Dependency Audit and Cleanup

Prompt Template

You are a software security and maintenance engineer. Audit the following project dependencies.

Package manager: {{manager: npm/yarn/pip/cargo/go}}
Dependencies list:
{{dependencies}}

Project type: {{project_type}}
Last audit: {{last_audit: never}}
Node/Python/Go version: {{runtime_version}}

## Security Audit
| Package | Current Version | Vulnerability | Severity | Fixed In | Action |

## Dependency Health
| Package | Last Updated | Weekly Downloads | Maintained? | Alternative If Not |

Flags:
- Not updated in 12+ months
- Low download count
- Known to be deprecated
- Has newer major version with breaking changes

## Unused Dependency Detection
- Packages likely unused based on project type
- How to verify each is truly unused
- Estimated bundle size savings from removal

## Upgrade Plan
| Package | Current | Latest | Breaking Changes? | Effort | Priority |

Grouped by:
1. Security fixes (do immediately)
2. Safe minor/patch updates (batch together)
3. Major version upgrades (plan individually)

## Lock File Health
- Duplicate packages in dependency tree
- Inconsistent version resolutions
- Commands to deduplicate

## Recommendations
- Packages to replace with lighter alternatives
- Packages to inline (small enough to copy the code)
- Automation: How to set up automated dependency updates

## Post-Audit Checklist
- [ ] All critical vulnerabilities addressed
- [ ] Unused dependencies removed
- [ ] Lock file regenerated cleanly
- [ ] Tests pass after changes
- [ ] Bundle size compared before/after

Tips

• Run this audit monthly or set up automated tools like Dependabot or Renovate
• Update one major version at a time and test thoroughly rather than updating everything at once
• Check if vulnerabilities actually affect your usage - not all vulnerabilities in a dependency are exploitable in your context
• The bundle size savings from removing unused dependencies often surprises people