/deps
Audit, update, and manage project dependencies safely.
Usage
code
/deps [action] [package] [--security] [--outdated]
Arguments
- •
action:audit,update,add,remove,outdated(default:audit) - •
package: Specific package name (for add/remove/update) - •
--security: Focus on security vulnerabilities only - •
--outdated: Show only outdated packages
Instructions
When this skill is invoked:
Agent Behavior
Autonomy:
- •Complete dependency operations end-to-end
- •Verify changes don't break the build
- •Run tests after updates
Safety:
- •Never auto-update major versions without confirmation
- •Always check for breaking changes
- •Create atomic commits for dependency changes
Actions
Audit (/deps audit)
Check for security vulnerabilities and issues:
- •Read
prd/00_technology.mdfor audit commands - •Run security audit:
bash
# Commands vary by stack (see prd/00_technology.md) {dependency_audit_command} - •Categorize findings by severity
- •Suggest remediations
Outdated (/deps outdated)
List packages with available updates:
- •
Check for updates:
bash{outdated_command} - •
Categorize by update type:
- •Patch updates (safe)
- •Minor updates (usually safe)
- •Major updates (review changelog)
- •
Present update plan
Update (/deps update [package])
Update dependencies safely:
- •
If specific package:
bash{update_package_command} <package> - •
If all packages (patch/minor only):
bash{update_all_command} - •
Verify after update:
bash{install_command} {test_command} {build_command} - •
Create commit:
codechore(deps): update <package> to <version>
Add (/deps add <package>)
Add new dependency:
- •Check if already installed
- •Verify package legitimacy:
- •Check download stats
- •Check maintenance status
- •Check for known vulnerabilities
- •Install:
bash
{add_package_command} <package> - •Verify installation:
bash
{test_command}
Remove (/deps remove <package>)
Remove dependency:
- •Check for usages in codebase
- •Warn if package is used
- •Remove:
bash
{remove_package_command} <package> - •Clean up imports if needed
- •Verify:
bash
{test_command}
Dependency Report Format
markdown
## Dependency Audit Report **Date:** YYYY-MM-DD **Total packages:** X **Direct dependencies:** Y **Vulnerabilities found:** Z ### Security Vulnerabilities | Severity | Package | Current | Fixed In | CVE | |----------|---------|---------|----------|-----| | High | lodash | 4.17.15 | 4.17.21 | CVE-2021-23337 | | Medium | axios | 0.21.0 | 0.21.1 | CVE-2021-3749 | ### Outdated Packages | Package | Current | Latest | Type | |---------|---------|--------|------| | react | 17.0.2 | 18.2.0 | Major | | typescript | 4.9.5 | 5.3.2 | Major | | jest | 29.5.0 | 29.7.0 | Minor | ### Recommendations 1. **Immediate**: Update lodash to fix high severity CVE 2. **Soon**: Update axios for security patch 3. **Plan**: Evaluate React 18 migration
Update Safety Rules
- •Patch updates (1.0.0 → 1.0.1): Auto-update OK
- •Minor updates (1.0.0 → 1.1.0): Auto-update with tests
- •Major updates (1.0.0 → 2.0.0): Review changelog, confirm
Lockfile Handling
- •Always commit lockfile changes
- •Never manually edit lockfiles
- •Regenerate if conflicts occur
Example Output
code
$ /deps audit --security Auditing dependencies... Package manager: npm Total packages: 245 (42 direct, 203 transitive) Security Scan Results: 🔴 High Severity (1) ━━━━━━━━━━━━━━━━━━━ lodash@4.17.15 CVE-2021-23337: Prototype pollution Fixed in: 4.17.21 Recommendation: npm update lodash 🟡 Medium Severity (2) ━━━━━━━━━━━━━━━━━━━━━ axios@0.21.0 CVE-2021-3749: ReDoS vulnerability Fixed in: 0.21.1 minimist@1.2.5 CVE-2021-44906: Prototype pollution Fixed in: 1.2.6 🟢 Low Severity (0) ━━━━━━━━━━━━━━━━━━━━━ Summary: 3 vulnerabilities found - 1 high (action required) - 2 medium (update soon) Suggested fix: npm update lodash axios minimist Run `/deps update` to apply security patches.