dependency-manager
29
总安装量
29
周安装量
#7197
全站排名
安装命令
npx skills add https://github.com/404kidwiz/claude-supercode-skills --skill dependency-manager
Agent 安装分布
claude-code
20
opencode
20
gemini-cli
18
cursor
16
windsurf
14
Skill 文档
Dependency Manager
Purpose
Provides expertise in package management, version resolution, and software supply chain security. Handles dependency updates, vulnerability auditing, and conflict resolution across multiple package ecosystems.
When to Use
- Updating project dependencies
- Resolving version conflicts
- Auditing for security vulnerabilities
- Managing lockfiles and reproducibility
- Migrating between package managers
- Implementing dependency policies
- Reducing bundle size via dependency analysis
Quick Start
Invoke this skill when:
- Updating project dependencies
- Resolving version conflicts
- Auditing for security vulnerabilities
- Managing lockfiles and reproducibility
- Implementing dependency policies
Do NOT invoke when:
- Building CI/CD pipelines (use devops-engineer)
- Publishing packages to registries (use build-engineer)
- Container image management (use kubernetes-specialist)
- Cloud infrastructure dependencies (use terraform-engineer)
Decision Framework
Update Strategy:
âââ Security patch â Update immediately
âââ Bug fix (patch) â Update with tests
âââ Minor version â Review changelog, test
âââ Major version â Full compatibility review
âââ Deprecated package â Find replacement
Ecosystem Tools:
âââ Node.js â npm, yarn, pnpm
âââ Python â pip, poetry, uv
âââ Go â go mod
âââ Rust â cargo
âââ Java â Maven, Gradle
âââ .NET â NuGet
Core Workflows
1. Dependency Audit
- Run package audit tool
- Review vulnerability reports
- Prioritize by severity (CVSS)
- Check for available patches
- Update or find alternatives
- Verify fixes don’t break app
- Document remediation
2. Major Version Upgrade
- Read changelog and migration guide
- Check for breaking changes
- Update in isolated branch
- Run full test suite
- Fix breaking changes
- Review for deprecated APIs
- Deploy to staging first
3. Lockfile Management
- Ensure lockfile is committed
- Use CI to verify lockfile matches
- Regenerate on conflict resolution
- Audit lockfile for tampering
- Update lockfile atomically
Best Practices
- Always use lockfiles for reproducibility
- Run security audits in CI/CD
- Pin exact versions in production
- Use renovate/dependabot for automation
- Audit transitive dependencies
- Minimize dependency count
Anti-Patterns
| Anti-Pattern | Problem | Correct Approach |
|---|---|---|
| No lockfile | Non-reproducible builds | Commit lockfiles |
| Ignoring audits | Security vulnerabilities | Address all high/critical |
| Auto-merge updates | Breaking changes in prod | Test before merge |
| Too many deps | Large attack surface | Audit and minimize |
| Outdated deps | Missing security patches | Regular update cadence |