Decide whether to add, keep, or remove a dependency. Use before adding any package.
Installation
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Decide whether to add, keep, or remove a dependency. Use before adding any package.
when_to_use
adding a package, a bloated lockfile, a CVE alert, "do we need this dep"
targets
["*"]
Dependency Audit
Before adding a package, ask:
Can the stdlib do it? No lodash for Array.map. No left-pad-tier packages.
Is it already in the tree? Don't add axios if the project uses fetch.
Is it alive? Last commit, open issues, maintainer responsiveness.
Cost? A 500KB dep to format a date isn't worth it. Check the install size and transitive deps.
Security? Known CVEs? Postinstall scripts?
When you do add one, justify it in the PR body. Never silently grow package.json. For existing deps: anything unused or one-function gets removed.