Skill Detail

NPM Package Analyzer

Deep analysis of npm packages using npm-registry-fetch and pacote. Evaluates bundle size via bundlephobia API, checks security advisories from npm audit, and maps dependency trees with arborist.

Library & API ReferenceChatGPT Agents

Library & API Reference ChatGPT Agents Security Reviewed

INSTALL WITH ANY AGENT

npx skills add agentskillexchange/skills --skill npm-package-analyzer Copy

Works best when you want a reusable capability, not another fragile one-off prompt.

View source

At a glance

Author

npm, Inc.

Last updated

Mar 24, 2026

Quick brief

The NPM Package Analyzer provides comprehensive evaluation of npm packages for informed dependency decisions. Using npm-registry-fetch for registry data and pacote for package content inspection, it delivers detailed reports on package health, maintainability, and security posture.

How it works

What this skill actually does

Core analysis includes bundle size estimation via the Bundlephobia API, dependency tree mapping with @npmcli/arborist, download trend analysis from npm stats endpoints, and license compatibility checking across the dependency graph. The agent evaluates package maintenance signals including release frequency, open issue count, and contributor diversity.

Advanced capabilities include security vulnerability scanning through npm audit advisories, duplicate dependency detection across projects, and alternative package suggestions based on functionality overlap. The agent generates migration guides when switching between packages, estimates upgrade effort for major version bumps, and creates lockfile analysis reports. It also supports monorepo workspace analysis and peerDependency conflict resolution.

Best fit

When to reach for it

Best when the job fits Library & API Reference.
Works naturally with ChatGPT Agents setups.

Trust & provenance

Why this listing is credible

Trust status: Security Reviewed.
Last updated Mar 24, 2026.

View source ↗