| name | dependency-management |
| description | Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers. |
| author | Joseph OBrien |
| status | unpublished |
| updated | 2025-12-23 |
| version | 1.0.1 |
| tag | skill |
| type | skill |
Dependency Management
This skill manages project dependencies including updates, vulnerability scanning, license compliance, and dependency tree optimization.
When to Use This Skill
- When updating project dependencies
- When scanning for security vulnerabilities
- When analyzing dependency trees
- When ensuring license compliance
- When resolving version conflicts
- When optimizing dependency usage
What This Skill Does
- Dependency Analysis: Identifies unused dependencies and version conflicts
- Vulnerability Scanning: Finds and fixes known security vulnerabilities
- License Compliance: Verifies dependency licenses are compatible
- Safe Updates: Updates dependencies with testing and validation
- Tree Optimization: Optimizes dependency trees and reduces bloat
- Version Management: Resolves version conflicts and updates
Helper Scripts
This skill includes Python helper scripts in scripts/:
parse_dependencies.py: Parses dependency files (package.json, requirements.txt, pyproject.toml). Outputs JSON with parsed dependencies and metadata.python scripts/parse_dependencies.py package.json requirements.txt
How to Use
Manage Dependencies
Update all dependencies and check for vulnerabilities
Scan dependencies for security issues
Specific Tasks
Check license compatibility for all dependencies
Management Process
1. Analyze Dependencies
Using Helper Script:
The skill includes a Python helper script for parsing dependency files:
# Parse dependency files
python scripts/parse_dependencies.py package.json requirements.txt pyproject.toml
Package Manager Tools:
- npm:
npm outdated,npm list - pip:
pip list --outdated - maven:
mvn versions:display-dependency-updates - gradle:
gradle dependencyUpdates
2. Scan for Vulnerabilities
Tools:
- npm:
npm audit - pip:
pip-audit - maven: OWASP Dependency Check
- gradle: Dependency Check plugin
3. Check Licenses
Process:
- List all dependency licenses
- Check compatibility with project license
- Identify any incompatible licenses
- Provide license report
4. Update Dependencies
Safe Update Process:
- Check for updates
- Review changelogs
- Update incrementally
- Run tests after each update
- Verify functionality
Examples
Example 1: Vulnerability Scan
Input: Scan for vulnerabilities
Output:
## Dependency Vulnerability Scan
### Critical Vulnerabilities
**1. lodash (4.17.20)**
- **Severity**: High
- **Issue**: Prototype Pollution
- **Fix**: Update to 4.17.21
```bash
npm update lodash
2. express (4.16.4)
- Severity: Medium
- Issue: Path Traversal
- Fix: Update to 4.18.2
npm update express
Summary
- Total vulnerabilities: 5
- Critical: 1
- High: 2
- Medium: 2
## Reference Files
For package manager-specific commands and patterns, load reference files as needed:
- **`references/package_managers.md`** - Commands and patterns for npm, pip, Poetry, Maven, Gradle, Cargo, and common dependency management patterns
- **`references/DEPENDENCY_AUDIT.template.md`** - Dependency audit report template with vulnerabilities, outdated packages, license compliance
When working with specific package managers, load `references/package_managers.md` and refer to the relevant package manager section.
## Best Practices
### Dependency Management
1. **Regular Updates**: Update dependencies regularly
2. **Security First**: Prioritize security updates
3. **Test After Updates**: Always test after updating
4. **Lock Files**: Use lock files (package-lock.json, yarn.lock)
5. **Version Pinning**: Pin critical dependencies
## Related Use Cases
- Dependency updates
- Security vulnerability scanning
- License compliance
- Dependency tree optimization
- Version conflict resolution