Home
Categories
Content & Writing
dependency-management

dependency-management by aiskillstore

Dependency management specialist. Use when updating dependencies, scanning

Content & Writing

85 Stars

2 Forks

Updated Jan 19, 2026, 04:39 AM

Why Use This

This skill provides specialized capabilities for aiskillstore's codebase.

Use Cases

Developing new features in the aiskillstore repository
Refactoring existing code to follow aiskillstore standards
Understanding and working with aiskillstore's codebase structure

Install Guide

2 steps

1

Download Ananke

Skip this step if Ananke is already installed.
2

Install inside Ananke

Click Install Skill, paste the link below, then press Install.

https://github.com/aiskillstore/marketplace/tree/main/skills/89jobrien/dependency-management

Skill Snapshot

Auto scan of skill assets. Informational only.

Valid SKILL.md

Checks against SKILL.md specification

Source & Community

Repository marketplace

Skill Version

main

Community

85 2

Updated At Jan 19, 2026, 04:39 AM

Skill Stats

SKILL.md 178 Lines

Total Files 1

Total Size 0 B

License NOASSERTION

Raw

---
name: dependency-management
description: Dependency management specialist. Use when updating dependencies, scanning
for vulnerabilities, analyzing dependency trees, or ensuring license compliance.
Handles npm, pip, maven, and other package managers.
author: Joseph OBrien
status: unpublished
updated: '2025-12-23'
version: 1.0.1
tag: skill
type: skill
---

# Dependency Management

This skill manages project dependencies including updates, vulnerability scanning, license compliance, and dependency tree optimization.

## When to Use This Skill

- When updating project dependencies
- When scanning for security vulnerabilities
- When analyzing dependency trees
- When ensuring license compliance
- When resolving version conflicts
- When optimizing dependency usage

## What This Skill Does

1. **Dependency Analysis**: Identifies unused dependencies and version conflicts
2. **Vulnerability Scanning**: Finds and fixes known security vulnerabilities
3. **License Compliance**: Verifies dependency licenses are compatible
4. **Safe Updates**: Updates dependencies with testing and validation
5. **Tree Optimization**: Optimizes dependency trees and reduces bloat
6. **Version Management**: Resolves version conflicts and updates

## Helper Scripts

This skill includes Python helper scripts in `scripts/`:

- **`parse_dependencies.py`**: Parses dependency files (package.json, requirements.txt, pyproject.toml). Outputs JSON with parsed dependencies and metadata.

```bash
python scripts/parse_dependencies.py package.json requirements.txt
```

## How to Use

### Manage Dependencies

```
Update all dependencies and check for vulnerabilities
```

```
Scan dependencies for security issues
```

### Specific Tasks

```
Check license compatibility for all dependencies
```

## Management Process

### 1. Analyze Dependencies

**Using Helper Script:**

The skill includes a Python helper script for parsing dependency files:

```bash
# Parse dependency files
python scripts/parse_dependencies.py package.json requirements.txt pyproject.toml
```

**Package Manager Tools:**

- npm: `npm outdated`, `npm list`
- pip: `pip list --outdated`
- maven: `mvn versions:display-dependency-updates`
- gradle: `gradle dependencyUpdates`

### 2. Scan for Vulnerabilities

**Tools:**

- npm: `npm audit`
- pip: `pip-audit`
- maven: OWASP Dependency Check
- gradle: Dependency Check plugin

### 3. Check Licenses

**Process:**

- List all dependency licenses
- Check compatibility with project license
- Identify any incompatible licenses
- Provide license report

### 4. Update Dependencies

**Safe Update Process:**

1. Check for updates
2. Review changelogs
3. Update incrementally
4. Run tests after each update
5. Verify functionality

## Examples

### Example 1: Vulnerability Scan

**Input**: Scan for vulnerabilities

**Output**:

```markdown
## Dependency Vulnerability Scan

### Critical Vulnerabilities

**1. lodash (4.17.20)**
- **Severity**: High
- **Issue**: Prototype Pollution
- **Fix**: Update to 4.17.21
```bash
npm update lodash
```

**2. express (4.16.4)**

- **Severity**: Medium
- **Issue**: Path Traversal
- **Fix**: Update to 4.18.2

```bash
npm update express
```

### Summary

- **Total vulnerabilities**: 5
- **Critical**: 1
- **High**: 2
- **Medium**: 2

```

## Reference Files

For package manager-specific commands and patterns, load reference files as needed:

- **`references/package_managers.md`** - Commands and patterns for npm, pip, Poetry, Maven, Gradle, Cargo, and common dependency management patterns
- **`references/DEPENDENCY_AUDIT.template.md`** - Dependency audit report template with vulnerabilities, outdated packages, license compliance

When working with specific package managers, load `references/package_managers.md` and refer to the relevant package manager section.

## Best Practices

### Dependency Management

1. **Regular Updates**: Update dependencies regularly
2. **Security First**: Prioritize security updates
3. **Test After Updates**: Always test after updating
4. **Lock Files**: Use lock files (package-lock.json, yarn.lock)
5. **Version Pinning**: Pin critical dependencies

## Related Use Cases

- Dependency updates
- Security vulnerability scanning
- License compliance
- Dependency tree optimization
- Version conflict resolution

Name Size

SKILL.md

0 B

Source

GitHub Repository ↗ Commit main ↗ skill.extrachatgpt.com ↗