when-mapping-dependencies-use-dependency-mapper
About
This skill provides comprehensive dependency mapping, analysis, and visualization for software projects across multiple package managers. It extracts dependency trees, detects issues, audits for security vulnerabilities, and generates visual graphs. Use it when you need to understand, analyze, or visualize your project's dependency relationships and security posture.
Documentation
Dependency Mapper Skill
Overview
When mapping dependencies, use dependency-mapper to extract, analyze, visualize, and audit dependency trees across multiple package managers (npm, pip, cargo, maven, go.mod).
MECE Breakdown
Mutually Exclusive Components:
- Extraction Phase: Parse lock files and manifests
- Analysis Phase: Build dependency graph and detect issues
- Security Phase: Audit for vulnerabilities
- Visualization Phase: Generate interactive dependency graphs
- Reporting Phase: Create actionable recommendations
Collectively Exhaustive Coverage:
- All major package managers (npm, pip, cargo, maven, go)
- Direct and transitive dependencies
- Circular dependency detection
- License compliance checking
- Security vulnerability scanning
- Outdated package detection
- Duplicate dependency identification
Features
Core Capabilities:
- Multi-language dependency extraction
- Dependency graph construction
- Circular dependency detection
- Security vulnerability scanning
- License compliance auditing
- Outdated package detection
- Interactive visualization generation
- Dependency optimization recommendations
Supported Package Managers:
- JavaScript/Node: npm, yarn, pnpm
- Python: pip, poetry, pipenv
- Rust: cargo
- Java: maven, gradle
- Go: go.mod
- Ruby: bundler
- PHP: composer
- C#: nuget
Usage
Slash Command:
/dep-map [path] [--format json|html|svg] [--security] [--circular] [--outdated]
Subagent Invocation:
Task("Dependency Mapper", "Analyze dependencies for ./project with security audit", "code-analyzer")
MCP Tool:
mcp__dependency-mapper__analyze({
project_path: "./project",
include_security: true,
detect_circular: true,
visualization_format: "html"
})
Architecture
Phase 1: Discovery
- Detect project type and package manager
- Locate manifest and lock files
- Parse dependency declarations
Phase 2: Extraction
- Extract direct dependencies
- Resolve transitive dependencies
- Build dependency tree structure
Phase 3: Analysis
- Detect circular dependencies
- Identify duplicate dependencies
- Check for outdated packages
- Analyze dependency depth
Phase 4: Security
- Query vulnerability databases
- Check license compliance
- Identify supply chain risks
- Generate security scores
Phase 5: Visualization
- Generate graph data structure
- Create interactive HTML visualization
- Export SVG/PNG diagrams
- Generate dependency reports
Output Formats
JSON Report:
{
"project": "my-app",
"package_manager": "npm",
"total_dependencies": 847,
"direct_dependencies": 23,
"vulnerabilities": {
"critical": 0,
"high": 2,
"medium": 5,
"low": 12
},
"circular_dependencies": [],
"outdated_packages": 15,
"license_issues": 0,
"dependency_tree": {...}
}
HTML Visualization:
Interactive D3.js graph with:
- Zoomable dependency tree
- Vulnerability highlighting
- Circular dependency paths
- Click-to-expand nodes
- Search and filter capabilities
SVG/PNG Export:
Static GraphViz-generated diagrams
Examples
Example 1: Basic Analysis
/dep-map ./my-project
Example 2: Security-Focused Audit
/dep-map ./my-project --security --format json
Example 3: Circular Dependency Detection
/dep-map ./my-project --circular --visualization svg
Example 4: Full Comprehensive Analysis
/dep-map ./my-project --security --circular --outdated --format html
Integration with Claude-Flow
Coordination Pattern:
// Step 1: Initialize swarm for complex analysis
mcp__claude-flow__swarm_init({ topology: "hierarchical", maxAgents: 4 })
// Step 2: Spawn agents via Claude Code Task tool
[Parallel Execution]:
Task("Dependency Extractor", "Extract all dependencies from package.json and package-lock.json", "code-analyzer")
Task("Security Auditor", "Run npm audit and cross-reference CVE databases", "security-manager")
Task("Graph Builder", "Construct dependency graph and detect circular deps", "code-analyzer")
Task("Visualization Generator", "Create interactive HTML dependency graph", "coder")
Configuration
Default Settings:
{
"max_depth": 10,
"include_dev_dependencies": true,
"security_scan_enabled": true,
"circular_detection_enabled": true,
"license_check_enabled": true,
"outdated_check_enabled": true,
"visualization_default_format": "html",
"cache_results": true,
"cache_ttl": 3600
}
Performance Considerations
- Caching: Results cached for 1 hour by default
- Parallel Processing: Multiple package managers analyzed concurrently
- Incremental Analysis: Only re-analyze changed dependencies
- Lazy Loading: Visualization loads nodes on-demand for large graphs
Error Handling
- Graceful degradation if package manager unavailable
- Fallback to partial analysis if network issues
- Clear error messages for invalid project structures
- Retry logic for transient failures
Best Practices
- Run dependency mapping before major releases
- Integrate into CI/CD pipelines for automated auditing
- Set up alerts for critical vulnerabilities
- Review circular dependencies regularly
- Keep dependency depth shallow (< 5 levels)
- Audit licenses for compliance requirements
- Update outdated packages incrementally
Troubleshooting
Issue: No dependencies found
Solution: Ensure lock files are present (package-lock.json, yarn.lock, etc.)
Issue: Visualization too large to render
Solution: Use --max-depth 5 to limit tree depth
Issue: Security scan taking too long
Solution: Use cached results or run offline mode
See Also
- PROCESS.md - Detailed step-by-step workflow
- README.md - Quick start guide
- subagent-dependency-mapper.md - Agent implementation details
- slash-command-dep-map.sh - Command-line interface
- mcp-dependency-mapper.json - MCP tool schema
Quick Install
/plugin add https://github.com/DNYoussef/ai-chrome-extension/tree/main/when-mapping-dependencies-use-dependency-mapperCopy and paste this command in Claude Code to install this skill
GitHub 仓库
Related Skills
sandbox-configurator
DevelopmentThe sandbox-configurator skill automatically configures Claude Code sandbox security settings with file system and network isolation boundaries. It specializes in setting up secure execution environments by managing permissions, network policies, and access controls. Use this skill when you need to establish secure isolation boundaries for your code execution sandbox.
github-workflow-automation
OtherThis Claude Skill automates GitHub Actions workflows with AI swarm coordination and intelligent CI/CD pipelines. It enables developers to create self-organizing, adaptive workflows for comprehensive repository management and deployment automation. Use it when you need advanced GitHub workflow orchestration with multi-agent AI coordination.
when-profiling-performance-use-performance-profiler
OtherThis performance profiling skill helps developers identify and optimize application bottlenecks across CPU, memory, I/O, and network dimensions. It provides comprehensive analysis through baseline measurement, bottleneck detection, and root cause investigation phases. Use this skill when you need systematic performance optimization with tools like perf, Instruments, or clinic.js integration.
network-security-setup
DevelopmentThis skill configures network isolation for Claude Code sandboxes by enabling trusted domain whitelisting and custom access policies. It helps developers secure their sandbox environments against prompt injection attacks while managing corporate proxies and internal registries. Use this when you need to control network access and implement zero-trust security for AI code execution.