login
alistaircroll

dependencies

by @alistaircroll in DevOps & Cloud
0
0
# Install this skill:
npx skills add alistaircroll/verbose-deployment --skill "dependencies"

Install specific skill from multi-skill repository

# Description

Check and upgrade all project dependencies β€” kill zombie processes, check for outdated packages, upgrade everything to latest, apply framework migrations, run security audit, and sync the lock file. Use as Phase 2 of the deployment pipeline or when preparing a project for a clean build.

# SKILL.md

name: dependencies
description: "Check and upgrade all project dependencies β€” kill zombie processes, check for outdated packages, upgrade everything to latest, apply framework migrations, run security audit, and sync the lock file. Use as Phase 2 of the deployment pipeline or when preparing a project for a clean build."

Dependencies & Environment

Ensure dependencies are current, the environment is clean, and no known vulnerabilities exist before running tests.

Steps

1. Kill zombies

Kill any zombie processes from prior runs (dev servers, test runners, emulators, database processes). Verify all expected ports are free. Stale processes cause flaky failures downstream.

2. Check for outdated packages

npm outdated 2>&1

Adapt for the project's package manager: pip list --outdated, cargo update --dry-run, bundle outdated, etc.

3. Upgrade ALL packages to latest

Do not skip major version bumps β€” the pipeline exists to catch breakage from upgrades. Run npm install pkg@latest for each outdated package.

If an upgrade introduces breaking changes (test failures, build errors), fix them before proceeding. The only acceptable reason to skip an upgrade is if the latest version has a known critical bug with no workaround β€” document this in the report with a specific reason.

4. Apply framework migrations

After upgrading, check for framework migration steps. Major version bumps often rename conventions (e.g., config file renames, API changes, deprecated features). Consult the framework's migration guide and apply changes immediately.

5. Run security audit

npm audit

Adapt for the project's ecosystem: pip audit, cargo audit, bundle audit, etc.

If critical or high vulnerabilities have a non-breaking fix available, apply it now (npm audit fix, npm overrides, etc.). Do not proceed with known fixable vulnerabilities.

6. Sync the lock file

npm install

Ensure the lock file reflects all upgrades and is in sync with the manifest.

Collect

  • Dependency update summary: what was outdated, what version it was upgraded FROM -> TO
  • Vulnerability counts before and after fixes
  • Any packages that couldn't be updated and why (must be documented with specific reason)
  • Framework migration steps applied (e.g., file renames, config changes)

Stop Conditions

STOP if: Critical vulnerabilities exist with no available fix. Report and ask the user.

# Related Skills

sickn33
aws-serverless @sickn33

Specialized skill for building production-ready serverless applications on AWS. Covers Lambda...

β˜… 6,122

# Supported AI Coding Agents

This skill is compatible with the SKILL.md standard and works with all major AI coding agents:

⚑ Amp πŸš€ Antigravity πŸ€– Claude Code πŸ¦€ Clawdbot πŸ“ Codex ▢️ Cursor πŸ€– Droid πŸ’Ž Gemini CLI πŸ™ GitHub Copilot πŸͺΏ Goose πŸ“Š Kilo Code πŸ”§ Kiro CLI πŸ’» OpenCode 🦘 Roo Code 🌲 Trae πŸ„ Windsurf

Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.