dependency-analyzer

Dependency Analyzer Skill

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "dependency-analyzer" with this command: npx skills add oimiragieo/agent-studio/oimiragieo-agent-studio-dependency-analyzer

Dependency Analyzer Skill

Step 1: Identify Dependency Files

Locate dependency files:

  • package.json (Node.js)

  • requirements.txt (Python)

  • go.mod (Go)

  • Cargo.toml (Rust)

  • pom.xml (Java/Maven)

Step 2: Analyze Dependencies

Examine dependencies:

  • Read dependency files

  • Check versions

  • Identify outdated packages

  • Note version constraints

Step 3: Semantic Versioning Analysis

Analyze version numbers using semantic versioning (semver):

Parse version numbers:

  • Extract major.minor.patch from version strings

  • Handle version ranges (^, ~, >=, etc.)

  • Identify exact vs range versions

Detect major version bumps:

  • Compare current version with latest available

  • Identify major version changes (e.g., 1.x.x -> 2.x.x)

  • Flag major updates as potentially breaking

Check changelogs for breaking changes:

  • For major version updates: Trigger web search (Exa/WebFetch) to research breaking changes

  • Look for "BREAKING CHANGE" markers in changelogs

  • Check migration guides

  • Review release notes for breaking changes

  • Document specific breaking changes found

Semantic Versioning Rules:

  • Major version (X.0.0): Breaking changes likely, requires code changes

  • Minor version (0.X.0): New features, backward compatible

  • Patch version (0.0.X): Bug fixes, backward compatible

Breaking Change Detection:

  • Parse changelog entries for breaking change indicators

  • Identify deprecated APIs

  • Check for removed features

  • Document migration requirements

  • Generate breaking change report

Step 4: Check for Updates

Check available updates:

  • Query package registries

  • Compare current vs latest versions

  • Identify major/minor/patch updates

  • Apply semantic versioning analysis

  • Warn about breaking changes

Step 5: Security Audit

Check for vulnerabilities:

  • Scan for known vulnerabilities

  • Check security advisories

  • Identify high-risk packages

  • Suggest security updates

Step 6: Generate Report

Create dependency report:

  • List outdated packages

  • Identify breaking changes

  • Suggest update strategy

  • Provide migration guidance </execution_process>

Integration with Security Architect Agent:

  • Reviews security vulnerabilities

  • Validates security updates

  • Ensures compliance

<best_practices>

  • Regular Analysis: Analyze dependencies regularly

  • Security First: Prioritize security updates

  • Test Updates: Always test after updates

  • Gradual Updates: Update incrementally

  • Document Changes: Track update decisions </best_practices>

Dependency Health Report

Summary

  • Total Dependencies: 45
  • Outdated: 12
  • Vulnerable: 3
  • Up to Date: 30

Outdated Packages

  • react: 18.0.0 -> 18.2.0 (minor update)
  • next: 13.4.0 -> 14.0.0 (major update - breaking changes)
  • typescript: 5.0.0 -> 5.3.0 (patch update)

Security Vulnerabilities

  • lodash: 4.17.20 (CVE-2021-23337) - Update to 4.17.21
  • axios: 0.21.1 (CVE-2021-3749) - Update to 1.6.0

Update Recommendations

  1. Update patch versions (safe)
  2. Review minor updates (low risk)
  3. Plan major updates (breaking changes)

</formatting_example>

<formatting_example> Update Plan

Dependency Update Plan

Phase 1: Patch Updates (Safe)

  • Update lodash: 4.17.20 -> 4.17.21
  • Update typescript: 5.0.0 -> 5.3.0

Phase 2: Minor Updates (Low Risk)

  • Update react: 18.0.0 -> 18.2.0
  • Update @types/node: 20.0.0 -> 20.10.0

Phase 3: Major Updates (Breaking Changes)

  • Update next: 13.4.0 -> 14.0.0
    • Breaking changes: [List]
    • Migration steps: [Steps]
    • Testing required: [Tests]

</formatting_example>

Analyze dependencies

Analyze dependencies for this project

Check for updates

Check for dependency updates

Security audit

Perform security audit of dependencies

Generate update plan

Generate update plan for major version updates

</usage_example>

Rules

  • Always check for security vulnerabilities first

  • Research breaking changes before major updates

  • Test thoroughly after any dependency update

Memory Protocol (MANDATORY)

Before starting:

cat .claude/context/memory/learnings.md

After completing:

  • New pattern -> .claude/context/memory/learnings.md

  • Issue found -> .claude/context/memory/issues.md

  • Decision made -> .claude/context/memory/decisions.md

ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

filesystem

No summary provided by upstream source.

Repository SourceNeeds Review
137-oimiragieo
Automation

slack-notifications

No summary provided by upstream source.

Repository SourceNeeds Review
90-oimiragieo
Automation

chrome-browser

No summary provided by upstream source.

Repository SourceNeeds Review
89-oimiragieo
Automation

diagram-generator

No summary provided by upstream source.

Repository SourceNeeds Review
79-oimiragieo