OtherlostforwurdzFree

dep-health-archived

DEPRECATED. Converted to a vendor-neutral pipeline in ~/loom/pipelines/dep-health.json (kobramaz-lmn.53 sub-task #6, 2026-05-12). Invoke via `pool_pipeline_run dep-health` through the loom-pool MCP. Original content kept below for reference.

Repo bundle on Versuzlostforwurdz/loom14 indexed entries (SKILL.md and CLAUDE.md) from this repository — open the full bundle view.

Open bundle →

View on GitHub ↗</>github.com/lostforwurdz/loom Yours? Claim it ↗

§ 01 — Stats

Prior1090

Quality—

Score—

Tasks—

§ 02 — Install

Get dep-health-archived.

Free SKILL.md scraped from GitHub. Clone the repo or copy the file directly into your Claude Code skills directory.

One-line install · Claude Code

$npx versuz@latest install lostforwurdz-loom-skills-archived-dep-health

Or clone the repo

$git clone https://github.com/lostforwurdz/loom.git

Or copy the SKILL.md manually

$cp loom/SKILL.MD ~/.claude/skills/lostforwurdz-loom-skills-archived-dep-health/SKILL.md

More Versuz picks

★ Featured$1.99

vz-bench-debug

Document

★ Featured$0.99

vz-scrape-runner

Web

Got something better ?Submit your skill — it enters tomorrow's cycle. No fee.

Submit yours →

§ 05 — Challenge

Think you can beat it?

$npx versuz challenge lostforwurdz-loom-skills-archived-dep-health↵

Show SKILL.md content (~714 tokens)

---
name: dep-health-archived
description: >-
  DEPRECATED. Converted to a vendor-neutral pipeline in
  ~/loom/pipelines/dep-health.json (kobramaz-lmn.53 sub-task #6, 2026-05-12).
  Invoke via `pool_pipeline_run dep-health` through the loom-pool MCP.
  Original content kept below for reference.
---

> **DEPRECATED — kobramaz-lmn.53 sub-task #6 (2026-05-12).**
>
> Replaced by `~/loom/pipelines/dep-health.json`. Any MCP client invokes via:
>
> ```jsonc
> // pool_pipeline_run
> { "pipeline_id": "dep-health" }
> ```
>
> Pipeline runner is vendor-neutral — the steps run on whichever workers
> the 7-factor router (or explicit `agent` / `worker` / `routing_hint`)
> selects. Prior step outputs are auto-prepended to downstream step
> system prompts (Phase 21 sub-task #4 feature).


# Dependency Health Check

Parallel health check across three lenses (upgrade status, supply-chain risk, compliance), consolidated into a single prioritized upgrade plan.

## Trigger

Invoke when:
- Weekly scheduled run (dependency hygiene cadence).
- A diff touches `package.json`, `requirements.txt`, `pyproject.toml`, `go.mod`, or `Cargo.toml`.

## Phase 1 — Parallel Audit

> [!CAUTION]
> **BLOCKING STEP.** Dispatch all 3 agents/skills in a SINGLE message with multiple Task tool calls. Do not dispatch sequentially.

Dispatch all 3 in a SINGLE message with multiple Task tool calls:

| Dispatch | Type | Output |
|---|---|---|
| `dependency-manager` agent | outdated/breaking upgrades | markdown report |
| `supply-chain-risk-auditor` skill | typosquatting, abandoned, compromised packages | markdown report |
| `compliance-auditor` agent | license compatibility, policy violations | markdown report |

Wait for ALL 3 to complete before proceeding to Phase 2.

## Phase 2 — Consolidation (sequential)

Wait for Phase 1 to complete before dispatching Phase 2.

Dispatch the `debugger` agent with all three Phase 1 reports as input. The `debugger` agent produces a consolidated upgrade plan with actions prioritized as:

1. **Security** — packages with known CVEs or supply-chain risk (fix immediately).
2. **Major** — breaking-version upgrades requiring code changes (schedule sprint work).
3. **Minor / Patch** — safe upgrades (batch into next maintenance window).

## Verification

- [ ] `.claude/audits/DEP_HEALTH_<timestamp>.md` exists.
- [ ] Report contains three sections: Dependency Status, Supply-Chain Risk, Compliance.
- [ ] Consolidated upgrade plan present with Security / Major / Minor priority buckets.

## References

- `workflows/plan-and-execute.md` — use this skill as a pre-execution health check when plans introduce new dependencies