Purpose
Define safe dependency management practices. Platform deps skills reference this for safety rules and workflow structure, then add platform-specific commands and procedures.
Safety rules
- •Never auto-update major versions
- •Always run tests after updates
- •Always build after updates
- •Rollback on test or build failure
- •Commit lockfile changes atomically with updated packages
- •Report breaking change warnings
Workflow structure
Check
- •List outdated packages
- •Categorize by semver: patch, minor, major
- •Report packages with updates available
- •Flag packages with known issues
Audit
- •Run security audit
- •Report vulnerabilities by severity (critical, high, moderate, low)
- •Suggest fixes for critical/high
- •Check for patches available
Update (patch + minor only)
- •Show packages to update
- •Ask for approval
- •Update packages
- •Run tests and build
- •If tests pass, commit changes
- •If tests fail, rollback and report
Major updates (report only)
- •List packages with major updates
- •Show changelogs/breaking changes if available
- •Recommend update order (dependencies first)
- •Do not auto-update — requires manual review
Update priority order
- •Type packages (
@types/*, type stubs) - •Build tools (TypeScript, ESLint, Prettier, SwiftLint)
- •Testing tools (Vitest, Jest, Playwright, Swift Testing)
- •Framework packages (Next.js, Angular, NestJS, SwiftUI dependencies)
- •Application dependencies