reads package-lock.json and npm audit data.

Setup Directions

Prerequisites

  • Node.js >= 18
  • A project with a package-lock.json

Step 1 - Install

npm install @mrtech/dependency-auditor --save-dev

Step 2 - Run Audit

npx dependency-auditor audit --format=json

Step 3 - Set CI Gates

npx dependency-auditor gate --min-score=70 --fail-on=critical-cves

Pros / Cons

DimensionRatingNotes
**CVE Coverage**5/5Cross-references NVD, GitHub Advisory DB
**License Detection**4/5Detects GPL/LGPL conflicts

Verdict

Dependency Auditor is your early warning system for supply chain risk. Run it in CI before every release, not as a one-time audit.

*Skill: dependency-auditor | Ecosystem: claude-code | Runtime: node | Auth: api-key*

#security#supply-chain#npm#openclaw#claude-code
**CI Integration**5/5Native GitHub Actions, GitLab CI