audit_package
Returns deeper package intelligence: breaking changes, advisories, migration guidance, and concrete upgrade notes after check_package.
DESCRIPTION
This is the heavier package analysis tool. It is designed for upgrade planning, debugging version problems, or security reviews where shallow version comparison is not enough.
WHEN TO USE
GOOD FIT
- Planning a dependency upgrade.
- Checking breaking changes between installed and latest versions.
- Reviewing package CVEs or security advisories before deploy.
- Debugging a package mismatch or migration issue.
AVOID IT WHEN
- You only need to verify the package is real or compare versions; use check_package.
- You need repo structure or symbol reading; use the code analysis tools.
- You are not actually considering a package change yet.
PARAMETERS
| Name | Type | Required | Description |
|---|---|---|---|
| package | string | Yes | npm package name. |
| task | "upgrade" | "debug" | "security" | "migrate" | Yes | The kind of package analysis you need. |
| from_version | string | No | Current installed version if you want version-aware guidance. |
| source | string | No | Package source. Defaults to "local". |
EXAMPLE
tools-call.json
{ "jsonrpc": "2.0", "id": 3, "method": "tools/call", "params": { "name": "audit_package", "arguments": { "package": "next", "task": "upgrade", "from_version": "15.1.0" } }}OUTPUT
response.json
{ "jsonrpc": "2.0", "id": 3, "result": { "content": [ { "type": "text", "text": "Recommended target: 16.2.1\nBreaking changes: config defaults, cache semantics\nMigration steps: update next.config, re-run typecheck, verify app router metadata\nSecurity: no active critical advisory on target" } ] }}TOKEN EFFICIENCY
This tool trades extra tokens for fewer upgrade mistakes. Use it when a version change is real enough to justify detailed migration context.