dependency-management

Original：🇺🇸 English

Translated

1 scriptsChecked / no sensitive code detected

Dependency management specialist. Use when updating dependencies, scanning for vulnerabilities, analyzing dependency trees, or ensuring license compliance. Handles npm, pip, maven, and other package managers.

1installs

Source89jobrien/steve

Added on2026-02-10

NPX Install

npx skill4agent add 89jobrien/steve dependency-management

SKILL.md Content

View Translation Comparison →

Dependency Management

This skill manages project dependencies including updates, vulnerability scanning, license compliance, and dependency tree optimization.

When to Use This Skill

When updating project dependencies
When scanning for security vulnerabilities
When analyzing dependency trees
When ensuring license compliance
When resolving version conflicts
When optimizing dependency usage

What This Skill Does

Dependency Analysis: Identifies unused dependencies and version conflicts
Vulnerability Scanning: Finds and fixes known security vulnerabilities
License Compliance: Verifies dependency licenses are compatible
Safe Updates: Updates dependencies with testing and validation
Tree Optimization: Optimizes dependency trees and reduces bloat
Version Management: Resolves version conflicts and updates

Helper Scripts

This skill includes Python helper scripts in

scripts/

:

parse_dependencies.py
: Parses dependency files (package.json, requirements.txt, pyproject.toml). Outputs JSON with parsed dependencies and metadata.
bash
```
python scripts/parse_dependencies.py package.json requirements.txt
```

How to Use

Manage Dependencies

Update all dependencies and check for vulnerabilities

Scan dependencies for security issues

Specific Tasks

Check license compatibility for all dependencies

Management Process

1. Analyze Dependencies

Using Helper Script:

The skill includes a Python helper script for parsing dependency files:

bash

# Parse dependency files
python scripts/parse_dependencies.py package.json requirements.txt pyproject.toml

Package Manager Tools:

npm:
```
npm outdated
```
,
```
npm list
```
pip:
```
pip list --outdated
```
maven:
```
mvn versions:display-dependency-updates
```
gradle:
```
gradle dependencyUpdates
```

2. Scan for Vulnerabilities

Tools:

npm:
```
npm audit
```
pip:
```
pip-audit
```
maven: OWASP Dependency Check
gradle: Dependency Check plugin

3. Check Licenses

Process:

List all dependency licenses
Check compatibility with project license
Identify any incompatible licenses
Provide license report

4. Update Dependencies

Safe Update Process:

Check for updates
Review changelogs
Update incrementally
Run tests after each update
Verify functionality

Examples

Example 1: Vulnerability Scan

Input: Scan for vulnerabilities

Output:

markdown

## Dependency Vulnerability Scan

### Critical Vulnerabilities

**1. lodash (4.17.20)**
- **Severity**: High
- **Issue**: Prototype Pollution
- **Fix**: Update to 4.17.21
```bash
npm update lodash

2. express (4.16.4)

Severity: Medium
Issue: Path Traversal
Fix: Update to 4.18.2