dependency-management
Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers.
Best use case
dependency-management is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers.
Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers.
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "dependency-management" skill to help with this workflow task. Context: Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers.
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/dependency-management/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How dependency-management Compares
| Feature / Agent | dependency-management | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Dependency Management This skill manages project dependencies including updates, vulnerability scanning, license compliance, and dependency tree optimization. ## When to Use This Skill - When updating project dependencies - When scanning for security vulnerabilities - When analyzing dependency trees - When ensuring license compliance - When resolving version conflicts - When optimizing dependency usage ## What This Skill Does 1. **Dependency Analysis**: Identifies unused dependencies and version conflicts 2. **Vulnerability Scanning**: Finds and fixes known security vulnerabilities 3. **License Compliance**: Verifies dependency licenses are compatible 4. **Safe Updates**: Updates dependencies with testing and validation 5. **Tree Optimization**: Optimizes dependency trees and reduces bloat 6. **Version Management**: Resolves version conflicts and updates ## Helper Scripts This skill includes Python helper scripts in `scripts/`: - **`parse_dependencies.py`**: Parses dependency files (package.json, requirements.txt, pyproject.toml). Outputs JSON with parsed dependencies and metadata. ```bash python scripts/parse_dependencies.py package.json requirements.txt ``` ## How to Use ### Manage Dependencies ``` Update all dependencies and check for vulnerabilities ``` ``` Scan dependencies for security issues ``` ### Specific Tasks ``` Check license compatibility for all dependencies ``` ## Management Process ### 1. Analyze Dependencies **Using Helper Script:** The skill includes a Python helper script for parsing dependency files: ```bash # Parse dependency files python scripts/parse_dependencies.py package.json requirements.txt pyproject.toml ``` **Package Manager Tools:** - npm: `npm outdated`, `npm list` - pip: `pip list --outdated` - maven: `mvn versions:display-dependency-updates` - gradle: `gradle dependencyUpdates` ### 2. Scan for Vulnerabilities **Tools:** - npm: `npm audit` - pip: `pip-audit` - maven: OWASP Dependency Check - gradle: Dependency Check plugin ### 3. Check Licenses **Process:** - List all dependency licenses - Check compatibility with project license - Identify any incompatible licenses - Provide license report ### 4. Update Dependencies **Safe Update Process:** 1. Check for updates 2. Review changelogs 3. Update incrementally 4. Run tests after each update 5. Verify functionality ## Examples ### Example 1: Vulnerability Scan **Input**: Scan for vulnerabilities **Output**: ```markdown ## Dependency Vulnerability Scan ### Critical Vulnerabilities **1. lodash (4.17.20)** - **Severity**: High - **Issue**: Prototype Pollution - **Fix**: Update to 4.17.21 ```bash npm update lodash ``` **2. express (4.16.4)** - **Severity**: Medium - **Issue**: Path Traversal - **Fix**: Update to 4.18.2 ```bash npm update express ``` ### Summary - **Total vulnerabilities**: 5 - **Critical**: 1 - **High**: 2 - **Medium**: 2 ``` ## Reference Files For package manager-specific commands and patterns, load reference files as needed: - **`references/package_managers.md`** - Commands and patterns for npm, pip, Poetry, Maven, Gradle, Cargo, and common dependency management patterns - **`references/DEPENDENCY_AUDIT.template.md`** - Dependency audit report template with vulnerabilities, outdated packages, license compliance When working with specific package managers, load `references/package_managers.md` and refer to the relevant package manager section. ## Best Practices ### Dependency Management 1. **Regular Updates**: Update dependencies regularly 2. **Security First**: Prioritize security updates 3. **Test After Updates**: Always test after updating 4. **Lock Files**: Use lock files (package-lock.json, yarn.lock) 5. **Version Pinning**: Pin critical dependencies ## Related Use Cases - Dependency updates - Security vulnerability scanning - License compliance - Dependency tree optimization - Version conflict resolution
Related Skills
track-management
Use this skill when creating, managing, or working with Conductor tracks - the logical work units for features, bugs, and refactors. Applies to spec.md, plan.md, and track lifecycle operations.
server-management
Server management principles and decision-making. Process management, monitoring strategy, and scaling decisions. Teaches thinking, not commands.
secrets-management
Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
react-state-management
Master modern React state management with Redux Toolkit, Zustand, Jotai, and React Query. Use when setting up global state, managing server state, or choosing between state management solutions.
monorepo-management
Master monorepo management with Turborepo, Nx, and pnpm workspaces to build efficient, scalable multi-package repositories with optimized builds and dependency management. Use when setting up monorepos, optimizing builds, or managing shared dependencies.
istio-traffic-management
Configure Istio traffic management including routing, load balancing, circuit breakers, and canary deployments. Use when implementing service mesh traffic policies, progressive delivery, or resilience patterns.
dependency-upgrade
Manage major dependency version upgrades with compatibility analysis, staged rollout, and comprehensive testing. Use when upgrading framework versions, updating major dependencies, or managing breaking changes in libraries.
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.
context-window-management
Strategies for managing LLM context windows including summarization, trimming, routing, and avoiding context rot Use when: context window, token limit, context management, context engineering, long context.
context-management-context-save
Use when working with context management context save
context-management-context-restore
Use when working with context management context restore
azure-mgmt-apimanagement-py
Azure API Management SDK for Python. Use for managing APIM services, APIs, products, subscriptions, and policies. Triggers: "azure-mgmt-apimanagement", "ApiManagementClient", "APIM", "API gateway", "API Management".