메뉴
Use for dependency updates: update/bump deps, npm/pnpm/yarn/bun package upgrades, outdated checks, package.json updates, or taze.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Use only when explicitly asked to archive/prune/compact/roll over checked tasks from TODO.md into `.ai/todos/TODO_UNTIL_YYYY_MM_DD.md`, leaving unchecked tasks.
Use only when explicitly invoked for Git commit workflows: stage intended changes, craft Conventional Prefix Format messages by default, Natural Language messages with --natural or configured repos, commit, and optionally --all, --staged, --deep, --close, or --push.
Use for release versioning: bump/cut/tag a release, bump version, create a release, changelog updates, or version tagging.
Use for GitHub PR/issue/discussion workflows: create/update PRs or issues, post comments, start discussions; triggers include create/open PR, file/update issue, yeet.
Use to polish recently changed code: simplify for readability/maintainability and run a risk-profiled review that autonomously applies fixes. Default runs both passes; pass --simplify or --review for one. Covers code/PR review, audits, bug/security checks, reviewing diffs or changes, cleanup, refactoring, and reducing complexity.
Use for GitHub CLI automation: gh commands, repo info, workflow triggers, GitHub search, codespaces, PR status, issues, repo browsing, or command-line GitHub tasks.
| argument-hint | [--dry-run] [package ...] |
| disable-model-invocation | false |
| effort | high |
| model | opus |
| name | bump-deps |
| user-invocable | true |
| description | Use for dependency updates: update/bump deps, npm/pnpm/yarn/bun package upgrades, outdated checks, package.json updates, or taze. |
Update Node.js dependencies using taze CLI with smart prompting: auto-apply MINOR/PATCH updates, prompt for MAJOR updates individually, skip fixed-version packages.
For projects with a package-manager minimum-age policy, pass Taze's maturity-period flags so Taze filters out too-new releases before writing manifests.
When package names are provided as arguments (e.g. /bump-deps react typescript), scope all taze commands to only those packages using --include.
When --dry-run is passed (e.g. /bump-deps --dry-run or /bump-deps --dry-run react), scan for updates and present a summary table without applying any changes. See Dry Run Mode below.
Before choosing commands, check whether the target project has either:
bun.lock or bun.lockb plus bunfig.toml with [install].minimumReleaseAgeIf present, follow Minimum Release Age Mode.
The scan command in Step 1 also verifies that taze is installed.
This skill ships a run-taze.sh helper. Resolve <skill-dir> from the loaded SKILL.md path, then invoke the helper by its absolute path and run it from the target repository cwd so taze scans that project. Never cd into the skill directory; a bare scripts/run-taze.sh resolves against the target repo, which does not contain the helper.
bash "<skill-dir>/scripts/run-taze.sh"
Every <skill-dir>/scripts/run-taze.sh invocation below uses this form. Run the helper once now to confirm taze is installed. If exit code is 1, stop and inform the user that taze must be installed:
npm install -g tazebunx tazeUse this mode for projects that configure a package-manager minimum-age policy.
Taze calls this maturityPeriod:
--maturity-period [days] filters out package versions newer than the given number of days--maturity-period-exclude <packages> excludes packages from that filter, when supported by the installed Taze version# 7-day cooldown
taze major -r --maturity-period 7
For Bun minimumReleaseAge, convert seconds to whole days using a ceiling division. Example: 604800 seconds becomes --maturity-period 7. If the configured seconds are not a whole number of days, round up so Taze is not weaker than the package manager policy.
Taze v19.13.0+ auto-infers maturity periods from pnpm and Yarn workspace config, but not from Bun bunfig.toml. For Bun projects, pass --maturity-period explicitly.
When the package manager config has an exclude list, pass matching Taze excludes if available:
taze major -r --maturity-period 7 --maturity-period-exclude react,webpack
Append the same maturity flags to every Taze scan and write command in the workflow. After Taze writes manifests, run the project package manager install as usual; the package manager remains the final enforcement layer for direct and transitive resolution.
Run the helper once to discover available updates. It auto-detects monorepo projects (workspaces in package.json or pnpm-workspace.yaml) and enables recursive mode automatically.
bash "<skill-dir>/scripts/run-taze.sh"
From the taze output, categorize each package update:
| Category | Version Change | Action |
|---|---|---|
| Fixed | No ^ or ~ prefix (e.g., "1.0.0") | Skip entirely |
| PATCH | x.y.z → x.y.Z (e.g., 1.0.0 → 1.0.1) | Auto-apply |
| MINOR | x.y.z → x.Y.0 (e.g., 1.0.0 → 1.1.0) | Auto-apply |
| MAJOR | x.y.z → X.0.0 (e.g., 1.0.0 → 2.0.0) | Prompt user |
If package arguments were provided, filter to only those packages.
If --dry-run was passed, stop here — do not apply any updates. Instead, present a single markdown table summarizing all available updates and exit. The table must include every discovered package (including fixed-version packages, shown as skipped):
| Package | Current | Available | Type | Action |
|---------|---------|-----------|------|--------|
| @types/node | ^20.0.0 | ^22.0.0 | major | prompt |
| typescript | ^5.3.0 | ^5.4.0 | minor | auto-apply |
| eslint | ^8.56.0 | ^8.57.0 | patch | auto-apply |
| lucide-react | ^3.0.0 | ^4.0.0 | major | auto-apply |
| lodash | 4.17.21 | 4.18.0 | minor | skip (fixed) |
Column definitions:
major, minor, or patchauto-apply — MINOR/PATCH updates and auto-approved major packages (e.g. lucide-react)prompt — MAJOR updates that would be prompted to the userskip (fixed) — fixed-version packages that would be skippedSort the table by action priority: prompt first, then auto-apply, then skip (fixed). Within each group, sort alphabetically by package name.
After presenting the table, print a one-line summary: N updates available (M major, P minor, Q patch, F fixed-skipped) and stop. Do not proceed to Step 3 or beyond.
Identifying fixed versions: In package.json, fixed versions have no range prefix:
"lodash": "4.17.21" → skip"lodash": "^4.17.21" → processAutomatically select all MINOR/PATCH updates for application. Also automatically select approved major packages:
lucide-react (icon library with frequent major bumps, backward-compatible in practice)Do not prompt for fixed-version packages. Do not prompt for auto-approved major packages.
If no packages are selected, stop without running install.
Report the packages selected for automatic update.
For each remaining major update, use AskUserQuestion to ask the user individually:
Package: <package-name>
Current: <current-version>
Available: <new-version>
Update to major version?
Question format:
Collect all approved major updates.
After collecting user approvals, apply all selected packages in one write command. Include MINOR/PATCH updates, auto-approved major packages, and user-approved major packages:
bash "<skill-dir>/scripts/run-taze.sh" --write --include <pkg1>,<pkg2>,<pkg3>
The helper keeps the same monorepo and maturity-period flags used by the scan. It omits --include-locked in write mode so fixed-version packages remain untouched.
After applying all updates, check the root package.json for Bun workspace catalogs. Bun monorepos can centralize dependency versions using catalog and catalogs fields inside the workspaces object:
{
"workspaces": {
"packages": ["packages/*"],
"catalog": {
"react": "^19.0.0"
},
"catalogs": {
"testing": {
"jest": "^30.0.0"
}
}
}
}
Workspace packages reference these with "react": "catalog:" (default catalog) or "jest": "catalog:testing" (named catalog).
Skip this step if neither workspaces.catalog nor workspaces.catalogs exists in the root package.json.
For each package that was updated in Step 5:
workspaces.catalog — if so, update the version thereworkspaces.catalogs — if the package appears, update the version therePreserve the existing range prefix (^, ~, or none) from the catalog entry. For example, if the catalog has "react": "^19.0.0" and taze bumped react to 19.1.0, update the catalog to "react": "^19.1.0".
Use Edit to apply the version changes directly to the root package.json.
After all updates are applied, run ni to install dependencies. It auto-detects the package manager.
Taze displays updates grouped by type. Example output:
@types/node ^20.0.0 → ^22.0.0 (major)
typescript ^5.3.0 → ^5.4.0 (minor)
eslint ^8.56.0 → ^8.57.0 (patch)
The rightmost column indicates update type (major/minor/patch).
Packages shown with --include-locked that have no ^ or ~ are fixed versions—skip these entirely.
| Script | Purpose |
|---|---|
scripts/run-taze.sh | Run taze in non-interactive mode, check installation |
Supported script arguments:
--include <packages> — pass a comma-separated package list or taze include regex--concurrency <n> — pass through taze's request concurrency setting--write — write selected updates; requires --include; scan mode is the default^ or ~) indicate intentional pinning—never modify these--include flag accepts comma-separated package names or regex patternsrun-taze.sh helperworkspaces.catalog / workspaces.catalogs) are the source of truth for workspace packages using the catalog: protocol—always update catalog entries alongside regular deps