ln-821-npm-upgrader
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChinesePaths: File paths (,shared/,references/) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root.../ln-*
路径: 文件路径(、shared/、references/)是相对于技能仓库根目录的。如果在当前工作目录(CWD)中未找到,请定位到本SKILL.md所在目录,然后向上一级找到仓库根目录。../ln-*
ln-821-npm-upgrader
ln-821-npm-upgrader
Type: L3 Worker
Category: 8XX Optimization
Parent: ln-820-dependency-optimization-coordinator
Upgrades Node.js dependencies using npm, yarn, or pnpm with automatic breaking change detection and migration.
类型: L3 Worker
分类: 8XX 优化
父级: ln-820-dependency-optimization-coordinator
使用npm、yarn或pnpm升级Node.js依赖,具备自动破坏性变更检测与迁移功能。
Overview
概述
| Aspect | Details |
|---|---|
| Input | Project path, package manager type |
| Output | Updated package.json, lock file, migration report |
| Supports | npm, yarn (classic & berry), pnpm |
| 方面 | 详情 |
|---|---|
| 输入 | 项目路径、包管理器类型 |
| 输出 | 更新后的package.json、锁文件、迁移报告 |
| 支持 | npm、yarn(经典版&berry版)、pnpm |
Workflow
工作流程
Phases: Pre-flight → Analyze → Security Audit → Check Outdated → Identify Breaking → Apply Upgrades → Apply Migrations → Verify Build → Report
阶段: 预检查 → 分析 → 安全审计 → 检查过时依赖 → 识别破坏性变更 → 应用升级 → 应用迁移 → 验证构建 → 生成报告
Phase 0: Pre-flight Checks
阶段0:预检查
| Check | Required | Action if Missing |
|---|---|---|
| Lock file (package-lock.json, yarn.lock, pnpm-lock.yaml) | Yes | Warn and run |
| package.json | Yes | Block upgrade |
| Git clean state | Yes | Block (need clean baseline for revert) |
Workers assume coordinator (ln-820) already verified git state and created backup.
| 检查项 | 是否必需 | 缺失时的操作 |
|---|---|---|
| 锁文件(package-lock.json、yarn.lock、pnpm-lock.yaml) | 是 | 发出警告并先运行 |
| package.json | 是 | 阻止升级 |
| Git干净状态 | 是 | 阻止升级(需要干净的基线以便回滚) |
Worker假设协调器(ln-820)已验证Git状态并创建备份。
Worktree & Branch Isolation
工作树与分支隔离
MANDATORY READ: Load — use ln-821 row.
shared/references/git_worktree_fallback.md必读: 加载 — 使用ln-821对应的行。
shared/references/git_worktree_fallback.mdPhase 1: Analyze Dependencies
阶段1:分析依赖
Read package.json and categorize dependencies for upgrade priority.
读取package.json并对依赖进行分类以确定升级优先级。
Dependency Categories
依赖分类
| Category | Examples | Priority |
|---|---|---|
| framework | react, vue, angular | 2 (after peer deps) |
| build | vite, webpack, esbuild | 3 |
| ui | @radix-ui/*, tailwindcss | 4 |
| state | @tanstack/react-query, zustand | 5 |
| utils | lodash, date-fns | 6 |
| dev | eslint, prettier, typescript | 7 |
| peer | @types/*, typescript | 1 (first) |
| 类别 | 示例 | 优先级 |
|---|---|---|
| 框架 | react、vue、angular | 2(在Peer依赖之后) |
| 构建工具 | vite、webpack、esbuild | 3 |
| UI组件库 | @radix-ui/*、tailwindcss | 4 |
| 状态管理 | @tanstack/react-query、zustand | 5 |
| 工具库 | lodash、date-fns | 6 |
| 开发依赖 | eslint、prettier、typescript | 7 |
| Peer依赖 | @types/*、typescript | 1(最先) |
Phase 2: Security Audit
阶段2:安全审计
Commands
命令
| Manager | Command |
|---|---|
| npm | |
| yarn | |
| pnpm | |
| 包管理器 | 命令 |
|---|---|
| npm | |
| yarn | |
| pnpm | |
Actions
操作
| Severity | Action |
|---|---|
| Critical | Block upgrade, report |
| High | Warn, continue |
| Moderate/Low | Log only |
| 严重程度 | 操作 |
|---|---|
| 严重(Critical) | 阻止升级并生成报告 |
| 高(High) | 发出警告并继续 |
| 中/低(Moderate/Low) | 仅记录 |
Phase 3: Check Outdated
阶段3:检查过时依赖
Commands
命令
| Manager | Command |
|---|---|
| npm | |
| yarn | |
| pnpm | |
| 包管理器 | 命令 |
|---|---|
| npm | |
| yarn | |
| pnpm | |
Phase 4: Identify Breaking Changes
阶段4:识别破坏性变更
Detection
检测方式
MANDATORY READ: Load breaking_changes_patterns.md for full patterns.
- Compare current vs latest major versions
- Check breaking_changes_patterns.md for known patterns
- Query Context7/Ref for migration guides
必读: 加载breaking_changes_patterns.md查看完整模式。
- 比较当前版本与最新主版本
- 检查breaking_changes_patterns.md中的已知模式
- 查询Context7/Ref获取迁移指南
Common Breaking Changes
常见破坏性变更
| Package | Breaking Version | Key Changes |
|---|---|---|
| react | 18 → 19 | JSX Transform, ref as prop |
| vite | 5 → 6 | ESM only, Node 18+ |
| eslint | 8 → 9 | Flat config required |
| tailwindcss | 3 → 4 | CSS-based config |
| typescript | 5.4 → 5.5+ | Stricter inference |
| 包 | 破坏性版本 | 主要变更 |
|---|---|---|
| react | 18 → 19 | JSX Transform、ref作为属性 |
| vite | 5 → 6 | 仅支持ESM、Node 18+ |
| eslint | 8 → 9 | 需要Flat配置 |
| tailwindcss | 3 → 4 | 基于CSS的配置 |
| typescript | 5.4 → 5.5+ | 更严格的类型推断 |
Phase 5: Apply Upgrades
阶段5:应用升级
Upgrade Order
升级顺序
- Peer dependencies (TypeScript, @types/*)
- Framework packages (React, Vue core)
- Build tools (Vite, webpack)
- UI libraries (after framework)
- Utilities (lodash, date-fns)
- Dev dependencies (testing, linting)
- Peer依赖(TypeScript、@types/*)
- 框架包(React、Vue核心)
- 构建工具(Vite、webpack)
- UI组件库(在框架升级之后)
- 工具库(lodash、date-fns)
- 开发依赖(测试、代码检查工具)
Commands
命令
| Manager | Command |
|---|---|
| npm | |
| yarn | |
| pnpm | |
| 包管理器 | 命令 |
|---|---|
| npm | |
| yarn | |
| pnpm | |
Peer Dependency Conflicts
Peer依赖冲突解决
| Situation | Solution |
|---|---|
| ERESOLVE error | |
| Still fails | |
| 情况 | 解决方案 |
|---|---|
| ERESOLVE错误 | |
| 仍失败 | |
MCP Tools for Migration Search
用于迁移搜索的MCP工具
Priority Order (Fallback Strategy)
优先级顺序(降级策略)
| Priority | Tool | When to Use |
|---|---|---|
| 1 | mcp__context7__query-docs | First choice for library docs |
| 2 | mcp__Ref__ref_search_documentation | Official docs and GitHub |
| 3 | WebSearch | Latest info, community solutions |
| 优先级 | 工具 | 使用场景 |
|---|---|---|
| 1 | mcp__context7__query-docs | 库文档的首选工具 |
| 2 | mcp__Ref__ref_search_documentation | 官方文档与GitHub搜索 |
| 3 | WebSearch | 获取最新信息、社区解决方案 |
Context7 Usage
Context7 使用方法
| Step | Tool | Parameters |
|---|---|---|
| 1. Find library | mcp__context7__resolve-library-id | libraryName: "react", query: "migration guide" |
| 2. Query docs | mcp__context7__query-docs | libraryId: "/facebook/react", query: "react 18 to 19 migration" |
| 步骤 | 工具 | 参数 |
|---|---|---|
| 1. 查找库 | mcp__context7__resolve-library-id | libraryName: "react", query: "migration guide" |
| 2. 查询文档 | mcp__context7__query-docs | libraryId: "/facebook/react", query: "react 18 to 19 migration" |
MCP Ref Usage
MCP Ref 使用方法
| Action | Tool | Query Example |
|---|---|---|
| Search | mcp__Ref__ref_search_documentation | "react 19 migration guide breaking changes" |
| Read | mcp__Ref__ref_read_url | URL from search results |
| 操作 | 工具 | 查询示例 |
|---|---|---|
| 搜索 | mcp__Ref__ref_search_documentation | "react 19 migration guide breaking changes" |
| 读取 | mcp__Ref__ref_read_url | 搜索结果中的URL |
WebSearch Fallback
WebSearch 降级方案
Use when Context7/Ref return no results:
"<package> <version> breaking changes migration {current_year}""<package> <error message> fix stackoverflow"
当Context7/Ref无结果时使用:
"<package> <version> breaking changes migration {current_year}""<package> <error message> fix stackoverflow"
Phase 6: Apply Migrations
阶段6:应用迁移
Process
流程
- Use MCP tools (see section above) to find migration guide
- Apply automated code transforms via Edit tool
- Log manual migration steps for user
Do NOT apply hardcoded migrations. Always fetch current guides via MCP tools.
- 使用MCP工具(见上文)查找迁移指南
- 通过Edit工具应用自动化代码转换
- 记录需要用户手动执行的迁移步骤
请勿应用硬编码的迁移逻辑。始终通过MCP工具获取最新指南。
Phase 7: Verify Build
阶段7:验证构建
Commands
命令
| Check | Command |
|---|---|
| TypeScript | |
| Build | |
| Tests | |
| 检查项 | 命令 |
|---|---|
| TypeScript 检查 | |
| 构建 | |
| 测试 | |
On Failure
失败处理
- Identify failing package from error
- Search Context7/Ref for fix
- If unresolved: rollback package, continue with others
- 从错误信息中识别失败的包
- 搜索Context7/Ref获取修复方案
- 若无法解决:回滚该包,继续处理其他包
Phase 8: Report Results
阶段8:生成结果报告
Report Schema
报告结构
| Field | Description |
|---|---|
| project | Project path |
| packageManager | npm, yarn, or pnpm |
| duration | Total time |
| upgrades.major[] | Breaking changes applied |
| upgrades.minor[] | Feature updates |
| upgrades.patch[] | Bug fixes |
| migrations[] | Applied migrations |
| skipped[] | Already latest |
| buildVerification | PASSED or FAILED |
| warnings[] | Non-blocking issues |
| 字段 | 描述 |
|---|---|
| project | 项目路径 |
| packageManager | npm、yarn或pnpm |
| duration | 总耗时 |
| upgrades.major[] | 已应用的破坏性变更 |
| upgrades.minor[] | 功能更新 |
| upgrades.patch[] | Bug修复 |
| migrations[] | 已应用的迁移 |
| skipped[] | 已是最新版本的依赖 |
| buildVerification | 通过(PASSED)或失败(FAILED) |
| warnings[] | 非阻塞问题 |
Configuration
配置
yaml
Options:
# Upgrade scope
upgradeType: major # major | minor | patch
# Breaking changes
allowBreaking: true
autoMigrate: true
queryMigrationGuides: true # Use Context7/Ref
# Security
auditLevel: high # none | low | moderate | high | critical
minimumReleaseAge: 14 # days
# Peer dependencies
legacyPeerDeps: false
force: false
# Verification
runBuild: true
runTests: false
runTypeCheck: true
# Rollback
createBackup: true
rollbackOnFailure: trueyaml
Options:
# 升级范围
upgradeType: major # major | minor | patch
# 破坏性变更
allowBreaking: true
autoMigrate: true
queryMigrationGuides: true # 使用Context7/Ref
# 安全设置
auditLevel: high # none | low | moderate | high | critical
minimumReleaseAge: 14 # 天数
# Peer依赖
legacyPeerDeps: false
force: false
# 验证设置
runBuild: true
runTests: false
runTypeCheck: true
# 回滚设置
createBackup: true
rollbackOnFailure: trueError Handling
错误处理
| Error | Cause | Solution |
|---|---|---|
| ERESOLVE | Peer dep conflict | --legacy-peer-deps |
| ENOENT | Missing lock file | npm install first |
| Build fail | Breaking change | Apply migration via Context7 |
| Type errors | Version mismatch | Update @types/* |
| 错误 | 原因 | 解决方案 |
|---|---|---|
| ERESOLVE | Peer依赖冲突 | 使用 |
| ENOENT | 缺失锁文件 | 先运行 |
| 构建失败 | 破坏性变更 | 通过Context7应用迁移 |
| 类型错误 | 版本不匹配 | 更新@types/* |
Rollback
回滚
Restore package.json and lock file from git, then run clean install to restore previous state.
从Git恢复package.json和锁文件,然后执行干净安装以恢复之前的状态。
References
参考资料
- breaking_changes_patterns.md
- npm_peer_resolution.md
- breaking_changes_patterns.md
- npm_peer_resolution.md
Definition of Done
完成标准
- Lock file and package.json verified present
- Dependencies categorized and prioritized (peer deps first)
- Security audit completed (critical blocks upgrade)
- Outdated packages identified via
npm/yarn/pnpm outdated - Breaking changes detected via breaking_changes_patterns.md and MCP tools
- Upgrades applied in priority order with rollback on failure
- Build and type checks pass after upgrades
- Report returned with major/minor/patch counts, migrations, and build status
Version: 1.1.0
Last Updated: 2026-01-10
- 已验证锁文件和package.json存在
- 依赖已分类并确定优先级(Peer依赖优先)
- 已完成安全审计(严重问题会阻止升级)
- 通过识别出过时依赖
npm/yarn/pnpm outdated - 通过breaking_changes_patterns.md和MCP工具检测到破坏性变更
- 已按优先级顺序应用升级,失败时可回滚
- 升级后构建和类型检查通过
- 已返回包含主/次/补丁版本升级数量、迁移情况和构建状态的报告
版本: 1.1.0
最后更新时间: 2026-01-10