Agent skill
deps
Manage dependencies with npm/yarn/pnpm. Use for auditing vulnerabilities, checking outdated packages, understanding dependency trees, and upgrading packages safely.
Install this agent skill to your Project
npx add-skill https://github.com/johnlindquist/claude/tree/main/skills/deps
SKILL.md
Dependencies Manager
Audit, analyze, and manage project dependencies.
Prerequisites
At least one package manager:
# npm (comes with Node.js)
node --version
# yarn
npm install -g yarn
# pnpm
npm install -g pnpm
For dependency analysis:
npm install -g depcheck
CLI Reference
Security Audit
npm
# Run security audit
npm audit
# JSON output
npm audit --json
# Only production deps
npm audit --omit=dev
# Fix automatically
npm audit fix
# Fix with breaking changes (careful!)
npm audit fix --force
yarn
yarn audit
yarn audit --json
pnpm
pnpm audit
pnpm audit --json
Check Outdated Packages
npm
# List outdated
npm outdated
# JSON output
npm outdated --json
# Long format with details
npm outdated --long
yarn
yarn outdated
pnpm
pnpm outdated
pnpm outdated --json
Upgrade Packages
npm
# Update to latest within semver range
npm update
# Update specific package
npm update lodash
# Install latest (ignoring semver)
npm install lodash@latest
# Interactive upgrade (with npm-check)
npx npm-check -u
yarn
yarn upgrade
yarn upgrade lodash
yarn upgrade lodash@latest
yarn upgrade-interactive
pnpm
pnpm update
pnpm update lodash
pnpm update lodash --latest
pnpm update --interactive
Dependency Analysis
Why is this package installed?
# npm
npm explain lodash
npm ls lodash
# yarn
yarn why lodash
# pnpm
pnpm why lodash
Find unused dependencies
npx depcheck
# JSON output
npx depcheck --json
# Ignore patterns
npx depcheck --ignores="@types/*,eslint-*"
View Package Info
# View package details
npm view lodash
# Specific fields
npm view lodash version
npm view lodash versions
npm view lodash dependencies
npm view lodash repository.url
# JSON output
npm view lodash --json
Dependency Tree
# Full tree
npm ls
# Specific depth
npm ls --depth=2
# Production only
npm ls --omit=dev
# Specific package
npm ls lodash
# JSON
npm ls --json
Workflow Patterns
Security Audit Workflow
# 1. Run audit
npm audit --json > audit-report.json
# 2. Review high/critical
npm audit --audit-level=high
# 3. Auto-fix what's safe
npm audit fix
# 4. Manually review remaining
npm audit
Upgrade Workflow
# 1. Check what's outdated
npm outdated --json
# 2. Test current state
npm test
# 3. Update patch/minor versions (safer)
npm update
# 4. Test again
npm test
# 5. Update major versions one at a time
npm install package@latest
npm test
Dependency Cleanup
# 1. Find unused deps
npx depcheck
# 2. Review and remove
npm uninstall unused-package
# 3. Verify
npm test && npm run build
Investigating a Package
# Package info
npm view express
# Current version in project
npm ls express
# Who depends on it
npm explain express
# Security vulnerabilities
npm audit | grep express
Common Issues
Peer Dependency Warnings
# See peer deps
npm ls --json | grep peer
# Install missing peer deps
npm install missing-peer-dep
Version Conflicts
# See duplicate packages
npm ls --all | grep "deduped"
# Force dedupe
npm dedupe
Lock File Issues
# Regenerate lock file
rm package-lock.json
npm install
# Or for yarn
rm yarn.lock
yarn install
Best Practices
- Audit regularly - Run
npm auditweekly or in CI - Update incrementally - One major version at a time
- Test after updates - Always run tests post-update
- Review before fixing -
npm audit fix --forcecan break things - Clean unused deps - Run
depcheckperiodically - Lock versions - Commit lock files to git
- Check before adding - Review package health before installing
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
testgen
Generate tests using AI and run test suites. Use for generating unit tests, running coverage reports, and mutation testing.
article
Generate technical articles and documentation using AI. Use for writing blog posts, documentation, and technical content.
packx
Bundle code context for AI. ALWAYS use --limit 49k unless user explicitly requests otherwise. Use for creating shareable code bundles and preparing context for LLMs.
long-agent
Manage long-running agent sessions. Use for tracking progress in extended tasks, maintaining context across long sessions, and managing multi-step workflows.
db
Database operations for SQLite, PostgreSQL, and MySQL. Use for queries, schema inspection, migrations, and AI-assisted query generation.
investigate
Debug and investigate code issues using search and AI analysis. Use when stuck on bugs, tracing execution flow, or understanding complex code.
Didn't find tool you were looking for?