fizzgig__dep_audit
reviews package.json + lockfile for placement, range, and integrity issues.
the AI installs the linter as a runtime dep because it didn't read package.json structurally. the bundle bloats, the install slows, the deploy doesn't notice because npm doesn't care.
7 checks across placement (dev-only linters in production deps), version-range discipline (caret on 0.x deps), lockfile integrity (duplicate transitive versions = bundle bloat), runtime engines field, parse failures. Package-name-aware severity tiering — security-critical packages (auth / payment / crypto / db / AI SDK families) stay high; cosmetic packages (UI / icons / styling) drop to medium.
keep the bundle lean and the production deps actually production-shaped. run after every npm install.
caught a policy that would have leaked every user's comments. shipped a fix in 4 minutes.
first tool i installed. it's the one that pays for itself.
works great. one false positive on a join table — easy to ignore.
{
"fizzgig": {
"url": "https://mcp.fizzgig.ai",
"tools": ["dep_audit"]
}
}