一键导入
dependency-management
This skill should be used when managing project dependencies including safe updates, security audits, and compatibility analysis.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
This skill should be used when managing project dependencies including safe updates, security audits, and compatibility analysis.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
This skill provides patterns for generating and maintaining API documentation including OpenAPI specs, endpoint documentation, and example generation.
This skill should be used when generating developer onboarding documentation including architecture overviews, setup guides, code tours, and decision records.
This skill provides patterns for safe, systematic refactoring including extract, rename, move, and simplification operations with proper testing and rollback strategies.
This skill provides patterns for identifying, categorizing, and tracking technical debt. It includes scoring methodologies, YAML schemas for tracking files, and strategies for systematic debt resolution.
This skill provides patterns and best practices for generating and organizing tests. It covers unit testing, integration testing, test data factories, and coverage strategies across multiple languages and frameworks.
基于 SOC 职业分类
| name | dependency-management |
| description | This skill should be used when managing project dependencies including safe updates, security audits, and compatibility analysis. |
Safely manage and update project dependencies.
# Node.js
npm outdated
npm audit
# Python
pip list --outdated
pip-audit
# Ruby
bundle outdated
bundle audit
# Go
go list -m -u all
govulncheck ./...
| Category | Risk | Approach |
|---|---|---|
| Patch (0.0.x) | Low | Usually safe to batch |
| Minor (0.x.0) | Medium | Review changelog, test |
| Major (x.0.0) | High | Plan migration, extensive test |
| Security | Critical | Prioritize immediately |
## Update Plan
### Immediate (Security)
- lodash: 4.17.15 → 4.17.21 (CVE-2021-23337)
- axios: 0.21.0 → 1.6.0 (CVE-2023-45857)
### This Sprint (Patch/Minor)
- jest: 29.5.0 → 29.7.0
- typescript: 5.0.4 → 5.3.0
- prettier: 3.0.0 → 3.1.0
### Planned (Major)
- react: 17.0.2 → 18.2.0 (requires migration)
- webpack: 4.x → 5.x (requires config changes)
# 1. Create update branch
git checkout -b deps/update-YYYY-MM-DD
# 2. Update one package at a time (for major updates)
npm install package@version
# 3. Run tests
npm test
# 4. Check for breaking changes
npm run build
npm run lint
# 5. Commit if passing
git commit -m "Update package to version"
# 6. Repeat or batch
Safe to batch together:
# Update all patch versions
npm update
# Update specific minor versions
npm install package1@^2.1.0 package2@^3.2.0
Update individually with testing:
## Update: typescript 5.0 → 5.3
### Changelog Review
- New decorator syntax
- Improved type inference
- Breaking: stricter null checks
### Testing Plan
1. Run type checker
2. Run full test suite
3. Build production bundle
4. Test critical flows
### Rollback Plan
```bash
npm install typescript@5.0.4
### High Risk Updates
Require dedicated migration:
```markdown
## Migration: React 17 → 18
### Breaking Changes
- New root API (createRoot)
- Automatic batching
- Strict mode behavior changes
### Migration Steps
1. Update react and react-dom
2. Update to new root API
3. Fix strict mode warnings
4. Update testing library
5. Run full test suite
6. Manual QA of critical flows
### Timeline
- Sprint 1: Core migration
- Sprint 2: Fix deprecation warnings
- Sprint 3: Adopt new features
| Level | Response Time | Action |
|---|---|---|
| Critical | Immediate | Emergency patch |
| High | 24-48 hours | Priority update |
| Medium | This sprint | Scheduled update |
| Low | Next sprint | Normal priority |
## CVE Response Checklist
- [ ] Identify affected package and version
- [ ] Check if exploitable in our usage
- [ ] Find patched version
- [ ] Test update locally
- [ ] Deploy to staging
- [ ] Verify fix with security scan
- [ ] Deploy to production
- [ ] Document in security log
## Weekly
- [ ] Check for security advisories
- [ ] Review critical dependency updates
## Monthly
- [ ] Run full dependency audit
- [ ] Update patch versions
- [ ] Review minor version updates
## Quarterly
- [ ] Plan major version migrations
- [ ] Assess unused dependencies
- [ ] Review dependency size impact
# Node.js - Find unused
npx depcheck
# Python - Find unused
pip-autoremove --list
# Review and remove
npm uninstall unused-package