dependency-management

📁 nguyenhuuca/assessment 📅 8 days ago

总安装量

周安装量

#35025

全站排名

安装命令

npx skills add https://github.com/nguyenhuuca/assessment --skill dependency-management

Agent 安装分布

mcpjam 6

claude-code 6

replit 6

junie 6

windsurf 6

zencoder 6

Skill 文档

Dependency Management

Workflows

Audit: Check for known vulnerabilities
Update: Keep dependencies reasonably current
Lock: Ensure reproducible builds
Minimize: Remove unused dependencies

Security Scanning

# Node.js
npm audit
pnpm audit

# Python
pip-audit
safety check

# Go
govulncheck ./...

# Rust
cargo audit

Version Management

Semantic Versioning

Major (1.0.0): Breaking changes
Minor (0.1.0): New features, backward compatible
Patch (0.0.1): Bug fixes, backward compatible

Version Constraints

// package.json
{
  "dependencies": {
    "exact": "1.2.3",        // Exactly 1.2.3
    "patch": "~1.2.3",       // 1.2.x (patch updates)
    "minor": "^1.2.3",       // 1.x.x (minor updates)
    "range": ">=1.2.3 <2.0.0" // Range
  }
}

Lockfiles

Always commit lockfiles for reproducible builds:

package-lock.json or pnpm-lock.yaml (Node.js)
poetry.lock or uv.lock (Python)
go.sum (Go)
Cargo.lock (Rust)

Best Practices

Pin Versions in Production: Use exact versions or lockfiles
Update Regularly: Don’t let dependencies get too stale
Review Changelogs: Check breaking changes before major updates
Test After Updates: Run full test suite after dependency changes
Minimize Dependencies: Each dependency is a liability

Removing Unused Dependencies

# Node.js
npx depcheck

# Python
pip-autoremove

# Go
go mod tidy

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台