Which ecosystems does the update-dependencies skill support?

It currently supports Node.js (npm, bun, pnpm), Python (uv, poetry), and Rust (Cargo) by detecting their respective lockfiles.

How does the skill handle security vulnerabilities?

It runs a security audit as its first phase, prioritizing critical and high-severity fixes into dedicated pull requests to be merged immediately.

Does it automatically create pull requests?

Yes, after applying updates and running local tests, it uses the GitHub CLI to create formatted pull requests for each update group.

Can I review the update plan before it makes changes?

Yes, using the 'plan' command option allows the skill to analyze dependencies and design an update strategy for your approval before execution.

Does it learn from failed updates?

Yes, it logs outcomes to a local JSONL file to track which packages caused issues in the past, allowing it to warn you or suggest migration notes during future updates.

Intelligent Dependency Manager

Name: Intelligent Dependency Manager
Author: fairchild

byfairchild

•

Seguridad y Pruebas

Automates multi-ecosystem dependency updates with security-first prioritization, risk assessment, and historical outcome tracking.

This Claude Code skill provides a comprehensive workflow for managing project dependencies across Node.js, Python, and Rust ecosystems. It moves beyond simple version bumping by performing security audits, analyzing changelogs for risk assessment, and learning from previous update outcomes to avoid regressions. The skill intelligently groups updates into logical batches, manages git branches, and automates the pull request process, ensuring that project maintenance is proactive, safe, and efficient.

Características Principales

01Security-first auditing to prioritize critical vulnerability fixes

021 GitHub stars

03Multi-ecosystem support for npm, bun, pnpm, uv, poetry, and cargo

04Historical outcome logging to learn from past update successes or failures

05Risk assessment scoring based on changelog analysis and version bump depth

06Automated branch creation and GitHub PR generation for batched updates

Casos de Uso

01Batching minor and patch updates into single PRs to reduce CI/CD noise

02Managing complex major version migrations using historical data and risk scoring

03Proactive maintenance to keep projects secure and up-to-date with minimal manual effort

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add fairchild/dotclaude update-dependencies

For use in Claude.ai and ChatGPT

Download Skill