AgentSkillsCN

dependency-management

管理 Schmock 项目的依赖关系。检查过时的软件包,安全地进行更新,验证兼容性,并执行发布前的校验工作。

SKILL.md
--- frontmatter
name: dependency-management
description: >
  Manage Schmock project dependencies. Check for outdated packages, update
  safely, verify compatibility, and run publish checks.
argument-hint: "check | update [package] | audit"
disable-model-invocation: true
allowed-tools:
  - Bash(bash .claude/skills/dependency-management/scripts/check-deps.sh *)

Schmock Dependency Management Skill

Dependency Categories

Root devDependencies

Shared tooling installed at the workspace root:

PackagePurpose
@biomejs/biomeLinting and formatting
typescriptTypeScript compiler
publintPackage publishing validation
@arethetypeswrong/cliType export validation
@vitest/coverage-v8Test coverage
bun-typesBun runtime types

Per-package Dependencies

PackageKey Deps
@schmock/coreNone (zero deps)
@schmock/schemajson-schema-faker, @faker-js/faker (dev)
@schmock/expressNone (express is peer dep)
@schmock/angularNone (angular packages are peer deps)

Peer Dependencies

Critical compatibility ranges:

PackagePeer DepRange
@schmock/expressexpress^4.18.0 || ^5.0.0
@schmock/angular@angular/core>=15.0.0
@schmock/angular@angular/common>=15.0.0
@schmock/angularrxjs^7.0.0
@schmock/schema, express, angular@schmock/core^1.0.0

Update Workflow

  1. Check outdated:

    code
    /dependency-management check
    
  2. Update specific package:

    bash
    bun update <package>
    
  3. Verify after update:

    bash
    bun check:publish    # Package exports still valid
    bun test:all         # All tests pass
    
  4. Commit the update:

    bash
    git add bun.lockb package.json packages/*/package.json
    git commit -m "chore(deps): update <package> to <version>"
    

Compatibility Rules

When updating dependencies, respect these constraints:

  • Angular peer dep range: >=15.0.0 — must support Angular 15 through latest
  • Express peer dep range: ^4.18.0 || ^5.0.0 — must support both Express 4.18+ and 5.x
  • RxJS peer dep: ^7.0.0 — Angular adapter relies on RxJS 7+ APIs
  • TypeScript must stay compatible with all packages — test with bun typecheck
  • Vitest — all packages must use the same major version

Audit

Check for known security vulnerabilities:

bash
npm audit

Commands

CommandDescription
/dependency-management checkCheck outdated + compatibility
/dependency-management update <pkg>Update a specific dependency
/dependency-management auditSecurity audit