ReddRadar
Agent skill
dependency-management
Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers.
Install this agent skill to your Project
npx add-skill https://github.com/aiskillstore/marketplace/tree/main/skills/89jobrien/dependency-management
SKILL.md
Dependency Management
This skill manages project dependencies including updates, vulnerability scanning, license compliance, and dependency tree optimization.
When to Use This Skill
- When updating project dependencies
- When scanning for security vulnerabilities
- When analyzing dependency trees
- When ensuring license compliance
- When resolving version conflicts
- When optimizing dependency usage
What This Skill Does
- Dependency Analysis: Identifies unused dependencies and version conflicts
- Vulnerability Scanning: Finds and fixes known security vulnerabilities
- License Compliance: Verifies dependency licenses are compatible
- Safe Updates: Updates dependencies with testing and validation
- Tree Optimization: Optimizes dependency trees and reduces bloat
- Version Management: Resolves version conflicts and updates
Helper Scripts
This skill includes Python helper scripts in scripts/:
-
parse_dependencies.py: Parses dependency files (package.json, requirements.txt, pyproject.toml). Outputs JSON with parsed dependencies and metadata.bashpython scripts/parse_dependencies.py package.json requirements.txt
How to Use
Manage Dependencies
Update all dependencies and check for vulnerabilities
Scan dependencies for security issues
Specific Tasks
Check license compatibility for all dependencies
Management Process
1. Analyze Dependencies
Using Helper Script:
The skill includes a Python helper script for parsing dependency files:
# Parse dependency files
python scripts/parse_dependencies.py package.json requirements.txt pyproject.toml
Package Manager Tools:
- npm:
npm outdated,npm list - pip:
pip list --outdated - maven:
mvn versions:display-dependency-updates - gradle:
gradle dependencyUpdates
2. Scan for Vulnerabilities
Tools:
- npm:
npm audit - pip:
pip-audit - maven: OWASP Dependency Check
- gradle: Dependency Check plugin
3. Check Licenses
Process:
- List all dependency licenses
- Check compatibility with project license
- Identify any incompatible licenses
- Provide license report
4. Update Dependencies
Safe Update Process:
- Check for updates
- Review changelogs
- Update incrementally
- Run tests after each update
- Verify functionality
Examples
Example 1: Vulnerability Scan
Input: Scan for vulnerabilities
Output:
## Dependency Vulnerability Scan
### Critical Vulnerabilities
**1. lodash (4.17.20)**
- **Severity**: High
- **Issue**: Prototype Pollution
- **Fix**: Update to 4.17.21
```bash
npm update lodash
2. express (4.16.4)
- Severity: Medium
- Issue: Path Traversal
- Fix: Update to 4.18.2
npm update express
Summary
- Total vulnerabilities: 5
- Critical: 1
- High: 2
- Medium: 2
## Reference Files
For package manager-specific commands and patterns, load reference files as needed:
- **`references/package_managers.md`** - Commands and patterns for npm, pip, Poetry, Maven, Gradle, Cargo, and common dependency management patterns
- **`references/DEPENDENCY_AUDIT.template.md`** - Dependency audit report template with vulnerabilities, outdated packages, license compliance
When working with specific package managers, load `references/package_managers.md` and refer to the relevant package manager section.
## Best Practices
### Dependency Management
1. **Regular Updates**: Update dependencies regularly
2. **Security First**: Prioritize security updates
3. **Test After Updates**: Always test after updating
4. **Lock Files**: Use lock files (package-lock.json, yarn.lock)
5. **Version Pinning**: Pin critical dependencies
## Related Use Cases
- Dependency updates
- Security vulnerability scanning
- License compliance
- Dependency tree optimization
- Version conflict resolution
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
aiskillstore/marketplace
perigon-backend
Perigon ASP.NET Core + EF Core + Aspire conventions
aiskillstore/marketplace
perigon-agent
Pointers for Copilot/agents to apply Perigon conventions
aiskillstore/marketplace
perigon-angular
Angular 21+ standalone/Material/signal conventions for Perigon WebApp
aiskillstore/marketplace
fastapi-mastery
Comprehensive FastAPI development skill covering REST API creation, routing, request/response handling, validation, authentication, database integration, middleware, and deployment. Use when working with FastAPI projects, building APIs, implementing CRUD operations, setting up authentication/authorization, integrating databases (SQL/NoSQL), adding middleware, handling WebSockets, or deploying FastAPI applications. Triggered by requests involving .py files with FastAPI code, API endpoint creation, Pydantic models, or FastAPI-specific features.
aiskillstore/marketplace
context7-efficient
Token-efficient library documentation fetcher using Context7 MCP with 86.8% token savings through intelligent shell pipeline filtering. Fetches code examples, API references, and best practices for JavaScript, Python, Go, Rust, and other libraries. Use when users ask about library documentation, need code examples, want API usage patterns, are learning a new framework, need syntax reference, or troubleshooting with library-specific information. Triggers include questions like "Show me React hooks", "How do I use Prisma", "What's the Next.js routing syntax", or any request for library/framework documentation.
aiskillstore/marketplace
browser-use
Browser automation using Playwright MCP. Navigate websites, fill forms, click elements, take screenshots, and extract data. Use when tasks require web browsing, form submission, web scraping, UI testing, or any browser interaction.
Didn't find tool you were looking for?