陌讯skills聚合平台

update-dependencies

📁 fairchild/dotclaude 📅 Feb 9, 2026
8
总安装量
7
周安装量
#34934
全站排名
安装命令
npx skills add https://github.com/fairchild/dotclaude --skill update-dependencies

Agent 安装分布

gemini-cli 7
claude-code 7
github-copilot 7
cursor 7
opencode 6
codex 6

Skill 文档

Dependency Updater

Smart dependency management with security-first prioritization, intelligent batching, and learning from outcomes.

Ecosystem Detection

First, detect the project’s ecosystem:

# Check for lockfiles (in priority order)
ls bun.lock bun.lockb pnpm-lock.yaml package-lock.json uv.lock poetry.lock Cargo.lock 2>/dev/null | head -1
Lockfile Ecosystem Reference
bun.lock / bun.lockb npm (bun) npm.md
pnpm-lock.yaml npm (pnpm) npm.md
package-lock.json npm npm.md
uv.lock Python (uv) python.md
poetry.lock Python (poetry) python.md
Cargo.lock Rust cargo.md

Load the appropriate ecosystem reference for detailed commands.

Workflow

Phase 1: Security Audit

Run security check first. Security issues always take priority.

See ecosystem reference for specific audit command.

Categorize by severity:

  • Critical/High: Fix immediately, own PR
  • Moderate/Low: Batch with related updates

Phase 2: Outdated Analysis

Check for outdated dependencies.

Categorize by update type:

  • Patch (x.y.Z): Usually safe, batch together
  • Minor (x.Y.z): Review changelog, usually safe
  • Major (X.y.z): Individual review required

Phase 3: Check History

Before major updates, check if we’ve updated this package before:

grep "<package-name>" ~/.claude/skills/update-dependencies/data/outcomes.jsonl

Learn from past outcomes:

  • Did it require migration?
  • Any gotchas noted?

Phase 4: Risk Assessment

For packages with major bumps or unknown risk, fetch changelogs.

Score each update 1-5. See risk-assessment.md for guidelines.

Phase 5: Smart Grouping

Group related packages together. See grouping-strategies.md for patterns.

Priority order:

  1. Security fixes (own group, merge first)
  2. Ecosystem batches (related packages together)
  3. Low-risk patches (all together)
  4. Individual major updates

Phase 6: Execute Updates

For each group:

  1. Create branch: deps/<group-name>-$(date +%Y%m%d)
  2. Apply updates (see ecosystem reference)
  3. Run tests
  4. If tests fail: identify problematic package, exclude, continue

Phase 7: Create PR

Use format from pr-format.md.

git add <lockfile> <manifest>
git commit -m "deps: <type> update <group-name>"
git push -u origin HEAD
gh pr create --title "deps: <type> update <group-name>" --body-file -

Phase 8: Log Outcome

After PR is merged (or if update fails), log the outcome:

bun ~/.claude/skills/update-dependencies/scripts/log-outcome.ts

The script will:

  1. Pre-fill: date, project, ecosystem, packages, versions
  2. Prompt for: outcome (success/failed/required_migration) and notes
  3. Append to ~/.claude/skills/update-dependencies/data/outcomes.jsonl

Command Options

When invoked via /update-dependencies:

Option Effect
security only Only fix security vulnerabilities
plan Enter plan mode – analyze and design update strategy for approval
major Include major version updates
group <name> Update specific ecosystem group
--check-history Show past outcomes for packages being updated

Quick Start

# Run the analyzer first
bun ~/.claude/skills/update-dependencies/scripts/analyze.ts

# Or invoke the skill
/update-dependencies plan    # Analyze and plan
/update-dependencies         # Full execution

Error Recovery

If update fails partway:

  • If commit succeeded but push failed → git push -u origin HEAD
  • If tests fail → identify problematic package, exclude, retry
  • If PR creation failed → gh pr create ...
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。