Install
openclaw skills install @geoffrey-xiao/npm-package-scanScan npm packages used in a repository for risk, maintenance health, and upgrade concerns.
openclaw skills install @geoffrey-xiao/npm-package-scanUse this skill when you need to inspect the npm packages used by a repository and identify security, maintenance, and dependency risks.
Produce a practical package-risk review for the current repository:
Focus on:
package.jsonpackage-lock.json, bun.lock, pnpm-lock.yaml, or yarn.lockUse the reference notes in references/checklist.md and references/commands.md when useful.
package.json and any workspace manifests.Prefer fast repo inspection first:
rg --files | rg '(^|/)(package\.json|package-lock\.json|bun\.lock|pnpm-lock\.yaml|yarn\.lock)$'
Inspect manifests:
cat package.json
If using Bun:
bun pm ls
bun audit
If using npm:
npm ls --depth=0
npm audit
If using pnpm:
pnpm ls --depth=0
pnpm audit
If using yarn:
yarn list --depth=0
yarn audit
Return: