Dependency CVE Loop
Daily interval loop that audits dependency advisories, patches vulnerable packages, runs tests, and opens a security PR.
by Trooper
/loop 1d Start the "Dependency CVE Loop" loop. Goal: known CVEs in dependencies are patched with tests passing and PR open Max iterations: 10 Between iterations run: npm audit --json || true Exit when: no critical or high CVEs remain unpatched or fix PR is open Step 1: Audit advisories, patch vulnerable deps, test, and open a security PR. Self-pace this loop. After each iteration, run the check command, read the output, and only continue if the exit condition is not met. Stop when the exit condition passes or max iterations is reached. Give a short status update each pass.
Paste the kickoff prompt into Cursor, Claude Code, or Codex. Deeplinks do not install hook files.
1. Audit advisories
Run npm audit or equivalent and list critical/high CVEs.
2. Patch and test
Bump vulnerable packages, resolve conflicts, and run tests.
3. Open security PR
Open a PR with advisory IDs, patches applied, and test results.
Guardrails
Rules the agent must follow so it cannot cheat the exit condition.
- Do not ignore or suppress CVEs without documented risk acceptance
- Run full test suite after every security patch
- Prioritize critical and high severity advisories first
More Security loops
Dependency Drift Watch
Weekly interval loop that flags outdated dependencies, tests version bumps in isolation, and opens grouped upgrade PRs.
Secret Scan Until Clean
Scan the repo for leaked secrets, rotate exposed credentials, verify clean scan, and loop until no leaks remain.
Ship PR Until Green
Implement on a branch, run tests, push, open a PR, wait for CI, and loop until checks pass and the PR is ready to merge.