skills for everythingAgent Skill
2/7/2026dependency-management
Enforces fixed version dependency installation across all package managers. Ensures reproducible builds, supply chain security, and stability. Use when: installing packages, updating dependencies, working with package.json/requirements.txt/go.mod/Cargo.toml/pom.xml/build.gradle/composer.json/Gemfile/.csproj, reviewing dependency configurations, configuring CI/CD pipelines
K
kubrickcode
1GitHub Stars
1Views
npx skills add kubrickcode/workflow-toolkit
SKILL.md
| Name | dependency-management |
| Description | Enforces fixed version dependency installation across all package managers. Ensures reproducible builds, supply chain security, and stability. Use when: installing packages, updating dependencies, working with package.json/requirements.txt/go.mod/Cargo.toml/pom.xml/build.gradle/composer.json/Gemfile/.csproj, reviewing dependency configurations, configuring CI/CD pipelines |
name: dependency-management description: | Enforces fixed version dependency installation across all package managers. Ensures reproducible builds, supply chain security, and stability. Use when: installing packages, updating dependencies, working with package.json/requirements.txt/go.mod/Cargo.toml/pom.xml/build.gradle/composer.json/Gemfile/.csproj, reviewing dependency configurations, configuring CI/CD pipelines
Dependency Management
Basic Principles
Always Use Exact Versions
- Use exact versions only:
package@1.2.3 - Forbid:
^1.2.3,~1.2.3,latest,*, version ranges - Exception: Library peerDependencies only
Lock Files Are Mandatory
- Always commit to version control
- Forbid manual editing
- CI/CD must use frozen/locked mode
Security Audit First
- Check vulnerabilities before installation
- Automate regular audits
Installation Commands
# Node.js
npm install --save-exact package@1.2.3
pnpm add --save-exact package@1.2.3
yarn add --exact package@1.2.3
# Python
pip install package==1.2.3
poetry add package@1.2.3
# Go
go get package@v1.2.3
# Rust
cargo add package@=1.2.3
# PHP
composer require vendor/package:1.2.3
# Ruby (Gemfile)
gem 'package', '1.2.3'
# Java/Kotlin
implementation("group:artifact:1.2.3") # Gradle
<version>1.2.3</version> # Maven
# .NET
dotnet add package PackageName --version 1.2.3
CI/CD Commands
npm ci # npm
pnpm install --frozen-lockfile # pnpm
yarn install --frozen-lockfile # yarn
poetry install --no-update # poetry
go mod verify # go
cargo build --locked # rust
composer install --no-update # php
bundle install --frozen # ruby
dotnet restore --locked-mode # .NET
Common Mistakes
| ❌ Wrong | ✅ Correct |
|---|---|
npm install (CI) | npm ci |
package@latest | package@1.2.3 |
package@^1.2.3 | package@1.2.3 |
| Lock file in .gitignore | Commit lock file |
| Manual lock file editing | Regenerate via package manager |
Skills Info
Original Name:dependency-managementAuthor:kubrickcode
Download