Claude-skill-registry dependency-management
Manage project dependencies effectively. Use when adding, updating, or auditing dependencies. Covers version management, security scanning, and lockfiles.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/dependency-management" ~/.claude/skills/majiayu000-claude-skill-registry-dependency-management-c5fc0d && rm -rf "$T"
manifest:
skills/data/dependency-management/SKILL.mdsource content
Dependency Management
Workflows
- Audit: Check for known vulnerabilities
- Update: Keep dependencies reasonably current
- Lock: Ensure reproducible builds
- Minimize: Remove unused dependencies
Security Scanning
# Node.js npm audit pnpm audit # Python pip-audit safety check # Go govulncheck ./... # Rust cargo audit
Version Management
Semantic Versioning
- Major (1.0.0): Breaking changes
- Minor (0.1.0): New features, backward compatible
- Patch (0.0.1): Bug fixes, backward compatible
Version Constraints
// package.json { "dependencies": { "exact": "1.2.3", // Exactly 1.2.3 "patch": "~1.2.3", // 1.2.x (patch updates) "minor": "^1.2.3", // 1.x.x (minor updates) "range": ">=1.2.3 <2.0.0" // Range } }
Lockfiles
Always commit lockfiles for reproducible builds:
orpackage-lock.json
(Node.js)pnpm-lock.yaml
orpoetry.lock
(Python)uv.lock
(Go)go.sum
(Rust)Cargo.lock
Best Practices
- Pin Versions in Production: Use exact versions or lockfiles
- Update Regularly: Don't let dependencies get too stale
- Review Changelogs: Check breaking changes before major updates
- Test After Updates: Run full test suite after dependency changes
- Minimize Dependencies: Each dependency is a liability
Removing Unused Dependencies
# Node.js npx depcheck # Python pip-autoremove # Go go mod tidy