ReddRadar
Agent skill
when-mapping-dependencies-use-dependency-mapper
Comprehensive dependency mapping, analysis, and visualization tool for software projects
Install this agent skill to your Project
npx add-skill https://github.com/aiskillstore/marketplace/tree/main/skills/dnyoussef/when-mapping-dependencies-use-dependency-mapper
SKILL.md
Dependency Mapper Skill
Overview
When mapping dependencies, use dependency-mapper to extract, analyze, visualize, and audit dependency trees across multiple package managers (npm, pip, cargo, maven, go.mod).
MECE Breakdown
Mutually Exclusive Components:
- Extraction Phase: Parse lock files and manifests
- Analysis Phase: Build dependency graph and detect issues
- Security Phase: Audit for vulnerabilities
- Visualization Phase: Generate interactive dependency graphs
- Reporting Phase: Create actionable recommendations
Collectively Exhaustive Coverage:
- All major package managers (npm, pip, cargo, maven, go)
- Direct and transitive dependencies
- Circular dependency detection
- License compliance checking
- Security vulnerability scanning
- Outdated package detection
- Duplicate dependency identification
Features
Core Capabilities:
- Multi-language dependency extraction
- Dependency graph construction
- Circular dependency detection
- Security vulnerability scanning
- License compliance auditing
- Outdated package detection
- Interactive visualization generation
- Dependency optimization recommendations
Supported Package Managers:
- JavaScript/Node: npm, yarn, pnpm
- Python: pip, poetry, pipenv
- Rust: cargo
- Java: maven, gradle
- Go: go.mod
- Ruby: bundler
- PHP: composer
- C#: nuget
Usage
Slash Command:
/dep-map [path] [--format json|html|svg] [--security] [--circular] [--outdated]
Subagent Invocation:
Task("Dependency Mapper", "Analyze dependencies for ./project with security audit", "code-analyzer")
MCP Tool:
mcp__dependency-mapper__analyze({
project_path: "./project",
include_security: true,
detect_circular: true,
visualization_format: "html"
})
Architecture
Phase 1: Discovery
- Detect project type and package manager
- Locate manifest and lock files
- Parse dependency declarations
Phase 2: Extraction
- Extract direct dependencies
- Resolve transitive dependencies
- Build dependency tree structure
Phase 3: Analysis
- Detect circular dependencies
- Identify duplicate dependencies
- Check for outdated packages
- Analyze dependency depth
Phase 4: Security
- Query vulnerability databases
- Check license compliance
- Identify supply chain risks
- Generate security scores
Phase 5: Visualization
- Generate graph data structure
- Create interactive HTML visualization
- Export SVG/PNG diagrams
- Generate dependency reports
Output Formats
JSON Report:
{
"project": "my-app",
"package_manager": "npm",
"total_dependencies": 847,
"direct_dependencies": 23,
"vulnerabilities": {
"critical": 0,
"high": 2,
"medium": 5,
"low": 12
},
"circular_dependencies": [],
"outdated_packages": 15,
"license_issues": 0,
"dependency_tree": {...}
}
HTML Visualization:
Interactive D3.js graph with:
- Zoomable dependency tree
- Vulnerability highlighting
- Circular dependency paths
- Click-to-expand nodes
- Search and filter capabilities
SVG/PNG Export:
Static GraphViz-generated diagrams
Examples
Example 1: Basic Analysis
/dep-map ./my-project
Example 2: Security-Focused Audit
/dep-map ./my-project --security --format json
Example 3: Circular Dependency Detection
/dep-map ./my-project --circular --visualization svg
Example 4: Full Comprehensive Analysis
/dep-map ./my-project --security --circular --outdated --format html
Integration with Claude-Flow
Coordination Pattern:
// Step 1: Initialize swarm for complex analysis
mcp__claude-flow__swarm_init({ topology: "hierarchical", maxAgents: 4 })
// Step 2: Spawn agents via Claude Code Task tool
[Parallel Execution]:
Task("Dependency Extractor", "Extract all dependencies from package.json and package-lock.json", "code-analyzer")
Task("Security Auditor", "Run npm audit and cross-reference CVE databases", "security-manager")
Task("Graph Builder", "Construct dependency graph and detect circular deps", "code-analyzer")
Task("Visualization Generator", "Create interactive HTML dependency graph", "coder")
Configuration
Default Settings:
{
"max_depth": 10,
"include_dev_dependencies": true,
"security_scan_enabled": true,
"circular_detection_enabled": true,
"license_check_enabled": true,
"outdated_check_enabled": true,
"visualization_default_format": "html",
"cache_results": true,
"cache_ttl": 3600
}
Performance Considerations
- Caching: Results cached for 1 hour by default
- Parallel Processing: Multiple package managers analyzed concurrently
- Incremental Analysis: Only re-analyze changed dependencies
- Lazy Loading: Visualization loads nodes on-demand for large graphs
Error Handling
- Graceful degradation if package manager unavailable
- Fallback to partial analysis if network issues
- Clear error messages for invalid project structures
- Retry logic for transient failures
Best Practices
- Run dependency mapping before major releases
- Integrate into CI/CD pipelines for automated auditing
- Set up alerts for critical vulnerabilities
- Review circular dependencies regularly
- Keep dependency depth shallow (< 5 levels)
- Audit licenses for compliance requirements
- Update outdated packages incrementally
Troubleshooting
Issue: No dependencies found
Solution: Ensure lock files are present (package-lock.json, yarn.lock, etc.)
Issue: Visualization too large to render
Solution: Use --max-depth 5 to limit tree depth
Issue: Security scan taking too long
Solution: Use cached results or run offline mode
See Also
- PROCESS.md - Detailed step-by-step workflow
- README.md - Quick start guide
- subagent-dependency-mapper.md - Agent implementation details
- slash-command-dep-map.sh - Command-line interface
- mcp-dependency-mapper.json - MCP tool schema
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
aiskillstore/marketplace
perigon-backend
Perigon ASP.NET Core + EF Core + Aspire conventions
aiskillstore/marketplace
perigon-agent
Pointers for Copilot/agents to apply Perigon conventions
aiskillstore/marketplace
perigon-angular
Angular 21+ standalone/Material/signal conventions for Perigon WebApp
aiskillstore/marketplace
fastapi-mastery
Comprehensive FastAPI development skill covering REST API creation, routing, request/response handling, validation, authentication, database integration, middleware, and deployment. Use when working with FastAPI projects, building APIs, implementing CRUD operations, setting up authentication/authorization, integrating databases (SQL/NoSQL), adding middleware, handling WebSockets, or deploying FastAPI applications. Triggered by requests involving .py files with FastAPI code, API endpoint creation, Pydantic models, or FastAPI-specific features.
aiskillstore/marketplace
context7-efficient
Token-efficient library documentation fetcher using Context7 MCP with 86.8% token savings through intelligent shell pipeline filtering. Fetches code examples, API references, and best practices for JavaScript, Python, Go, Rust, and other libraries. Use when users ask about library documentation, need code examples, want API usage patterns, are learning a new framework, need syntax reference, or troubleshooting with library-specific information. Triggers include questions like "Show me React hooks", "How do I use Prisma", "What's the Next.js routing syntax", or any request for library/framework documentation.
aiskillstore/marketplace
browser-use
Browser automation using Playwright MCP. Navigate websites, fill forms, click elements, take screenshots, and extract data. Use when tasks require web browsing, form submission, web scraping, UI testing, or any browser interaction.
Didn't find tool you were looking for?