What happens after I remove a dependency?

The skill performs a codebase search (grep) to ensure no import statements still reference the removed package, preventing runtime errors after uninstallation.

Does this skill support the uv package manager?

Yes, the skill prioritizes uv for faster installations and synchronization if it is available in your environment, falling back to standard pip when necessary.

Can it help reduce Docker image size or environment bloat?

Yes, by using the '/deps unused' command, the skill identifies packages that are installed but never imported in your code, allowing you to safely remove them.

Which dependency file formats are supported?

It supports all major Python standards including requirements.txt, pyproject.toml, Pipfile, and setup.py.

How does the security audit feature work?

The skill utilizes pip-audit to scan your project's dependencies against known vulnerability databases, reporting CVE IDs, severity levels, and providing commands to update to fixed versions.

Python Dependency Manager

Name: Python Dependency Manager
Author: shouenlee

byshouenlee

0•

安全与测试

Manages Python project dependencies by adding, removing, auditing for security vulnerabilities, and identifying unused packages.

The Python Dependency Manager skill streamlines the management of project dependencies across multiple formats including pyproject.toml, requirements.txt, Pipfile, and setup.py. It automates the routine tasks of keeping dependency files in sync with installed packages, performing security audits using pip-audit to catch known vulnerabilities, and scanning source code to identify redundant packages that bloat the environment. By integrating security checks and import verification directly into the workflow, it ensures a leaner, safer, and more maintainable Python codebase while supporting high-performance tools like uv.

主要功能

01Automated dependency synchronization for pyproject.toml, requirements.txt, and more

02Smart codebase scanning to identify and remove unused third-party packages

03Support for high-performance package management via uv with pip fallback

04Post-action verification to ensure imports work and no broken references remain

05Deep security auditing using pip-audit to detect and report known CVEs

060 GitHub stars

使用场景

01Performing routine security audits to patch vulnerable packages with recommended fixes

02Adding a new library while ensuring no security vulnerabilities are introduced

03Cleaning up legacy projects by identifying and removing redundant or unused dependencies

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add shouenlee/ghcp-dev-plugin dep_manager

For use in Claude.ai and ChatGPT

主要功能

01Automated dependency synchronization for pyproject.toml, requirements.txt, and more

02Smart codebase scanning to identify and remove unused third-party packages

03Support for high-performance package management via uv with pip fallback

04Post-action verification to ensure imports work and no broken references remain

05Deep security auditing using pip-audit to detect and report known CVEs

060 GitHub stars

使用场景

01Performing routine security audits to patch vulnerable packages with recommended fixes

02Adding a new library while ensuring no security vulnerabilities are introduced

03Cleaning up legacy projects by identifying and removing redundant or unused dependencies