From johnlindquist-claude
Manage dependencies with npm/yarn/pnpm. Use for auditing vulnerabilities, checking outdated packages, understanding dependency trees, and upgrading packages safely.
npx claudepluginhub joshuarweaver/cascade-ai-ml-engineering --plugin johnlindquist-claudeThis skill uses the workspace's default tool permissions.
Audit, analyze, and manage project dependencies.
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
Audit, analyze, and manage project dependencies.
At least one package manager:
# npm (comes with Node.js)
node --version
# yarn
npm install -g yarn
# pnpm
npm install -g pnpm
For dependency analysis:
npm install -g depcheck
# Run security audit
npm audit
# JSON output
npm audit --json
# Only production deps
npm audit --omit=dev
# Fix automatically
npm audit fix
# Fix with breaking changes (careful!)
npm audit fix --force
yarn audit
yarn audit --json
pnpm audit
pnpm audit --json
# List outdated
npm outdated
# JSON output
npm outdated --json
# Long format with details
npm outdated --long
yarn outdated
pnpm outdated
pnpm outdated --json
# Update to latest within semver range
npm update
# Update specific package
npm update lodash
# Install latest (ignoring semver)
npm install lodash@latest
# Interactive upgrade (with npm-check)
npx npm-check -u
yarn upgrade
yarn upgrade lodash
yarn upgrade lodash@latest
yarn upgrade-interactive
pnpm update
pnpm update lodash
pnpm update lodash --latest
pnpm update --interactive
# npm
npm explain lodash
npm ls lodash
# yarn
yarn why lodash
# pnpm
pnpm why lodash
npx depcheck
# JSON output
npx depcheck --json
# Ignore patterns
npx depcheck --ignores="@types/*,eslint-*"
# View package details
npm view lodash
# Specific fields
npm view lodash version
npm view lodash versions
npm view lodash dependencies
npm view lodash repository.url
# JSON output
npm view lodash --json
# Full tree
npm ls
# Specific depth
npm ls --depth=2
# Production only
npm ls --omit=dev
# Specific package
npm ls lodash
# JSON
npm ls --json
# 1. Run audit
npm audit --json > audit-report.json
# 2. Review high/critical
npm audit --audit-level=high
# 3. Auto-fix what's safe
npm audit fix
# 4. Manually review remaining
npm audit
# 1. Check what's outdated
npm outdated --json
# 2. Test current state
npm test
# 3. Update patch/minor versions (safer)
npm update
# 4. Test again
npm test
# 5. Update major versions one at a time
npm install package@latest
npm test
# 1. Find unused deps
npx depcheck
# 2. Review and remove
npm uninstall unused-package
# 3. Verify
npm test && npm run build
# Package info
npm view express
# Current version in project
npm ls express
# Who depends on it
npm explain express
# Security vulnerabilities
npm audit | grep express
# See peer deps
npm ls --json | grep peer
# Install missing peer deps
npm install missing-peer-dep
# See duplicate packages
npm ls --all | grep "deduped"
# Force dedupe
npm dedupe
# Regenerate lock file
rm package-lock.json
npm install
# Or for yarn
rm yarn.lock
yarn install
npm audit weekly or in CInpm audit fix --force can break thingsdepcheck periodically