latestaiagents/dependency-conflict-resolver
plugins/developer-toolkit/skills/debug/dependency-conflict-resolver/SKILL.md
Use this skill when resolving dependency conflicts. Activate when the user has package version conflicts, npm/yarn/pnpm install failures, peer dependency warnings, duplicate packages, or module resolution errors.
$ install --global
skillsauthnpx skillsauth add latestaiagents/agent-skills dependency-conflict-resolverInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 2:54 AM14.8s1 file scanned
SKILL.md
- name:
- dependency-conflict-resolver
- description:
- |
Dependency Conflict Resolver
Untangle and resolve package dependency conflicts.
When to Use
- Package installation fails
- Peer dependency warnings
- "Module not found" errors
- Duplicate package warnings
- Version mismatch errors
- Lock file conflicts
Common Error Types
1. Peer Dependency Conflicts
npm WARN ERESOLVE unable to resolve dependency tree
npm WARN peer react@"^17.0.0" from [email protected]
npm WARN peer react@"^18.0.0" from [email protected]
Cause: Two packages require different versions of the same peer dependency.
2. Version Conflicts
npm ERR! Could not resolve dependency:
npm ERR! peer typescript@">=4.0 <5.0" from [email protected]
npm ERR! node_modules/some-package
npm ERR! some-package@"^1.0.0" from the root project
Cause: Package requires a version range you're not using.
3. Duplicate Packages
warning "package-a" has unmet peer dependency "lodash@^4.0.0".
warning "package-b" has incorrect peer dependency "lodash@^3.0.0".
Cause: Multiple versions of the same package installed.
Diagnostic Commands
NPM
# See dependency tree
npm ls
# Find specific package
npm ls react
# Find why package is installed
npm why lodash
# Check for outdated packages
npm outdated
# Audit for issues
npm audit
Yarn
# See dependency tree
yarn list
# Find specific package
yarn why react
# Check for duplicates
yarn dedupe --check
# Interactive upgrade
yarn upgrade-interactive
PNPM
# See dependency tree
pnpm ls
# Find specific package
pnpm why react
# List all versions of a package
pnpm ls --depth Infinity | grep lodash
Resolution Strategies
Strategy 1: Update to Compatible Versions
# Find what versions are needed
npm ls react --all
# Update packages that need newer version
npm update package-a package-b
# Or install specific compatible version
npm install [email protected]
Strategy 2: Override/Resolution
NPM (package.json):
{
"overrides": {
"react": "18.2.0",
"package-a": {
"lodash": "4.17.21"
}
}
}
Yarn (package.json):
{
"resolutions": {
"react": "18.2.0",
"**/lodash": "4.17.21"
}
}
PNPM (package.json):
{
"pnpm": {
"overrides": {
"react": "18.2.0",
"lodash@^3.0.0": "4.17.21"
}
}
}
Strategy 3: Force Install (Last Resort)
# NPM - force through conflicts
npm install --legacy-peer-deps
# Or with force flag
npm install --force
# Yarn
yarn install --ignore-peer-deps
Warning: This can lead to runtime errors. Use only when you've verified compatibility.
Strategy 4: Deduplicate
# NPM
npm dedupe
# Yarn
yarn dedupe
# PNPM (automatic, but can force)
pnpm install
Debugging Deep Conflicts
Trace the Dependency Chain
# NPM - full tree
npm ls --all > deps.txt
# Find the conflict path
grep -B5 "lodash@3" deps.txt
Example output:
├─┬ [email protected]
│ └── [email protected]
├─┬ [email protected]
│ └─┬ [email protected]
│ └── [email protected] <- Conflict source
Check Package Requirements
# View package.json of installed package
cat node_modules/package-name/package.json | jq '.peerDependencies'
# Or use npm view
npm view package-name peerDependencies
Common Scenarios
Scenario 1: React Version Mismatch
npm WARN [email protected] requires react@^18.2.0, but [email protected] is installed
Solution:
# Upgrade React
npm install react@18 react-dom@18
# Or if you need React 17
npm install react-dom@17
Scenario 2: TypeScript Version
error TS2307: Cannot find module '@types/node' or its corresponding type declarations.
Solution:
# Check TypeScript version
npx tsc --version
# Install compatible types
npm install -D @types/node@ts$(npx tsc --version | cut -d' ' -f2 | cut -d'.' -f1-2)
# Or specific version
npm install -D @types/node@20
Scenario 3: Native Module Rebuild
npm ERR! node-pre-gyp ERR! build error
Solution:
# Rebuild native modules
npm rebuild
# Or for specific package
npm rebuild bcrypt
# Clear cache and reinstall
rm -rf node_modules package-lock.json
npm install
Scenario 4: Workspace Conflicts (Monorepo)
error Workspaces can only be enabled in private projects.
Solution in package.json:
{
"private": true,
"workspaces": [
"packages/*"
]
}
Lock File Conflicts
Git Merge Conflicts in Lock Files
# Don't manually resolve - regenerate
git checkout --theirs package-lock.json
npm install
# Or
rm package-lock.json
npm install
Lock File Out of Sync
# NPM
rm package-lock.json
npm install
# Yarn
rm yarn.lock
yarn install
# PNPM
rm pnpm-lock.yaml
pnpm install
Prevention
Pin Versions
{
"dependencies": {
"lodash": "4.17.21", // Exact version
"react": "^18.2.0", // Minor updates OK
"express": "~4.18.0" // Patch updates only
}
}
Use Lock Files
# Always commit lock files
git add package-lock.json # or yarn.lock, pnpm-lock.yaml
# CI should use ci command
npm ci # instead of npm install
Regular Updates
# Check for updates regularly
npm outdated
# Update incrementally
npm update
# Use tools like renovate/dependabot
AI-Assisted Resolution
Help me resolve this dependency conflict:
**Error message:**
[paste full error]
**Current package.json dependencies:**
```json
[paste dependencies]
What I've tried:
- [list attempts]
Please:
- Explain what's conflicting
- Show the dependency chain causing it
- Suggest the safest resolution
- Note any potential runtime issues
## Best Practices
1. **Read the full error** - It usually tells you what's wrong
2. **Check compatibility** - Before installing new packages
3. **Use lock files** - For reproducible installs
4. **Update regularly** - Small updates are easier than big jumps
5. **Test after resolving** - Conflicts can cause runtime issues
6. **Document workarounds** - Future you will thank you
7. **Avoid force** - Unless you understand the consequences
Related Skills
latestaiagents/skill-testing
development
VerifiedTrustedCommunity
Test skills for correct activation, content quality, and regression — both automated checks (frontmatter validity, lint) and manual verification (query-suite activation testing). Covers CI integration and how to catch skill regressions before users do. Use this skill when adding skills to a repo, setting up CI for a skill library, or debugging "the skill exists but doesn't work". Activate when: test skills, validate skills, skill CI, skill linting, skill activation test, skill regression.
2SKILL.mdUpdated Apr 23, 2026
latestaiagents/skill-frontmatter
documentation
VerifiedTrustedCommunity
Write the YAML frontmatter for a SKILL.md file so it activates reliably — name, description, and activation keywords that the model matches against. Covers length, tone, and the most common frontmatter mistakes. Use this skill when authoring a new skill, fixing a skill that isn't auto-activating, or reviewing skills for publication. Activate when: SKILL.md frontmatter, skill description, skill activation, skill YAML, write a skill, author a skill.
2SKILL.mdUpdated Apr 23, 2026
latestaiagents/skill-activation-patterns
development
VerifiedTrustedCommunity
Design skills that fire at the right moment — neither over-eager (noise) nor under-eager (silent). Covers activation specificity, trigger phrases, disambiguation between overlapping skills, and debugging activation. Use this skill when multiple skills could fire on the same query, a skill never fires, or a skill fires too often. Activate when: skill won't activate, skill over-activates, overlapping skills, skill triggers, skill selection, skill disambiguation.
2SKILL.mdUpdated Apr 23, 2026
latestaiagents/progressive-disclosure
development
VerifiedTrustedCommunity
Structure SKILL.md content so the model reads just enough — concise summary up front, progressively deeper detail, examples on demand. Covers section ordering, length budgets, when to split into multiple skills. Use this skill when writing or refactoring a skill body, one skill has grown too long, or a skill is wordy but not useful. Activate when: SKILL.md structure, skill content, skill too long, split skill, progressive disclosure, skill body.
2SKILL.mdUpdated Apr 23, 2026