Is Dependency Audit safe to copy into my own project?

Yes, under the MIT licence. It's an original — Bryan Collins published it under MIT, so attribution-plus-commercial-use is fine.

SolidMITOriginal

Dependency Audit

Checks every dependency's licence — flags GPL contamination, commercial-incompatible licences, missing attribution.

Entry verified April 20, 2026

The short answer

The dependency sweep most projects never do. Flags licences that force your whole project to go GPL, or require attribution you haven't given, or are outright banned in commercial use.

When to use it

Before every major release. When adding new dependencies. Quarterly on active projects.

Setup

1
Save as ~/.claude/skills/dep-audit.md.
2
Uses npm ls / pip show / cargo tree to enumerate deps.
3
Cross-references with a licence-compatibility matrix.

Example

You: /dep-audit
Claude: 247 deps. 2 flagged: react-awesome-reveal (MIT ✓), lodash (MIT ✓)... one CC BY-NC-SA (usable but triggers attribution requirement — add to credits).

Source & attribution

Author: Bryan Collins
Licence: MIT
Type: Original

Original pattern published under MIT — attribution preserved by convention, not licence requirement.

Caveats

Licence detection is heuristic — read the LICENSE file for anything novel or suspect.

Related skills

Legal Sweep

Audits a site for a legal disclaimer page + footer link; creates and wires up if missing.

Security Audit

Sweeps a repo for OWASP-top-10 issues, hardcoded secrets, insecure dependencies, and auth logic gaps.

Browse more skills

47 skills across 10 categories, all licence-verified.

Back to catalogue More in Legal & compliance