Can I run this skill with uncommitted changes in my repository?

As a safety precaution, the skill performs a pre-flight check and will block the upgrade if there are uncommitted changes, requiring you to commit or stash your work first.

Which package managers are supported by this skill?

The Dependency Upgrader supports a wide range of managers including npm, yarn, pnpm for Node.js; NuGet for .NET; and pip, Poetry, and Pipenv for Python projects.

Does it handle breaking changes automatically?

Yes, it identifies major version upgrades as breaking changes. You can configure it to allow or block these changes, and it can even attempt to apply known migrations.

What happens if the build fails after an upgrade?

The skill includes a verification phase that runs build commands. If a failure is detected, it automatically rolls back the problematic package to its previous version to keep your project stable.

How does it protect against malicious packages?

It follows security best practices by running security audits and enforcing a 14-day minimum release age, which allows time for the community to identify and pull malicious packages from registries.

Dependency Upgrader

Name: Dependency Upgrader
Author: levnikolaevich

bylevnikolaevich

•

セキュリティとテスト

Automates dependency updates across multiple languages and package managers with security audits and build verification.

This skill coordinates the entire lifecycle of upgrading project dependencies, supporting ecosystem-specific tools for Node.js, Python, and .NET. It prioritizes project stability by performing pre-flight git checks, auditing for security vulnerabilities, enforcing a 14-day minimum release age to avoid supply-chain attacks, and automatically rolling back changes if the post-upgrade build fails. It is an essential tool for maintaining production-ready codebases, ensuring they stay secure and up-to-date with minimal manual intervention while providing detailed reports on all changes.

主な機能

01Detailed reporting of successful upgrades, breaking changes, and build status

02Automatic build verification and rollback on failure to ensure project stability

03Supply chain protection via configurable 14-day minimum release age checks

04Multi-stack support for npm, yarn, pnpm, NuGet, pip, Poetry, and Pipenv

05Automated security audits that block upgrades with critical vulnerabilities

0638 GitHub stars

ユースケース

01Performing routine maintenance on large polyglot monorepos with multiple package managers

02Upgrading project dependencies to major versions while automatically verifying build integrity

03Securing a project by identifying and patching critical dependency vulnerabilities

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add levnikolaevich/claude-code-skills ln-710-dependency-upgrader

For use in Claude.ai and ChatGPT

Download Skill