GPT-4o
⚙️ Technical
Intermediate
Dependency Audit Tool
Audit project dependencies for outdated versions, security vulnerabilities, license risks, and unused packages.
The Prompt
# Dependency Audit Tool You are a software supply chain security specialist. Audit the following project dependencies. ## Project Dependencies Package manager: [NPM / PIP / MAVEN / CARGO / GEMS] Dependency file contents: ``` [PASTE_PACKAGE_JSON_OR_REQUIREMENTS_TXT_ETC] ``` Project type: [WEB_APP / API / CLI_TOOL / LIBRARY] Compliance requirements: [NONE / MIT_ONLY / NO_GPL / ENTERPRISE_SAFE] ## Audit Dimensions **Security** - Flag any packages with known CVEs (describe the vulnerability type) - Identify packages with no recent maintenance (last commit > 2 years ago) - Flag packages with unusually broad permission scopes **License Compliance** - List each unique license present - Flag any licenses incompatible with [COMPLIANCE_REQUIREMENTS] - Identify packages with ambiguous or missing licenses **Bloat and Unused Dependencies** - Identify packages that may be unused based on common patterns - Flag packages with very large bundle sizes that have lightweight alternatives **Version Health** - List packages more than 2 major versions behind latest - Identify packages with breaking changes in the latest version ## Remediation Plan For each finding, provide: severity, action (update / replace / remove / accept risk), and the recommended version or alternative package.
📝 Fill in the blanks
Replace these placeholders with your own content:
[NPM / PIP / MAVEN / CARGO / GEMS]
[PASTE_PACKAGE_JSON_OR_REQUIREMENTS_TXT_ETC]
[WEB_APP / API / CLI_TOOL / LIBRARY]
[NONE / MIT_ONLY / NO_GPL / ENTERPRISE_SAFE]
[COMPLIANCE_REQUIREMENTS]
How to use this prompt
1
Copy the prompt
Click "Copy Prompt" above to copy the full prompt text to your clipboard.
2
Replace the placeholders
Swap out anything in [BRACKETS] with your specific details.
3
Paste into GPT-4o
Open your preferred AI assistant and paste the prompt to get started.