Back to Details

analyzing-dependencies

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Dependency Checker

Dependency Checker

This skill provides automated assistance for dependency checker tasks.
本技能为依赖项检查任务提供自动化辅助。

Overview

概述

This skill empowers Claude to automatically analyze your project's dependencies for security vulnerabilities, outdated packages, and license compliance issues. It uses the dependency-checker plugin to identify potential risks and provides insights for remediation.
本技能使Claude能够自动分析项目依赖项中的安全漏洞、过时包以及许可证合规性问题。它使用dependency-checker插件识别潜在风险,并提供修复建议。

How It Works

工作原理

  1. Detecting Package Manager: The skill identifies the relevant package manager (npm, pip, composer, gem, go modules) based on the presence of manifest files (e.g., package.json, requirements.txt, composer.json).
  2. Scanning Dependencies: The skill utilizes the dependency-checker plugin to scan the identified dependencies against known vulnerability databases (CVEs), outdated package lists, and license information.
  3. Generating Report: The skill presents a comprehensive report summarizing the findings, including vulnerability summaries, detailed vulnerability information, outdated packages with recommended updates, and license compliance issues.
  1. 检测包管理器:技能会根据清单文件(如package.json、requirements.txt、composer.json)的存在,识别对应的包管理器(npm、pip、composer、gem、Go Modules)。
  2. 扫描依赖项:技能利用dependency-checker插件,对照已知漏洞数据库(CVE)、过时包列表和许可证信息,对识别出的依赖项进行扫描。
  3. 生成报告:技能会生成一份全面的报告,总结扫描结果,包括漏洞摘要、详细漏洞信息、带有推荐更新版本的过时包,以及许可证合规性问题。

When to Use This Skill

使用场景

This skill activates when you need to:
  • Check a project for known security vulnerabilities in its dependencies.
  • Identify outdated packages that may contain security flaws or performance issues.
  • Ensure that the project's dependencies comply with licensing requirements.
当你需要以下操作时,可使用本技能:
  • 检查项目依赖项中的已知安全漏洞。
  • 识别可能存在安全缺陷或性能问题的过时包。
  • 确保项目依赖项符合许可证要求。

Examples

示例

Example 1: Identifying Vulnerabilities Before Deployment

示例1:部署前识别漏洞

User request: "Check dependencies for vulnerabilities before deploying to production."
The skill will:
  1. Detect the relevant package manager (e.g., npm).
  2. Scan the project's dependencies for known vulnerabilities using the dependency-checker plugin.
  3. Generate a report highlighting any identified vulnerabilities, their severity, and recommended fixes.
用户请求:"在部署到生产环境前检查依赖项的漏洞。"
技能将:
  1. 识别对应的包管理器(如npm)。
  2. 使用dependency-checker插件扫描项目依赖项中的已知漏洞。
  3. 生成报告,突出显示已识别的漏洞、其严重程度以及推荐的修复方案。

Example 2: Updating Outdated Packages

示例2:更新过时包

User request: "Scan for outdated packages and suggest updates."
The skill will:
  1. Detect the relevant package manager (e.g., pip).
  2. Scan the project's dependencies for outdated packages.
  3. Generate a report listing the outdated packages and their available updates, including major, minor, and patch releases.
用户请求:"扫描过时包并建议更新。"
技能将:
  1. 识别对应的包管理器(如pip)。
  2. 扫描项目依赖项中的过时包。
  3. 生成报告,列出过时包及其可用更新版本,包括主版本、次版本和补丁版本。

Best Practices

最佳实践

  • Regular Scanning: Schedule dependency checks regularly (e.g., weekly or monthly) to stay informed about new vulnerabilities and updates.
  • Pre-Deployment Checks: Always run a dependency check before deploying any code to production to prevent introducing vulnerable dependencies.
  • Review and Remediation: Carefully review the generated reports and take appropriate action to remediate identified vulnerabilities and update outdated packages.
  • 定期扫描:定期安排依赖项检查(如每周或每月),以便及时了解新出现的漏洞和更新。
  • 部署前检查:在将任何代码部署到生产环境前,务必运行依赖项检查,防止引入存在漏洞的依赖项。
  • 审查与修复:仔细审查生成的报告,并采取适当措施修复已识别的漏洞,更新过时包。

Integration

集成

This skill seamlessly integrates with other Claude Code tools, allowing you to use the identified vulnerabilities to guide further actions, such as automatically creating pull requests to update dependencies or generating security reports for compliance purposes.
本技能可与其他Claude Code工具无缝集成,你可以利用识别出的漏洞指导后续操作,例如自动创建拉取请求以更新依赖项,或生成合规性所需的安全报告。

Prerequisites

前提条件

  • Access to codebase and configuration files in {baseDir}/
  • Security scanning tools installed as needed
  • Understanding of security standards and best practices
  • Permissions for security analysis operations
  • 能够访问{baseDir}/下的代码库和配置文件
  • 已安装所需的安全扫描工具
  • 了解安全标准和最佳实践
  • 拥有安全分析操作的权限

Instructions

操作步骤

  1. Identify security scan scope and targets
  2. Configure scanning parameters and thresholds
  3. Execute security analysis systematically
  4. Analyze findings for vulnerabilities and compliance gaps
  5. Prioritize issues by severity and impact
  6. Generate detailed security report with remediation steps
  1. 确定安全扫描的范围和目标
  2. 配置扫描参数和阈值
  3. 系统地执行安全分析
  4. 分析扫描结果中的漏洞和合规性差距
  5. 根据严重程度和影响优先级处理问题
  6. 生成包含修复步骤的详细安全报告

Output

输出内容

  • Security scan results with vulnerability details
  • Compliance status reports by standard
  • Prioritized list of security issues by severity
  • Remediation recommendations with code examples
  • Executive summary for stakeholders
  • 包含漏洞详情的安全扫描结果
  • 按标准分类的合规性状态报告
  • 按严重程度排序的安全问题优先级列表
  • 附带代码示例的修复建议
  • 面向利益相关者的执行摘要

Error Handling

错误处理

If security scanning fails:
  • Verify tool installation and configuration
  • Check file and directory permissions
  • Validate scan target paths
  • Review tool-specific error messages
  • Ensure network access for dependency checks
如果安全扫描失败:
  • 验证工具的安装和配置
  • 检查文件和目录权限
  • 验证扫描目标路径
  • 查看工具特定的错误消息
  • 确保依赖项检查所需的网络访问权限

Resources

参考资源

  • Security standard documentation (OWASP, CWE, CVE)
  • Compliance framework guidelines (GDPR, HIPAA, PCI-DSS)
  • Security scanning tool documentation
  • Vulnerability remediation best practices
  • 安全标准文档(OWASP、CWE、CVE)
  • 合规框架指南(GDPR、HIPAA、PCI-DSS)
  • 安全扫描工具文档
  • 漏洞修复最佳实践