Stats

Actions

Tags

Help us improve

Share bugs, ideas, or general feedback.

dependency-governance | architecture-governance | ClaudePluginHub

Skill

dependency-governance

From architecture-governance

Manage and optimize system dependencies (libraries, services, data). Reduce coupling, track vulnerabilities, plan deprecation. Use when managing dependency sprawl or improving system modularity.

$

npx claudepluginhub sethdford/claude-skills --plugin architect-governance

Popularity

Parent stars

13

Parent forks

2

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/architecture-governance:dependency-governance

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

Systematically manage dependencies to reduce coupling, track vulnerabilities, and maintain security.

SKILL.md

47 lines · ~786 tokens

Similar Skills

dependency-strategy

53

Audits project dependencies globally: inventories direct/transitive deps with tools like npm/pip/cargo audit, evaluates risks via matrix, plans actions (update/replace/eliminate), sets update policies.

audit-dependencies

93

Audits project dependencies for bloat, unused packages, security risks, supply-chain issues, and upgrades by building import graphs and verifying call sites in npm, pip, Cargo, Go, Ruby projects.

codebase-cleanup-deps-audit

38.2k

Analyzes project dependencies for vulnerabilities, licensing issues, outdated packages, and supply chain risks. Provides prioritized remediation strategies and upgrade paths.

1 file

antigravity-awesome-skills

Stats

Parent stars13

Parent forks2

MaintenanceFair

Last CommitMar 11, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Dependency Governance

Systematically manage dependencies to reduce coupling, track vulnerabilities, and maintain security.

Context

You are governing dependencies in the system. Reduce external library reliance, manage service dependencies, deprecate old systems. Read dependency graphs, vulnerability reports, deployment constraints.

Domain Context

Based on dependency management and architectural modularity:

Library Dependencies: Third-party code you compile into application. Vulnerability risk, maintenance burden, version conflicts.
Service Dependencies: Other services your system calls (REST, gRPC, message queues). Coupling, availability risk, latency impact.
Data Dependencies: Databases, caches, data lakes shared between systems. Schema coupling, migration complexity.
Transitive Dependencies: Dependencies of your dependencies. Hard to track, security risk. Dependency hell.

Instructions

Map Dependency Graph: What does your system depend on? List direct dependencies (libraries, services, databases). Then transitive (dependencies of dependencies).
Audit for Risk: Libraries: any known vulnerabilities? Check with OWASP, CVE databases. Services: what's the SLA? What happens if it fails? Data: can you evolve schema independently?
Reduce Coupling: Remove unused libraries. Extract service dependencies into adapters (easier to swap). Copy small utilities instead of depending on library. Use event-driven instead of direct service calls.
Version Management: Update regularly; don't skip versions (harder to jump 5 versions than 1). Automate dependency updates (dependabot, renovate). Test each update in CI before merging.
Plan Deprecation: For dependencies you want to remove, announce timeline. Give teams 6-12 months to migrate. Finally remove or mark as deprecated. Track adoption.

Anti-Patterns

Transitive Dependency Hell: 100 libraries installed, only use 5. Result: bloated, security risk, slow builds. Guard: Audit transitive deps; remove heavy frameworks for simple use cases.
Version Pinning Forever: Pin to old version to avoid updates. Result: security vulnerabilities, incompatibility with new tools. Guard: Regular updates; automate testing.
Service Coupling Without Fallback: Service A calls Service B without retry logic. Result: cascading failure. Guard: Circuit breaker, fallback, timeout; design for fault tolerance.
No Deprecation Path: Remove dependency without warning. Result: broken builds. Guard: Announce 6+ months early; provide migration guide; track adoption.

Further Reading

Working with Legacy Code by Michael Feathers — managing large dependency bases
Release It! by Michael Nygard — designing for service dependency failures
Scaling Microservices by Sam Newman — dependency patterns in distributed systems