Audit Your package.json for Outdated and Vulnerable Dependencies
Running npm audit tells you about known vulnerabilities, but it doesn't tell you which outdated packages are worth updating or what breaking changes to expect. Claude can fill that gap.
Paste your package.json and ask:
Review my package.json dependencies. Flag any that:
- Have known security vulnerabilities
- Are significantly outdated and have important updates
- Are deprecated or abandoned
- Have better alternatives worth switching to
Explain why each one matters before suggesting an update.
Claude will go through your dependency list and give you a prioritised view — not just a raw list of version bumps, but context about what changed, whether the upgrade is risky, and whether you actually need the package at all.
You can also combine this with npm outdated output for a richer picture:
npm outdated --json | claude -p "Which of these upgrades are safe to do right now,
and which ones have breaking changes I should research first?"
This works for other package managers too — paste a composer.json, Gemfile, go.mod, or requirements.txt and ask the same question.
Know what you're updating and why — don't just run the upgrade script blindly.
Log in to leave a comment.
The /security-review command scans your uncommitted changes for injection vectors, auth gaps, hardcoded secrets, and other common vulnerabilities.
The SessionStart hook fires when any session begins or resumes, making it ideal for loading environment variables and running one-time setup scripts.
Ask Claude to write property-based tests for your functions using fast-check — it identifies the mathematical invariants in your code and generates tests that cover inputs you'd never enumerate by hand.