Skill

dependency-governance

Manage and optimize system dependencies (libraries, services, data). Reduce coupling, track vulnerabilities, plan deprecation. Use when managing dependency sprawl or improving system modularity.

From architecture-governance

Install

Run in your terminal

npx claudepluginhub sethdford/claude-skills --plugin architect-governance

Tool Access

This skill uses the workspace's default tool permissions.

Skill Content

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

138.6k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

evaluation-methodology

1 file

Details PluginEval's skill quality evaluation: 3 layers (static, LLM judge), 10 dimensions, rubrics, formulas, anti-patterns, badges. Use to interpret scores, improve triggering, calibrate thresholds.

plugin-eval

32.9k

Stats

Parent Repo Stars3

Parent Repo Forks0

Last CommitMar 11, 2026

Actions

View Source View Plugin View on GitHub View README

Domain Context

Based on dependency management and architectural modularity:

Library Dependencies: Third-party code you compile into application. Vulnerability risk, maintenance burden, version conflicts.

Service Dependencies: Other services your system calls (REST, gRPC, message queues). Coupling, availability risk, latency impact.

Data Dependencies: Databases, caches, data lakes shared between systems. Schema coupling, migration complexity.

Transitive Dependencies: Dependencies of your dependencies. Hard to track, security risk. Dependency hell.

Instructions

Map Dependency Graph: What does your system depend on? List direct dependencies (libraries, services, databases). Then transitive (dependencies of dependencies).

Audit for Risk: Libraries: any known vulnerabilities? Check with OWASP, CVE databases. Services: what's the SLA? What happens if it fails? Data: can you evolve schema independently?

Reduce Coupling: Remove unused libraries. Extract service dependencies into adapters (easier to swap). Copy small utilities instead of depending on library. Use event-driven instead of direct service calls.

Version Management: Update regularly; don't skip versions (harder to jump 5 versions than 1). Automate dependency updates (dependabot, renovate). Test each update in CI before merging.

Plan Deprecation: For dependencies you want to remove, announce timeline. Give teams 6-12 months to migrate. Finally remove or mark as deprecated. Track adoption.

Anti-Patterns

Transitive Dependency Hell: 100 libraries installed, only use 5. Result: bloated, security risk, slow builds. Guard: Audit transitive deps; remove heavy frameworks for simple use cases.

Version Pinning Forever: Pin to old version to avoid updates. Result: security vulnerabilities, incompatibility with new tools. Guard: Regular updates; automate testing.

Service Coupling Without Fallback: Service A calls Service B without retry logic. Result: cascading failure. Guard: Circuit breaker, fallback, timeout; design for fault tolerance.

No Deprecation Path: Remove dependency without warning. Result: broken builds. Guard: Announce 6+ months early; provide migration guide; track adoption.

Domain Context

Based on dependency management and architectural modularity:

Library Dependencies: Third-party code you compile into application. Vulnerability risk, maintenance burden, version conflicts.

Service Dependencies: Other services your system calls (REST, gRPC, message queues). Coupling, availability risk, latency impact.

Data Dependencies: Databases, caches, data lakes shared between systems. Schema coupling, migration complexity.

Transitive Dependencies: Dependencies of your dependencies. Hard to track, security risk. Dependency hell.

Instructions

Map Dependency Graph: What does your system depend on? List direct dependencies (libraries, services, databases). Then transitive (dependencies of dependencies).

Audit for Risk: Libraries: any known vulnerabilities? Check with OWASP, CVE databases. Services: what's the SLA? What happens if it fails? Data: can you evolve schema independently?

Version Management: Update regularly; don't skip versions (harder to jump 5 versions than 1). Automate dependency updates (dependabot, renovate). Test each update in CI before merging.

Plan Deprecation: For dependencies you want to remove, announce timeline. Give teams 6-12 months to migrate. Finally remove or mark as deprecated. Track adoption.

Anti-Patterns

Transitive Dependency Hell: 100 libraries installed, only use 5. Result: bloated, security risk, slow builds. Guard: Audit transitive deps; remove heavy frameworks for simple use cases.

Version Pinning Forever: Pin to old version to avoid updates. Result: security vulnerabilities, incompatibility with new tools. Guard: Regular updates; automate testing.

Service Coupling Without Fallback: Service A calls Service B without retry logic. Result: cascading failure. Guard: Circuit breaker, fallback, timeout; design for fault tolerance.

No Deprecation Path: Remove dependency without warning. Result: broken builds. Guard: Announce 6+ months early; provide migration guide; track adoption.

dependency-governance

dependency-governance

Dependency Governance

Context

Domain Context

Instructions

Anti-Patterns

Further Reading

Dependency Governance

Context

Domain Context

Instructions

Anti-Patterns

Further Reading