dependency-management

aj-geddes/dependency-management

Coding

2 installs

About

SKILL.md

dependency-management

aj-geddes/dependency-management

Coding

2 installs

About

Manage project dependencies across languages including npm install, package versioning, dependency conflicts, security scanning, and lock files...

SKILL.md

Dependency Management

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Comprehensive dependency management across JavaScript/Node.js, Python, Ruby, Java, and other ecosystems. Covers version control, conflict resolution, security auditing, and best practices for maintaining healthy dependencies.

When to Use

Installing or updating project dependencies
Resolving version conflicts
Auditing security vulnerabilities
Managing lock files (package-lock.json, Gemfile.lock, etc.)
Implementing semantic versioning
Setting up monorepo dependencies
Optimizing dependency trees
Managing peer dependencies

Quick Start

Minimal working example:

# Initialize project
npm init -y

# Install dependencies
npm install express
npm install --save-dev jest
npm install --save-exact lodash  # Exact version

# Update dependencies
npm update
npm outdated  # Check for outdated packages

# Audit security
npm audit
npm audit fix

# Clean install from lock file
npm ci  # Use in CI/CD

# View dependency tree
npm list
npm list --depth=0  # Top-level only

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
Package Manager Basics	Package Manager Basics
Semantic Versioning (SemVer)	Semantic Versioning (SemVer)
Dependency Lock Files	Dependency Lock Files
Resolving Dependency Conflicts	Resolving Dependency Conflicts
Security Vulnerability Management	Security Vulnerability Management
Monorepo Dependency Management	Monorepo Dependency Management
Peer Dependencies	Peer Dependencies
Performance Optimization	Performance Optimization
CI/CD Best Practices	CI/CD Best Practices
Dependency Update Strategies	Dependency Update Strategies

Best Practices

✅ DO

Commit lock files to version control
Use npm ci or equivalent in CI/CD pipelines
Regular dependency audits (weekly/monthly)
Keep dependencies up-to-date (automate with Dependabot)
Use exact versions for critical dependencies
Document why specific versions are pinned
Test after updating dependencies
Use semantic versioning correctly
Minimize dependency count
Review dependency licenses

❌ DON'T

Manually edit lock files
Mix package managers (npm + yarn in same project)
Use npm install in CI/CD (use npm ci)
Ignore security vulnerabilities
Use wildcards (*) for versions
Install packages globally when local install is possible
Commit node_modules to git
Use latest tag in production
Blindly run npm audit fix
Install unnecessary dependencies

About

SKILL.md

About

Manage project dependencies across languages including npm install, package versioning, dependency conflicts, security scanning, and lock files...

SKILL.md

Dependency Management

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

When to Use

Installing or updating project dependencies
Resolving version conflicts
Auditing security vulnerabilities
Managing lock files (package-lock.json, Gemfile.lock, etc.)
Implementing semantic versioning
Setting up monorepo dependencies
Optimizing dependency trees
Managing peer dependencies

Quick Start

Minimal working example:

# Initialize project
npm init -y

# Install dependencies
npm install express
npm install --save-dev jest
npm install --save-exact lodash  # Exact version

# Update dependencies
npm update
npm outdated  # Check for outdated packages

# Audit security
npm audit
npm audit fix

# Clean install from lock file
npm ci  # Use in CI/CD

# View dependency tree
npm list
npm list --depth=0  # Top-level only

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
Package Manager Basics	Package Manager Basics
Semantic Versioning (SemVer)	Semantic Versioning (SemVer)
Dependency Lock Files	Dependency Lock Files
Resolving Dependency Conflicts	Resolving Dependency Conflicts
Security Vulnerability Management	Security Vulnerability Management
Monorepo Dependency Management	Monorepo Dependency Management
Peer Dependencies	Peer Dependencies
Performance Optimization	Performance Optimization
CI/CD Best Practices	CI/CD Best Practices
Dependency Update Strategies	Dependency Update Strategies

Best Practices

✅ DO

Commit lock files to version control
Use npm ci or equivalent in CI/CD pipelines
Regular dependency audits (weekly/monthly)
Keep dependencies up-to-date (automate with Dependabot)
Use exact versions for critical dependencies
Document why specific versions are pinned
Test after updating dependencies
Use semantic versioning correctly
Minimize dependency count
Review dependency licenses

❌ DON'T

Manually edit lock files
Mix package managers (npm + yarn in same project)
Use npm install in CI/CD (use npm ci)
Ignore security vulnerabilities
Use wildcards (*) for versions
Install packages globally when local install is possible
Commit node_modules to git
Use latest tag in production
Blindly run npm audit fix
Install unnecessary dependencies

dependency-management

About

SKILL.md

dependency-management

About

SKILL.md

Dependency Management

Table of Contents

Overview

When to Use

Quick Start

Reference Guides

Best Practices

✅ DO

❌ DON'T

About

SKILL.md

About

SKILL.md

Dependency Management

Table of Contents

Overview

When to Use

Quick Start

Reference Guides

Best Practices

✅ DO

❌ DON'T