← Back to list
dependency-management
by dralgorhythm
A More Effective Agent Harness for Claude
⭐ 4🍴 0📅 Jan 22, 2026
Run in ManusSKILL.md
name: dependency-management description: Manage project dependencies effectively. Use when adding, updating, or auditing dependencies. Covers version management, security scanning, and lockfiles. allowed-tools: Read, Bash, Glob, Grep
Dependency Management
Workflows
- Audit: Check for known vulnerabilities
- Update: Keep dependencies reasonably current
- Lock: Ensure reproducible builds
- Minimize: Remove unused dependencies
Security Scanning
# Node.js
npm audit
pnpm audit
# Python
pip-audit
safety check
# Go
govulncheck ./...
# Rust
cargo audit
Version Management
Semantic Versioning
- Major (1.0.0): Breaking changes
- Minor (0.1.0): New features, backward compatible
- Patch (0.0.1): Bug fixes, backward compatible
Version Constraints
// package.json
{
"dependencies": {
"exact": "1.2.3", // Exactly 1.2.3
"patch": "~1.2.3", // 1.2.x (patch updates)
"minor": "^1.2.3", // 1.x.x (minor updates)
"range": ">=1.2.3 <2.0.0" // Range
}
}
Lockfiles
Always commit lockfiles for reproducible builds:
package-lock.jsonorpnpm-lock.yaml(Node.js)poetry.lockoruv.lock(Python)go.sum(Go)Cargo.lock(Rust)
Best Practices
- Pin Versions in Production: Use exact versions or lockfiles
- Update Regularly: Don't let dependencies get too stale
- Review Changelogs: Check breaking changes before major updates
- Test After Updates: Run full test suite after dependency changes
- Minimize Dependencies: Each dependency is a liability
Removing Unused Dependencies
# Node.js
npx depcheck
# Python
pip-autoremove
# Go
go mod tidy
Score
Total Score
55/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
○LICENSE
ライセンスが設定されている
0/10
○説明文
100文字以上の説明がある
0/10
○人気
GitHub Stars 100以上
0/15
✓最近の活動
1ヶ月以内に更新
+10
○フォーク
10回以上フォークされている
0/5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
