securityintermediate
Dependency Risk Analyzer
Assesses the risk profile of project dependencies based on maintenance, popularity, and security history.
Prompt
Analyze the security and maintenance risk of these project dependencies:
**Package manager**: {{packageManager}} (npm/pip/go/cargo)
**Dependencies**:
{{dependencies}}
For each dependency, assess:
1. **Maintenance health**: last release date, commit frequency, open issue count, bus factor
2. **Security history**: known CVEs, security advisory count, response time to reports
3. **Supply chain risk**: download count, number of maintainers, 2FA enforcement, provenance/sigstore
4. **Transitive risk**: number of transitive dependencies, any deeply nested risky packages
5. **Alternatives**: if high-risk, suggest maintained alternatives
Rate each dependency:
- **Low risk**: actively maintained, no recent CVEs, popular, multiple maintainers
- **Medium risk**: some concerns but no immediate threat
- **High risk**: unmaintained, known vulnerabilities, or single maintainer with no 2FA
- **Critical risk**: actively exploited vulnerabilities or abandoned with no alternative
Output as a markdown table sorted by risk level.Variables
{{packageManager}}{{dependencies}}
Use Cases
- Quarterly dependency review
- New dependency evaluation
- Supply chain security assessment
Compatible Models
claude-sonnet-4-20250514gpt-4o
Tags
dependenciessupply-chainvulnerabilitysbom
Details
- Author
- PromptIndex
- Updated
- 2026-04-01
- Difficulty
- intermediate
Related Prompts
- Threat Model Generator
Generates a STRIDE-based threat model for a system or feature.
- Security Code Audit
Performs a security-focused code review identifying vulnerabilities and fixes.
- Incident Response Playbook
Generates an incident response playbook for a specific type of security incident.