Showing 28 verified skills. 284 preview entries are hidden until we confirm a real source. Show preview skills · Why?
Safely update dependencies with changelog analysis and testing
claude install community/dependency-updaterSmart dependency updates: check for updates, read changelogs, identify breaking changes, run tests after updates, and generate upgrade reports.
This is the actual SKILL.md file that powers this skill. Copy it to install.
---
name: dependency-updater
description: |
Trigger when the user asks to update dependencies, upgrade a lib, or deal
with a vulnerable dep. Phrases: "update deps", "upgrade package",
"bump version", "security update", "dep audit".
allowed-tools:
- Read
- Bash(npm outdated *)
- Bash(pnpm outdated *)
- Bash(npm audit *)
- Bash(pnpm audit *)
- Bash(pnpm update *)
---
# Dependency Updater
Update dependencies safely. Three-tier approach: patch, minor, major.
Patch bumps are safe in bulk. Minor bumps need a test run. Majors get
their own PR each with a migration note.
## Prerequisites
- Package manager installed (pnpm, npm, yarn)
- Tests available to verify nothing broke
- Clean git working tree so changes are reviewable
## Steps
1. **Audit what's out of date:**
```bash
pnpm outdated
```
2. **Patch bumps first, in one commit:**
```bash
pnpm update --latest --depth -1 # or use --patch flag per lib
```
Run tests. If green, commit as `chore(deps): patch-level bumps`.
3. **Minor bumps next, grouped by related libs:**
```bash
pnpm update react react-dom @types/react --latest
```
Run tests + manual smoke test. Commit.
4. **Major bumps one at a time.** Each major gets:
- Its own PR
- A changelog read on the dep's repo before upgrading
- A note on any migration steps
- Full test pass
5. **Security audit:**
```bash
pnpm audit --prod
```
Fix HIGH/CRITICAL immediately. MODERATE if in prod path. LOW if convenient.
6. **Lockfile hygiene.** If you bump package.json, regenerate the lockfile.
If CI uses `--frozen-lockfile`, unsynced lockfile = broken build.
## Red flags
- A patch bump that changes hundreds of lockfile lines - something upstream
shifted; read the changelog
- A dep behind 5+ majors - likely indicates abandoned library; consider a swap
- Deprecated deps in `pnpm audit` output - plan replacement, don't ignore
- A minor bump that breaks tests - either the lib broke semver or your
tests were testing implementation details
## Output
- Series of commits, each with a clear scope (patch/minor/major by lib)
- Test suite green at each commit
- Audit report clean for HIGH/CRITICAL
- Notes on any deferred major upgrades with rationale
mkdir -p ~/.claude/skills/dependency-updater~/.claude/skills/dependency-updater/SKILL.mdResulting file structure:
~/.claude/
skills/
dependency-updater/
SKILL.md <-- skill definitionSkills are loaded automatically by Claude Code when you start a new session. The skill name and description in the frontmatter determine when Claude triggers it.
Recommended from shared domain, career, and tool overlap with Dependency Updater
Measure code complexity and find the best refactoring targets
Both used by Software Engineer
Generate typed API clients and webhook handlers from specs
Both used by Software Engineer
Find performance bottlenecks and memory leaks with fix suggestions
Both used by Software Engineer
Build RAG pipelines with embedding, retrieval, and cited generation
Both used by Software Engineer
Query databases, inspect schemas, and explore data from your AI editor
Both used by Software Engineer
Generate mock API servers with realistic data from OpenAPI specs
Both used by Software Engineer
Dependency Updater