Deep package intelligence for upgrades, security reviews, and migration planning.
DESCRIPTION
audit_package is the heavier package tool. Use it when the package decision is real enough to justify deeper context: CVEs, breaking changes, migration steps, and what changed between versions.
GOOD FIT
AVOID IT WHEN
| Name | Type | Required | Description |
|---|---|---|---|
| package | string | Yes | npm package name. |
| task | "upgrade" | "debug" | "security" | "migrate" | Yes | The kind of package analysis you want back. |
| from_version | string | No | Current version so the tool can compare the exact delta. |
| source | string | No | Package source. Defaults to "local". |
UPGRADE PLANNING
audit_package is where migration guidance lives. It is designed to tell you what will break, what version you should target, what changed between versions, and what you need to verify after the upgrade.
{ "jsonrpc": "2.0", "id": 5, "method": "tools/call", "params": { "name": "audit_package", "arguments": { "package": "next", "task": "upgrade", "from_version": "15.1.0" } }}Recommended target: 16.2.1Breaking changes: metadata defaults, cache semantics, route handler behaviorMigration steps: update next.config, rerun typecheck, verify app router metadataSecurity: no active critical advisory on the target versionTOKEN EFFICIENCY
A full package audit is usually around 600 to 1,200 tokens. Reading release notes, CVE pages, migration guides, and issue threads manually can easily reach 8,000 to 25,000 tokens before you write any code.