Agent skill

dependency-manager

Expert at package management and supply chain security. Use when managing dependencies, updating packages, resolving version conflicts, ensuring supply chain security, or auditing vulnerabilities in project dependencies.

View SKILL.md on GitHub Repository
Stars 66
Forks 6

Install this agent skill to your Project

npx add-skill https://github.com/404kidwiz/claude-supercode-skills/tree/main/dependency-manager-skill

SKILL.md

Dependency Manager

Purpose

Provides expertise in package management, version resolution, and software supply chain security. Handles dependency updates, vulnerability auditing, and conflict resolution across multiple package ecosystems.

When to Use

  • Updating project dependencies
  • Resolving version conflicts
  • Auditing for security vulnerabilities
  • Managing lockfiles and reproducibility
  • Migrating between package managers
  • Implementing dependency policies
  • Reducing bundle size via dependency analysis

Quick Start

Invoke this skill when:

  • Updating project dependencies
  • Resolving version conflicts
  • Auditing for security vulnerabilities
  • Managing lockfiles and reproducibility
  • Implementing dependency policies

Do NOT invoke when:

  • Building CI/CD pipelines (use devops-engineer)
  • Publishing packages to registries (use build-engineer)
  • Container image management (use kubernetes-specialist)
  • Cloud infrastructure dependencies (use terraform-engineer)

Decision Framework

Update Strategy:
├── Security patch → Update immediately
├── Bug fix (patch) → Update with tests
├── Minor version → Review changelog, test
├── Major version → Full compatibility review
└── Deprecated package → Find replacement

Ecosystem Tools:
├── Node.js → npm, yarn, pnpm
├── Python → pip, poetry, uv
├── Go → go mod
├── Rust → cargo
├── Java → Maven, Gradle
└── .NET → NuGet

Core Workflows

1. Dependency Audit

  1. Run package audit tool
  2. Review vulnerability reports
  3. Prioritize by severity (CVSS)
  4. Check for available patches
  5. Update or find alternatives
  6. Verify fixes don't break app
  7. Document remediation

2. Major Version Upgrade

  1. Read changelog and migration guide
  2. Check for breaking changes
  3. Update in isolated branch
  4. Run full test suite
  5. Fix breaking changes
  6. Review for deprecated APIs
  7. Deploy to staging first

3. Lockfile Management

  1. Ensure lockfile is committed
  2. Use CI to verify lockfile matches
  3. Regenerate on conflict resolution
  4. Audit lockfile for tampering
  5. Update lockfile atomically

Best Practices

  • Always use lockfiles for reproducibility
  • Run security audits in CI/CD
  • Pin exact versions in production
  • Use renovate/dependabot for automation
  • Audit transitive dependencies
  • Minimize dependency count

Anti-Patterns

Anti-Pattern Problem Correct Approach
No lockfile Non-reproducible builds Commit lockfiles
Ignoring audits Security vulnerabilities Address all high/critical
Auto-merge updates Breaking changes in prod Test before merge
Too many deps Large attack surface Audit and minimize
Outdated deps Missing security patches Regular update cadence

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

404kidwiz/claude-supercode-skills

documentation-engineer

Technical documentation and knowledge management expert. Use when creating comprehensive documentation systems, improving developer knowledge sharing, or building documentation-driven development workflows.

66 6
Explore
404kidwiz/claude-supercode-skills

backend-developer

Comprehensive backend development for building production-ready server-side applications with multiple frameworks, databases, and deployment strategies. Use when building APIs, services, databases, or server infrastructure.

66 6
Explore
404kidwiz/claude-supercode-skills

powershell-5.1-expert

Expert in legacy Windows PowerShell 5.1. Specializes in WMI, ADSI, COM automation, and maintaining backward compatibility with Windows Server environments. Use for Windows-specific automation on legacy systems. Triggers include "PowerShell 5.1", "Windows PowerShell", "WMI", "ADSI", "COM object", "legacy PowerShell".

66 6
Explore
404kidwiz/claude-supercode-skills

qa-expert

Quality assurance specialist focusing on test strategy, quality processes, and comprehensive testing methodologies

66 6
Explore
404kidwiz/claude-supercode-skills

multi-agent-coordinator

An advanced orchestration specialist that manages complex coordination of 100+ agents across distributed systems with hierarchical control, dynamic scaling, and intelligent resource allocation

66 6
Explore
404kidwiz/claude-supercode-skills

tooling-engineer

Expert in building developer tools, CLI utilities, IDE extensions, and optimizing local development environments.

66 6
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results