aiskillstore/dependency-management
skills/89jobrien/dependency-management/SKILL.md
Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers.
$ install --global
skillsauthnpx skillsauth add aiskillstore/marketplace dependency-managementInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 28, 2026, 1:41 PM36.4s5 files scanned
SKILL.md
- name:
- dependency-management
- description:
- Dependency management specialist. Use when updating dependencies, scanning
- author:
- Joseph OBrien
- status:
- unpublished
- updated:
- 2025-12-23
- version:
- 1.0.1
- tag:
- skill
- type:
- skill
Dependency Management
This skill manages project dependencies including updates, vulnerability scanning, license compliance, and dependency tree optimization.
When to Use This Skill
- When updating project dependencies
- When scanning for security vulnerabilities
- When analyzing dependency trees
- When ensuring license compliance
- When resolving version conflicts
- When optimizing dependency usage
What This Skill Does
- Dependency Analysis: Identifies unused dependencies and version conflicts
- Vulnerability Scanning: Finds and fixes known security vulnerabilities
- License Compliance: Verifies dependency licenses are compatible
- Safe Updates: Updates dependencies with testing and validation
- Tree Optimization: Optimizes dependency trees and reduces bloat
- Version Management: Resolves version conflicts and updates
Helper Scripts
This skill includes Python helper scripts in scripts/:
-
parse_dependencies.py: Parses dependency files (package.json, requirements.txt, pyproject.toml). Outputs JSON with parsed dependencies and metadata.python scripts/parse_dependencies.py package.json requirements.txt
How to Use
Manage Dependencies
Update all dependencies and check for vulnerabilities
Scan dependencies for security issues
Specific Tasks
Check license compatibility for all dependencies
Management Process
1. Analyze Dependencies
Using Helper Script:
The skill includes a Python helper script for parsing dependency files:
# Parse dependency files
python scripts/parse_dependencies.py package.json requirements.txt pyproject.toml
Package Manager Tools:
- npm:
npm outdated,npm list - pip:
pip list --outdated - maven:
mvn versions:display-dependency-updates - gradle:
gradle dependencyUpdates
2. Scan for Vulnerabilities
Tools:
- npm:
npm audit - pip:
pip-audit - maven: OWASP Dependency Check
- gradle: Dependency Check plugin
3. Check Licenses
Process:
- List all dependency licenses
- Check compatibility with project license
- Identify any incompatible licenses
- Provide license report
4. Update Dependencies
Safe Update Process:
- Check for updates
- Review changelogs
- Update incrementally
- Run tests after each update
- Verify functionality
Examples
Example 1: Vulnerability Scan
Input: Scan for vulnerabilities
Output:
## Dependency Vulnerability Scan
### Critical Vulnerabilities
**1. lodash (4.17.20)**
- **Severity**: High
- **Issue**: Prototype Pollution
- **Fix**: Update to 4.17.21
```bash
npm update lodash
2. express (4.16.4)
- Severity: Medium
- Issue: Path Traversal
- Fix: Update to 4.18.2
npm update express
Summary
- Total vulnerabilities: 5
- Critical: 1
- High: 2
- Medium: 2
## Reference Files
For package manager-specific commands and patterns, load reference files as needed:
- **`references/package_managers.md`** - Commands and patterns for npm, pip, Poetry, Maven, Gradle, Cargo, and common dependency management patterns
- **`references/DEPENDENCY_AUDIT.template.md`** - Dependency audit report template with vulnerabilities, outdated packages, license compliance
When working with specific package managers, load `references/package_managers.md` and refer to the relevant package manager section.
## Best Practices
### Dependency Management
1. **Regular Updates**: Update dependencies regularly
2. **Security First**: Prioritize security updates
3. **Test After Updates**: Always test after updating
4. **Lock Files**: Use lock files (package-lock.json, yarn.lock)
5. **Version Pinning**: Pin critical dependencies
## Related Use Cases
- Dependency updates
- Security vulnerability scanning
- License compliance
- Dependency tree optimization
- Version conflict resolution
Related Skills
aiskillstore/hig-components-content
development
VerifiedTrustedCommunity
Apple Human Interface Guidelines for content display components. Use this skill when the user asks about charts component, collection view, image view, web view, color well, image well, activity view, lockup, data visualization, content display, displaying images, rendering web content, color pickers, or presenting collections of items in Apple apps. Also use when the user says how should I display charts, what's the best way to show images, should I use a web view, how do I build a grid of items, what component shows media, or how do I present a share sheet. Cross-references: hig-foundations for color/typography/accessibility, hig-patterns for data visualization patterns, hig-components-layout for structural containers, hig-platforms for platform-specific component behavior.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/helpdesk-automation
tools
VerifiedTrustedCommunity
Automate HelpDesk tasks via Rube MCP (Composio): list tickets, manage views, use canned responses, and configure custom fields. Always search tools first for current schemas.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/haskell-pro
testing
VerifiedTrustedCommunity
Expert Haskell engineer specializing in advanced type systems, pure functional design, and high-reliability software. Use PROACTIVELY for type-level programming, concurrency, and architecture guidance.
244SKILL.mdUpdated Apr 10, 2026
aiskillstore/graphql
tools
VerifiedTrustedCommunity
GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully.
244SKILL.mdUpdated Apr 10, 2026