package-dependency-management
CommunityMake dependency changes safe, reproducible, and compliant
Legal & Compliance#dependency management#license compatibility#vulnerability scanning#SBOM#lockfile#supply-chain security#transitive risk
Authormachenjie
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill prevents risky dependency changes by enforcing lockfile discipline, transitive risk review, license compatibility checks, and supply-chain security guardrails across ecosystems.
Core Features & Use Cases
- Dependency governance: Choose and change package-manager behavior, lockfiles, workspaces, and resolution rules with explicit justification.
- Reproducible installs: Require deterministic CI installs (e.g.,
npm ci, frozen installs, locked builds) to avoid “works on my machine” drift. - Supply-chain + compliance checks: Review transitive graphs, install-script risk, SBOM generation, vulnerability scanning, and license compatibility before merge.
- Runtime compatibility control: Detect when a dependency change implies runtime shifts and escalate accordingly.
Quick Start
Use the package-dependency-management skill to vet a proposed dependency upgrade by checking lockfile reproducibility, transitive impact, license compatibility, SBOM requirements, and vulnerability posture before approving the change.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: package-dependency-management Download link: https://github.com/machenjie/rd-skills/archive/main.zip#package-dependency-management Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.