Agent skill

deps

Manage dependencies with npm/yarn/pnpm. Use for auditing vulnerabilities, checking outdated packages, understanding dependency trees, and upgrading packages safely.

View SKILL.md on GitHub Repository
Stars 21
Forks 5

Install this agent skill to your Project

npx add-skill https://github.com/johnlindquist/claude/tree/main/skills/deps

SKILL.md

Dependencies Manager

Audit, analyze, and manage project dependencies.

Prerequisites

At least one package manager:

bash
# npm (comes with Node.js)
node --version

# yarn
npm install -g yarn

# pnpm
npm install -g pnpm

For dependency analysis:

bash
npm install -g depcheck

CLI Reference

Security Audit

npm

bash
# Run security audit
npm audit

# JSON output
npm audit --json

# Only production deps
npm audit --omit=dev

# Fix automatically
npm audit fix

# Fix with breaking changes (careful!)
npm audit fix --force

yarn

bash
yarn audit
yarn audit --json

pnpm

bash
pnpm audit
pnpm audit --json

Check Outdated Packages

npm

bash
# List outdated
npm outdated

# JSON output
npm outdated --json

# Long format with details
npm outdated --long

yarn

bash
yarn outdated

pnpm

bash
pnpm outdated
pnpm outdated --json

Upgrade Packages

npm

bash
# Update to latest within semver range
npm update

# Update specific package
npm update lodash

# Install latest (ignoring semver)
npm install lodash@latest

# Interactive upgrade (with npm-check)
npx npm-check -u

yarn

bash
yarn upgrade
yarn upgrade lodash
yarn upgrade lodash@latest
yarn upgrade-interactive

pnpm

bash
pnpm update
pnpm update lodash
pnpm update lodash --latest
pnpm update --interactive

Dependency Analysis

Why is this package installed?

bash
# npm
npm explain lodash
npm ls lodash

# yarn
yarn why lodash

# pnpm
pnpm why lodash

Find unused dependencies

bash
npx depcheck

# JSON output
npx depcheck --json

# Ignore patterns
npx depcheck --ignores="@types/*,eslint-*"

View Package Info

bash
# View package details
npm view lodash

# Specific fields
npm view lodash version
npm view lodash versions
npm view lodash dependencies
npm view lodash repository.url

# JSON output
npm view lodash --json

Dependency Tree

bash
# Full tree
npm ls

# Specific depth
npm ls --depth=2

# Production only
npm ls --omit=dev

# Specific package
npm ls lodash

# JSON
npm ls --json

Workflow Patterns

Security Audit Workflow

bash
# 1. Run audit
npm audit --json > audit-report.json

# 2. Review high/critical
npm audit --audit-level=high

# 3. Auto-fix what's safe
npm audit fix

# 4. Manually review remaining
npm audit

Upgrade Workflow

bash
# 1. Check what's outdated
npm outdated --json

# 2. Test current state
npm test

# 3. Update patch/minor versions (safer)
npm update

# 4. Test again
npm test

# 5. Update major versions one at a time
npm install package@latest
npm test

Dependency Cleanup

bash
# 1. Find unused deps
npx depcheck

# 2. Review and remove
npm uninstall unused-package

# 3. Verify
npm test && npm run build

Investigating a Package

bash
# Package info
npm view express

# Current version in project
npm ls express

# Who depends on it
npm explain express

# Security vulnerabilities
npm audit | grep express

Common Issues

Peer Dependency Warnings

bash
# See peer deps
npm ls --json | grep peer

# Install missing peer deps
npm install missing-peer-dep

Version Conflicts

bash
# See duplicate packages
npm ls --all | grep "deduped"

# Force dedupe
npm dedupe

Lock File Issues

bash
# Regenerate lock file
rm package-lock.json
npm install

# Or for yarn
rm yarn.lock
yarn install

Best Practices

  1. Audit regularly - Run npm audit weekly or in CI
  2. Update incrementally - One major version at a time
  3. Test after updates - Always run tests post-update
  4. Review before fixing - npm audit fix --force can break things
  5. Clean unused deps - Run depcheck periodically
  6. Lock versions - Commit lock files to git
  7. Check before adding - Review package health before installing

Didn't find tool you were looking for?

Be as detailed as possible for better results