audit_package

Deep package intelligence for upgrades, security reviews, and migration planning.

DESCRIPTION

audit_package is the heavier package tool. Use it when the package decision is real enough to justify deeper context: CVEs, breaking changes, migration steps, and what changed between versions.

WHEN TO USE

GOOD FIT

Before upgrading a major dependency.
When a package has a known vulnerability and you need the fix path.
When you need to understand breaking changes before upgrading.
When you are debugging a version mismatch or migration issue.

AVOID IT WHEN

You only need to verify the package exists or compare versions; use check_package.
You are not planning a package change yet.
You need repo code analysis rather than dependency analysis.

PARAMETERS

Name	Type	Required	Description
package	string	Yes	npm package name.
task	"upgrade" \| "debug" \| "security" \| "migrate"	Yes	The kind of package analysis you want back.
from_version	string	No	Current version so the tool can compare the exact delta.
source	string	No	Package source. Defaults to "local".

DETAILS

UPGRADE PLANNING

What you get that check_package does not

audit_package is where migration guidance lives. It is designed to tell you what will break, what version you should target, what changed between versions, and what you need to verify after the upgrade.

EXAMPLE

{  "jsonrpc": "2.0",  "id": 5,  "method": "tools/call",  "params": {    "name": "audit_package",    "arguments": {      "package": "next",      "task": "upgrade",      "from_version": "15.1.0"    }  }}

OUTPUT

Recommended target: 16.2.1Breaking changes: metadata defaults, cache semantics, route handler behaviorMigration steps: update next.config, rerun typecheck, verify app router metadataSecurity: no active critical advisory on the target version

TOKEN EFFICIENCY

A full package audit is usually around 600 to 1,200 tokens. Reading release notes, CVE pages, migration guides, and issue threads manually can easily reach 8,000 to 25,000 tokens before you write any code.