メニュー
Dependency updates, major version upgrades, and breaking change resolution. Use when updating packages or handling deprecations.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | migrate |
| description | Dependency updates, major version upgrades, and breaking change resolution. Use when updating packages or handling deprecations. |
| triggers | ["migrate","upgrade","update deps","outdated"] |
| allowed-tools | Bash, Read, Write, Edit, Grep, Glob |
| model | opus |
| user-invocable | true |
| argument-hint | [package name or 'all'] |
Safe dependency updates with breaking change detection and resolution.
| Command | What It Does |
|---|---|
migrate | Check all outdated deps, suggest updates |
migrate all | Update all safe deps (patch + minor) |
migrate react | Update specific package |
upgrade | Same as migrate |
outdated | Just show outdated deps, no changes |
# List outdated packages
npm outdated 2>/dev/null || true
# Check for known vulnerabilities
npm audit --json 2>/dev/null | node -e "const d=require('fs').readFileSync(0,'utf8');try{const a=JSON.parse(d);console.log('Vulnerabilities:',a.metadata?.vulnerabilities?.total||0)}catch{}"
# Current package counts
node -e "const p=require('./package.json');console.log('deps:',Object.keys(p.dependencies||{}).length,'devDeps:',Object.keys(p.devDependencies||{}).length)"
Sort all outdated packages into safety tiers:
| Tier | Type | Action |
|---|---|---|
| Safe | Patch updates (1.2.3 → 1.2.4) | Auto-update |
| Safe | Minor updates (1.2.3 → 1.3.0) | Auto-update |
| Review | Major updates (1.x → 2.x) | Check changelog for breaking changes |
| Critical | Security vulnerabilities | Prioritize regardless of version jump |
| Skip | Pinned for a reason | Check if pin reason still applies |
# Update all patch and minor versions
npx npm-check-updates -u --target minor
npm install
# Verify nothing broke
npm run typecheck 2>/dev/null
npm run build
npm test -- --passWithNoTests --watchAll=false 2>/dev/null
If any check fails, revert and update one package at a time to isolate the issue.
For each major update:
Read the changelog/migration guide:
# Check the package's release notes
npm info [package] changelog 2>/dev/null || echo "Check GitHub releases"
If mcp__plugin_context7_context7__* tools are available, prefer them over WebSearch for version-specific breaking changes:
resolve-library-id({ libraryName: "Next.js", query: "migrating from 14 to 15" })
query-docs({ libraryId: "/vercel/next.js/v15.3.0", query: "breaking changes from v14" })
Context7 returns version-pinned docs, which avoids the common trap of applying stale migration advice from old blog posts.
Update and test:
npm install [package]@latest
npm run typecheck 2>/dev/null
npm run build
Fix breaking changes — common patterns:
| Breaking Change | How to Fix |
|---|---|
| API renamed | Find-and-replace old → new names |
| Config format changed | Update config file to new schema |
| Peer dep mismatch | Update related packages together |
| Type signature changed | Update interfaces and type assertions |
| Removed feature | Replace with recommended alternative |
Commit separately — one commit per major update for easy revert
# Auto-fix what's safe
npm audit fix
# For breaking fixes that need major updates
npm audit fix --force --dry-run # Preview first
Review --force changes before applying — they may introduce breaking changes.
Dependency Migration
═══════════════════
Updated: [N] packages
- [N] patch updates (safe)
- [N] minor updates (safe)
- [N] major updates (breaking changes resolved)
- [N] security fixes
Skipped: [N] packages
- [package]: pinned at X.Y.Z because [reason]
Vulnerabilities: [before] → [after]
All checks pass: typecheck ✓ build ✓ tests ✓
Show token / tool usage stats from the local telemetry log. Use when you want to know "which tools am I burning context on", "which skills are expensive", or "was yesterday's session mostly Read/Grep or actually productive".
Parallel quality audit with 7 specialized agents (Opus). Finds bugs, violations, and quality issues. Use audit for fixes, brainstorm for features.
Manage environment variables with Doppler — auto-install CLI, login, link projects, wrap commands with `doppler run`. Replaces scattered .env files with a hub/spoke architecture.
Scaffolds new projects or onboards existing ones. Detects stack, creates monorepo/single-app, configures strict tooling. Use for greenfield or first-time setup.
Archives completed stories from prd.json to reduce token usage.
Autonomous task execution with testing and security. Works through all tasks without stopping.