Dependency Management
技能 已验证 活跃Manage third-party libraries, runtimes, and SaaS dependencies. Use this skill when setting an update cadence, responding to security advisories, dealing with deprecated dependencies, evaluating new dependencies, auditing what's installed, or unblocking a dependency upgrade. Triggers on dependency, package update, security patch, lockfile, deprecated, breaking change, supply chain, dependency audit, npm audit, dependabot, renovate. Also triggers when a build breaks after an update or when an advisory is published for a used package.
To help developers and teams establish and maintain robust dependency management practices, ensuring security, currency, and stability across their projects.
功能
- Dependency inventory and categorization
- Security advisory auditing and prioritization
- Major version upgrade planning and execution
- Policy setting for updates, security, and pinning
- Automation recommendations for updates and audits
使用场景
- Setting up dependency hygiene for new or existing projects
- Responding to security advisories and vulnerability reports
- Planning and executing major version upgrades
- Evaluating and onboarding new dependencies
- Auditing installed dependencies and their usage
非目标
- General code review
- Infrastructure vulnerability scanning
- Pinning vendor or service contracts
- Performance impact analysis of dependencies
安装
npx skills add rampstackco/claude-skills通过 npx 运行 Vercel skills CLI(skills.sh)— 需要本地安装 Node.js,以及至少一个兼容 skills 的智能体(Claude Code、Cursor、Codex 等)。前提是仓库遵循 agentskills.io 格式。
质量评分
已验证类似扩展
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.
Clawsec Scanner
100Automated vulnerability scanner for agent platforms. Performs dependency scanning (npm audit, pip-audit), multi-database CVE lookup (OSV, NVD, GitHub Advisory), SAST analysis (Semgrep, Bandit), and agent-specific DAST hook execution testing for OpenClaw hooks.
Dependency Audit
95Dependency audit and cleanup workflow for maintaining healthy project dependencies. Use for regular maintenance, security updates, and removing unused packages.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Janitor Report
100一个完整的报告,用于检查所有技能的健康状况。当用户想要检查错误、查找重复项、检测损坏的技能或获取技能健康状况的完整概览时使用。
Janitor Audit
100显示所有已安装的技能