🇺🇸English
Paths: File paths (shared/, references/, ../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root. If shared/ is missing, fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}.
ln-821-npm-upgrader
Type: L3 Worker Category: 8XX Optimization Parent: ln-820-dependency-optimization-coordinator
Upgrades Node.js dependencies using npm, yarn, or pnpm with automatic breaking change detection and migration.
Overview
| Aspect | Details |
|---|
| Input | Project path, package manager type |
| Output | Updated package.json, lock file, migration report |
| Supports | npm, yarn (classic & berry), pnpm |
Workflow
Phases: Pre-flight → Analyze → Security Audit → Check Outdated → Identify Breaking → Apply Upgrades → Apply Migrations → Verify Build → Report
Phase 0: Pre-flight Checks
| Check | Required | Action if Missing |
|---|
| Lock file (package-lock.json, yarn.lock, pnpm-lock.yaml) | Yes | Warn and run npm install first |
| package.json | Yes | Block upgrade |
| Git clean state | Yes | Block (need clean baseline for revert) |
Workers assume coordinator (ln-820) already verified git state and created backup.
Worktree & Branch Isolation
MANDATORY READ: Load shared/references/git_worktree_fallback.md — use ln-821 row.
Phase 1: Analyze Dependencies
Read package.json and categorize dependencies for upgrade priority.
Dependency Categories
| Category | Examples | Priority |
|---|
| framework | react, vue, angular | 2 (after peer deps) |
| build | vite, webpack, esbuild | 3 |
| ui | @radix-ui/*, tailwindcss | 4 |
| state | @tanstack/react-query, zustand | 5 |
| utils | lodash, date-fns | 6 |
| dev | eslint, prettier, typescript | 7 |
| peer | @types/*, typescript | 1 (first) |
Phase 2: Security Audit
Commands
| Manager | Command |
|---|
| npm | npm audit --audit-level=high |
| yarn | yarn audit --level high |
| pnpm | pnpm audit --audit-level high |
Actions
| Severity | Action |
|---|
| Critical | Block upgrade, report |
| High | Warn, continue |
| Moderate/Low | Log only |
Phase 3: Check Outdated
Commands
| Manager | Command |
|---|
| npm | npm outdated --json |
| yarn | yarn outdated --json |
| pnpm | pnpm outdated --json |
Phase 4: Identify Breaking Changes
Detection
MANDATORY READ: Load breaking_changes_patterns.md for full patterns.
- Compare current vs latest major versions
- Check breaking_changes_patterns.md for known patterns
- Query Context7/Ref for migration guides
Common Breaking Changes
| Package | Breaking Version | Key Changes |
|---|
| react | 18 → 19 | JSX Transform, ref as prop |
| vite | 5 → 6 | ESM only, Node 18+ |
| eslint | 8 → 9 | Flat config required |
| tailwindcss | 3 → 4 | CSS-based config |
| typescript | 5.4 → 5.5+ | Stricter inference |
Phase 5: Apply Upgrades
Upgrade Order
- Peer dependencies (TypeScript, @types/*)
- Framework packages (React, Vue core)
- Build tools (Vite, webpack)
- UI libraries (after framework)
- Utilities (lodash, date-fns)
- Dev dependencies (testing, linting)
Commands
| Manager | Command |
|---|
| npm | npm install <package>@latest --save |
| yarn | yarn add <package>@latest |
| pnpm | pnpm add <package>@latest |
Peer Dependency Conflicts
| Situation | Solution |
|---|
| ERESOLVE error | npm install --legacy-peer-deps |
| Still fails | npm install --force (last resort) |
MCP Tools for Migration Search
Priority Order (Fallback Strategy)
| Priority | Tool | When to Use |
|---|
| 1 | mcp__context7__query-docs | First choice for library docs |
| 2 | mcp__Ref__ref_search_documentation | Official docs and GitHub |
| 3 | WebSearch | Latest info, community solutions |
Context7 Usage
| Step | Tool | Parameters |
|---|
| 1. Find library | mcp__context7__resolve-library-id | libraryName: "react", query: "migration guide" |
| 2. Query docs | mcp__context7__query-docs | libraryId: "/facebook/react", query: "react 18 to 19 migration" |
MCP Ref Usage
| Action | Tool | Query Example |
|---|
| Search | mcp__Ref__ref_search_documentation | "react 19 migration guide breaking changes" |
| Read | mcp__Ref__ref_read_url | URL from search results |
WebSearch Fallback
Use when Context7/Ref return no results:
"<package> <version> breaking changes migration {current_year}""<package> <error message> fix stackoverflow"
Phase 6: Apply Migrations
Process
- Use MCP tools (see section above) to find migration guide
- Apply automated code transforms via Edit tool
- Log manual migration steps for user
Do NOT apply hardcoded migrations. Always fetch current guides via MCP tools.
Phase 7: Verify Build
Commands
| Check | Command |
|---|
| TypeScript | npm run check or npx tsc --noEmit |
| Build | npm run build |
| Tests | npm test (if available) |
On Failure
- Identify failing package from error
- Search Context7/Ref for fix
- If unresolved: rollback package, continue with others
Phase 8: Report Results
Report Schema
| Field | Description |
|---|
| project | Project path |
| packageManager | npm, yarn, or pnpm |
| duration | Total time |
| upgrades.major[] | Breaking changes applied |
| upgrades.minor[] | Feature updates |
| upgrades.patch[] | Bug fixes |
| migrations[] | Applied migrations |
| skipped[] | Already latest |
| buildVerification | PASSED or FAILED |
| warnings[] | Non-blocking issues |
Configuration
Options:
# Upgrade scope
upgradeType: major # major | minor | patch
# Breaking changes
allowBreaking: true
autoMigrate: true
queryMigrationGuides: true # Use Context7/Ref
# Security
auditLevel: high # none | low | moderate | high | critical
minimumReleaseAge: 14 # days
# Peer dependencies
legacyPeerDeps: false
force: false
# Verification
runBuild: true
runTests: false
runTypeCheck: true
# Rollback
createBackup: true
rollbackOnFailure: true
Error Handling
| Error | Cause | Solution |
|---|
| ERESOLVE | Peer dep conflict | --legacy-peer-deps |
| ENOENT | Missing lock file | npm install first |
| Build fail | Breaking change | Apply migration via Context7 |
| Type errors | Version mismatch | Update @types/* |
Rollback
Restore package.json and lock file from git, then run clean install to restore previous state.
References
Definition of Done
- Lock file and package.json verified present
- Dependencies categorized and prioritized (peer deps first)
- Security audit completed (critical blocks upgrade)
- Outdated packages identified via
npm/yarn/pnpm outdated
- Breaking changes detected via breaking_changes_patterns.md and MCP tools
- Upgrades applied in priority order with rollback on failure
- Build and type checks pass after upgrades
- Report returned with major/minor/patch counts, migrations, and build status
Version: 1.1.0 Last Updated: 2026-01-10
Weekly Installs
77
Repository
levnikolaevich/…e-skills
GitHub Stars
253
First Seen
Mar 8, 2026
Security Audits
Gen Agent Trust HubPassSocketPassSnykWarn
Installed on
cursor74
gemini-cli72
github-copilot72
codex72
amp72
cline72
