Purpose
Manage dependencies safely: audit for vulnerabilities, check for updates, and update with test verification.
Arguments
- •
--check— Check for outdated packages (default if no args) - •
--audit— Run security audit - •
--update— Update patch/minor versions with test verification - •
--update-major— Show available major updates (requires manual review)
Workflow
Check (--check)
- •Run
pnpm outdated - •Categorize: patch, minor, major
- •Report packages with updates available
- •Flag packages with known issues
Audit (--audit)
- •Run
pnpm audit - •Report vulnerabilities by severity (critical, high, moderate, low)
- •Suggest fixes for critical/high
- •Check for patches available
Update (--update)
- •Show packages to update (patch + minor only)
- •Ask for approval
- •Update packages:
pnpm update - •Run tests:
pnpm test - •Run build:
pnpm build - •If tests pass, commit changes
- •If tests fail, rollback and report
Major updates (--update-major)
- •List packages with major updates
- •Show changelogs/breaking changes (if available)
- •Recommend update order (dependencies first)
- •Do not auto-update — requires manual review
For universal safety rules and update priority order, see /shared-deps-safety.
Output
Check output
code
Outdated packages: Patch updates (safe): - zod: 3.22.4 → 3.22.5 - mongoose: 8.0.1 → 8.0.3 Minor updates (usually safe): - next: 14.1.0 → 14.2.1 - @types/node: 20.10.0 → 20.11.0 Major updates (review required): - eslint: 8.56.0 → 9.0.0 ⚠️ Breaking changes
Audit output
code
Security audit:
Critical: 0
High: 1
- lodash <4.17.21 (Prototype Pollution)
Fix: pnpm update lodash
Moderate: 2
Low: 3
Run `pnpm audit fix` to auto-fix where possible.
Reference
For update strategies and common issues, see reference/mern-deps-reference.md