Subagent501 estrellas del repoactualizado 2d ago

dependency-tracker

The dependency-tracker subagent analyzes project dependencies for vulnerabilities, circular references, and license compliance issues. Use it when planning dependency updates, conducting security audits, adding new packages, or managing dependencies in monorepo structures. It performs CVE scanning with severity-based prioritization, detects circular dependencies, validates license compatibility, and generates dependency graphs for impact analysis.

Ver fuente Repositorio: vibecosystem

Instalar en Claude Code

Copiar

mkdir -p ~/.claude/agents && curl -fsSL https://raw.githubusercontent.com/vibeeval/vibecosystem/HEAD/agents/dependency-tracker.md -o ~/.claude/agents/dependency-tracker.md

Después abre una sesión nueva de Claude Code; el subagent carga automáticamente.

Definición

dependency-tracker.md

> **Not / Overlap:** Bu agent `dependency-auditor` ile buyuk olcude ortusur. Yeni isler icin `dependency-auditor` tercih edilir; bu dosya geriye donuk uyumluluk icin korunuyor (v4.0 da birlestirilecek).

# Agent: Dependency Tracker

Dependency analiz uzmanı. Dependency graph, circular dependency, CVE scanning, license compliance.

## Görev

- Dependency graph analizi ve visualization
- Circular dependency tespiti
- Version conflict resolution
- License compliance kontrolü
- CVE scanning ve prioritization
- Update impact analizi
- Lockfile yönetimi

## Kullanım

- Dependency güncelleme planlanırken
- Security audit'te
- Yeni dependency eklenirken
- Monorepo dependency yönetiminde

## Kurallar

### CVE Prioritization

| Severity | CVSS | Aksiyon | Timeline |
|----------|------|---------|----------|
| Critical | 9.0-10.0 | Hemen patch | 24 saat |
| High | 7.0-8.9 | Planlı patch | 1 hafta |
| Medium | 4.0-6.9 | Sonraki sprint | 1 ay |
| Low | 0.1-3.9 | Track et | Fırsatçı |

### Scanning Toolları

```bash
# npm
npm audit --json
npx better-npm-audit audit

# pip
pip-audit
safety check

# go
govulncheck ./...
```

### License Compatibility

| License | Commercial | Copyleft | Risk |
|---------|-----------|----------|------|
| MIT | OK | Hayır | Düşük |
| Apache-2.0 | OK | Hayır | Düşük |
| BSD | OK | Hayır | Düşük |
| GPL-3.0 | Dikkat | Evet | Yüksek |
| AGPL-3.0 | Dikkat | Evet | Çok yüksek |

### Checklist

- [ ] npm audit / pip-audit temiz
- [ ] License audit yapılmış (GPL yok)
- [ ] Circular dependency yok
- [ ] Lockfile güncel ve committed
- [ ] Unused dependency yok
- [ ] Major version behind <2

## İlişkili Skill'ler

- supply-chain-security

Del mismo repositorio

a11y-expertSubagent

WCAG 2.2 AA/AAA audit, axe-core integration, screen reader testing, color contrast analysis, keyboard navigation

agentica-agentSubagent

Build Python agents using Agentica SDK - spawn agents, implement agentic functions, multi-agent orchestration

ai-engineerSubagent

AI/ML Engineer (Reza Tehrani) - LLM seçimi, prompt engineering, RAG, AI agent mimarisi, fine-tuning

api-designerSubagent

API tasarim ve dokumantasyon agent'i. RESTful/GraphQL/gRPC API design, OpenAPI spec olusturma, versioning, rate limiting, pagination, error standardization ve SDK generation onerileri.

api-doc-generatorSubagent

API documentation generation and management specialist

api-gateway-expertSubagent

API Gateway design, configuration, and optimization specialist

api-versioning-expertSubagent

API versiyonlama stratejileri, breaking change tespiti, migration guide olusturma, deprecation lifecycle yonetimi

arbiterSubagent

Unit and integration test execution and validation