陌讯skills聚合平台

1k-pkg-upgrade-review

📁 onekeyhq/app-monorepo 📅 4 days ago
1
总安装量
1
周安装量
#41354
全站排名
安装命令
npx skills add https://github.com/onekeyhq/app-monorepo --skill 1k-pkg-upgrade-review

Agent 安装分布

mcpjam 1
claude-code 1
replit 1
junie 1
windsurf 1
zencoder 1

Skill 文档

Package Upgrade Review

Evaluates npm/yarn package version upgrades by performing source-level diff analysis, tracing all call sites, and producing a structured compatibility report.

Output language: Chinese (matching team conventions).

Quick Reference

Topic Guide Description
Review workflow review-workflow.md Step-by-step review process
Report template report-template.md Output format and risk guidelines
Example report example-report.md Real case: @isaacs/brace-expansion 5.0.0 -> 5.0.1

When to Use

  • Dependabot / Renovate PRs that bump dependency versions
  • Manual yarn upgrade or npm update changes
  • Any PR that modifies yarn.lock or package-lock.json
  • When team needs to understand what actually changed inside a package before merging

Workflow Overview

  1. Identify the package name and version range (old -> new)
  2. Download both versions from npm registry and extract
  3. Diff source code between versions (focus on JS/TS, not metadata)
  4. Classify changes: API signature, return value, new exports, removed exports, behavior changes
  5. Search project source code for direct imports/usage
  6. Search node_modules for indirect usage via intermediate packages
  7. Trace each call site to verify argument usage and compatibility
  8. Assess compatibility risks: signature, return type, return content, side effects
  9. Generate structured report to node_modules/.cache/pkg-upgrade/
  10. Post the full report as a PR comment via gh pr comment

Key Commands

# Download and extract both versions for diffing
mkdir -p /tmp/pkg-diff && cd /tmp/pkg-diff
curl -sL $(npm view PKG@OLD_VER dist.tarball) | tar xz -C old
curl -sL $(npm view PKG@NEW_VER dist.tarball) | tar xz -C new

# Compare file lists
diff -rq old/package new/package

# Diff main source
diff old/package/dist/commonjs/index.js new/package/dist/commonjs/index.js

# Search project code for direct usage
grep -r "PACKAGE_NAME" --include="*.ts" --include="*.tsx" --include="*.js" -l . \
  --exclude-dir=.git --exclude-dir=node_modules

# Search node_modules for indirect usage
grep -rn "from ['\"]PACKAGE_NAME['\"]" node_modules/ --include="*.js" --include="*.mjs" \
  | grep -v "node_modules/.cache"

# Check package metadata
npm view PKG@NEW_VER deprecated
npm view PKG@NEW_VER dist.integrity

Report Output

  • Local file: node_modules/.cache/pkg-upgrade/<package-name>-<old>-to-<new>.md
  • PR comment: The full report MUST also be posted as a comment on the PR via gh pr comment

Related Skills

  • /pr-review – Security-focused PR review (supply-chain risk)
  • /1k-code-review-pr – Build reliability and runtime quality review
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。