Purpose
Define safe dependency management practices. Platform deps skills reference this for safety rules and workflow structure, then add platform-specific commands and procedures.
Safety rules
- Never auto-update major versions
- Always run tests after updates
- Always build after updates
- Rollback on test or build failure
- Commit lockfile changes atomically with updated packages
- Report breaking change warnings
Workflow structure
Check
- List outdated packages
- Categorize by semver: patch, minor, major
- Report packages with updates available
- Flag packages with known issues
Audit
- Run security audit
- Report vulnerabilities by severity (critical, high, moderate, low)
- Suggest fixes for critical/high
- Check for patches available
Update (patch + minor only)
- Show packages to update
- Ask for approval
- Update packages
- Run tests and build
- If tests pass, commit changes
- If tests fail, rollback and report
Major updates (report only)
- List packages with major updates
- Show changelogs/breaking changes if available
- Recommend update order (dependencies first)
- Do not auto-update — requires manual review
Update priority order
- Type packages (
@types/*, type stubs) - Build tools (TypeScript, ESLint, Prettier, SwiftLint)
- Testing tools (Vitest, Jest, Playwright, Swift Testing)
- Framework packages (Next.js, Angular, NestJS, SwiftUI dependencies)
- Application dependencies