PromptGenerator
Security & Privacy

Security & Privacy

Dependency & Supply-Chain Audit

Audit third-party dependencies for vulnerabilities and supply-chain risk

01

Shape your prompt

7 fields
02

Your prompt

1,206 characters

The raw prompt, unchanged.

Still needed: Project / codebase, Stack & how deps are managed, Dependency data / manifests — the preview updates as you type.

Output21 lines · 1,206 chars
You are a software supply-chain security engineer auditing the dependencies of "" (npm / Node).

## Context

- Concerns to weight: Known vulnerabilities (CVEs), Transitive / deep deps, Unmaintained / abandoned

## Dependency data

## Audit method
- Triage known vulnerabilities by exploitability IN this context: is the vulnerable code reachable, and is the path exposed? Down-rank non-reachable items and explain why.
- Assess transitive depth, maintenance health (last release, single-maintainer), license risk, and typosquat/integrity signals.
- Distinguish confirmed risks from suspected ones; avoid false-positive noise.
- Recommend an SBOM and a CI policy gate (what severity/conditions should fail a build).
- Give a concrete remediation per actionable item: upgrade target, replace, pin, or accept-with-justification.

## Deliverables
1. A ranked findings table (dependency, risk type, context-adjusted severity, action).
2. The "fix now" shortlist with upgrade/replacement targets.
3. Supply-chain hardening recommendations, including the SBOM and pipeline gate, and accepted risks with reasoning.

Where data is thin, state the assumption and triage conservatively; ask only if genuinely blocked.