Stats
Actions
Available In
Tags
Plugin
managing-dependencies
Audit dependencies across npm, pip, Cargo, Bundler, and Go: scan for vulnerabilities, review lockfiles, compare package alternatives, evaluate trustworthiness, and manage supply chain security risks.
README
managing-dependencies
A skill for evaluating packages and managing dependencies securely.
Works with Claude Code, Codex CLI, and other agents supporting the Agent Skills format.
Installation
/plugin marketplace add andrew/managing-dependencies
/plugin install managing-dependencies@managing-dependencies
Or copy SKILL.md to your skills directory manually:
# Claude Code
mkdir -p ~/.claude/skills/managing-dependencies
cp skills/managing-dependencies/SKILL.md ~/.claude/skills/managing-dependencies/
# Codex CLI
mkdir -p ~/.codex/skills/managing-dependencies
cp skills/managing-dependencies/SKILL.md ~/.codex/skills/managing-dependencies/
# Project-specific (Claude Code)
mkdir -p .claude/skills/managing-dependencies
cp skills/managing-dependencies/SKILL.md .claude/skills/managing-dependencies/
# Project-specific (Codex CLI)
mkdir -p .codex/skills/managing-dependencies
cp skills/managing-dependencies/SKILL.md .codex/skills/managing-dependencies/
What it does
Provides guidance for:
- Evaluating packages before adding them
- Detecting typosquatting and dependency confusion
- Managing lockfiles and version constraints
- Running security audits
- Reviewing dependency changes in PRs
Usage
The skill activates automatically when you ask Claude Code about dependencies, packages, or supply chain security. Examples:
- "Should I add lodash or write this myself?"
- "Review the lockfile changes in this PR"
- "Audit this project's dependencies"
- "Is this package trustworthy?"
License
CC0 1.0 - Public domain
Stats
Version1.0.0
Stars15
MaintenanceGood
LicenseCC0-1.0
Last Commit
Added
Available In
