Initial commit from template
This commit is contained in:
Lumina
114
.claude/skills/dependency-scanner/SKILL.md
Normal file
114
.claude/skills/dependency-scanner/SKILL.md
Normal file
@@ -0,0 +1,114 @@
|
||||
---
|
||||
name: dependency-scanner
|
||||
description: Scannt npm Dependencies auf bekannte Sicherheitsluecken und veraltete Pakete. Nutze diesen Skill nach npm install, bei neuen Dependencies, oder wenn der User nach "vulnerabilities", "outdated", "npm audit", "dependency check", "pakete pruefen", "sicherheitsluecken" fragt. Gibt Ergebnisse zurueck die im Chat angezeigt werden.
|
||||
---
|
||||
|
||||
# Dependency Security Scanner
|
||||
|
||||
Scannt npm/pnpm Dependencies auf Sicherheitsluecken und veraltete Pakete.
|
||||
|
||||
## Automatische Ausfuehrung
|
||||
|
||||
Fuehre diesen Scan aus:
|
||||
1. Nach `npm install` oder `pnpm install`
|
||||
2. Bei neuen Dependencies in package.json
|
||||
3. Regelmaessig als Security Check
|
||||
|
||||
## Scripts
|
||||
|
||||
### Vollstaendiger Scan
|
||||
```bash
|
||||
bash scan-deps.sh
|
||||
```
|
||||
|
||||
### Nur Audit (Vulnerabilities)
|
||||
```bash
|
||||
bash audit.sh
|
||||
```
|
||||
|
||||
### Veraltete Pakete pruefen
|
||||
```bash
|
||||
bash check-outdated.sh
|
||||
```
|
||||
|
||||
### Automatisch fixen
|
||||
```bash
|
||||
bash fix-vulnerabilities.sh
|
||||
```
|
||||
|
||||
## Scan Ablauf
|
||||
|
||||
### 1. npm audit durchfuehren
|
||||
```bash
|
||||
# Mit pnpm
|
||||
pnpm audit --json
|
||||
|
||||
# Mit npm
|
||||
npm audit --json
|
||||
```
|
||||
|
||||
### 2. Veraltete Pakete pruefen
|
||||
```bash
|
||||
# Mit pnpm
|
||||
pnpm outdated --json
|
||||
|
||||
# Mit npm
|
||||
npm outdated --json
|
||||
```
|
||||
|
||||
### 3. License Check (optional)
|
||||
```bash
|
||||
npx license-checker --summary
|
||||
```
|
||||
|
||||
## Report Format fuer Chat
|
||||
|
||||
Gib das Ergebnis in diesem Format zurueck:
|
||||
|
||||
```markdown
|
||||
## Dependency Security Report
|
||||
|
||||
**Scan Datum**: [timestamp]
|
||||
**Pakete geprueft**: [count]
|
||||
|
||||
### Vulnerabilities
|
||||
|
||||
| Severity | Count |
|
||||
|----------|-------|
|
||||
| Critical | 0 |
|
||||
| High | 2 |
|
||||
| Moderate | 5 |
|
||||
| Low | 3 |
|
||||
|
||||
### Kritische Issues
|
||||
|
||||
1. **lodash** (4.17.15) - Prototype Pollution
|
||||
- Fix: `pnpm update lodash`
|
||||
|
||||
2. **axios** (0.21.0) - SSRF Vulnerability
|
||||
- Fix: `pnpm update axios`
|
||||
|
||||
### Veraltete Pakete
|
||||
|
||||
| Paket | Aktuell | Neueste | Typ |
|
||||
|-------|---------|---------|-----|
|
||||
| react | 18.2.0 | 19.0.0 | major |
|
||||
| next | 14.0.0 | 15.1.0 | major |
|
||||
|
||||
### Empfehlungen
|
||||
|
||||
1. **Sofort**: Kritische Vulnerabilities fixen
|
||||
2. **Diese Woche**: High Severity fixen
|
||||
3. **Geplant**: Major Updates evaluieren
|
||||
|
||||
### Automatischer Fix
|
||||
|
||||
Fuehre aus: `pnpm audit fix` oder `bash fix-vulnerabilities.sh`
|
||||
```
|
||||
|
||||
## Wichtig
|
||||
|
||||
- Zeige Ergebnisse IMMER im Chat an
|
||||
- Bei kritischen Vulnerabilities: Warnung hervorheben
|
||||
- Schlage konkrete Fix-Befehle vor
|
||||
- Bei Major Updates: Changelog verlinken
|
||||
Reference in New Issue
Block a user