bump-deps
npx skills add https://github.com/paulrberg/agent-skills --skill bump-deps
Agent 安装分布
Skill 文档
Bump Dependencies Skill
File paths: All
scripts/paths in this skill resolve under~/.agents/skills/bump-deps/. Do not look for them in the current working directory.
Update Node.js dependencies using taze CLI with smart prompting: auto-apply MINOR/PATCH updates, prompt for MAJOR updates individually, skip fixed-version packages.
When package names are provided as arguments (e.g. /bump-deps react typescript), scope all taze commands to only those packages using --include.
Prerequisites
Before starting, verify taze is installed by running:
~/.agents/skills/bump-deps/scripts/run-taze.sh
If exit code is 1, stop and inform the user that taze must be installed:
- Global install:
npm install -g taze - One-time:
npx taze
Update Workflow
Step 1: Scan for Updates
Run the taze script to discover available updates. The script auto-detects monorepo projects (workspaces in package.json or pnpm-workspace.yaml) and enables recursive mode automatically.
~/.agents/skills/bump-deps/scripts/run-taze.sh
Step 2: Parse and Categorize Updates
From the taze output, categorize each package update:
| Category | Version Change | Action |
|---|---|---|
| Fixed | No ^ or ~ prefix (e.g., "1.0.0") |
Skip entirely |
| PATCH | x.y.z â x.y.Z (e.g., 1.0.0 â 1.0.1) |
Auto-apply |
| MINOR | x.y.z â x.Y.0 (e.g., 1.0.0 â 1.1.0) |
Auto-apply |
| MAJOR | x.y.z â X.0.0 (e.g., 1.0.0 â 2.0.0) |
Prompt user |
If package arguments were provided, filter to only those packages.
Identifying fixed versions: In package.json, fixed versions have no range prefix:
- Fixed:
"lodash": "4.17.21"â skip - Ranged:
"lodash": "^4.17.21"â process
Step 3: Apply MINOR/PATCH Updates
Apply all non-major updates automatically without prompting:
# All packages
taze minor --write
# Specific packages only (when args provided)
taze minor --write --include react,typescript
The script auto-detects monorepo mode, but when running taze directly, detect it yourself: check for workspaces in package.json or pnpm-workspace.yaml and add -r if present.
Report the packages that were updated.
Step 4: Prompt for MAJOR Updates
Auto-skip packages: Never prompt for these packagesâauto-apply their major updates:
lucide-react(icon library with frequent major bumps, backward-compatible in practice)
For each remaining package with a major update available, use AskUserQuestion to ask the user individually:
Package: <package-name>
Current: <current-version>
Available: <new-version>
Update to major version?
Question format:
- header: Package name (max 12 chars, truncate if needed)
- options: “Yes, update” / “No, skip”
- multiSelect: false
Collect all approved major updates.
Step 5: Apply Approved MAJOR Updates
After collecting user approvals, apply the approved major updates:
taze major --write --include <pkg1>,<pkg2>,<pkg3>
Add -r if monorepo was detected.
Step 6: Install Dependencies
After all updates are applied, remind the user to run their package manager’s install command:
npm install
# or
pnpm install
# or
bun install
# or
yarn install
Taze Output Interpretation
Taze displays updates grouped by type. Example output:
@types/node ^20.0.0 â ^22.0.0 (major)
typescript ^5.3.0 â ^5.4.0 (minor)
eslint ^8.56.0 â ^8.57.0 (patch)
The rightmost column indicates update type (major/minor/patch).
Packages shown with --include-locked that have no ^ or ~ are fixed versionsâskip these entirely.
Script Reference
| Script | Purpose |
|---|---|
~/.agents/skills/bump-deps/scripts/run-taze.sh |
Run taze in non-interactive mode, check installation |
Important Notes
- Fixed-version dependencies (no
^or~) indicate intentional pinningânever modify these - MAJOR updates may contain breaking changesâalways prompt the user
- MINOR/PATCH updates are backward-compatible by semver conventionâsafe to auto-apply
- The
--includeflag accepts comma-separated package names or regex patterns - Monorepo detection is automaticâno flag needed