🇺🇸English

Dependency Analyzer Skill

Step 1: Identify Dependency Files

Locate dependency files:

• package.json (Node.js)
• requirements.txt (Python)
• go.mod (Go)
• Cargo.toml (Rust)
• pom.xml (Java/Maven)

Step 2: Analyze Dependencies

Examine dependencies:

• Read dependency files
• Check versions
• Identify outdated packages
• Note version constraints

Step 3: Semantic Versioning Analysis

Analyze version numbers using semantic versioning (semver):

1. Parse version numbers :

   • Extract major.minor.patch from version strings
   • Handle version ranges (^, ~, >=, etc.)
   • Identify exact vs range versions

2. Detect major version bumps :

   • Compare current version with latest available
   • Identify major version changes (e.g., 1.x.x -> 2.x.x)
   • Flag major updates as potentially breaking

3. Check changelogs for breaking changes :

   • For major version updates : Trigger web search (Exa/WebFetch) to research breaking changes
   • Look for "BREAKING CHANGE" markers in changelogs
   • Check migration guides
   • Review release notes for breaking changes
   • Document specific breaking changes found

4. Semantic Versioning Rules :

   • Major version (X.0.0) : Breaking changes likely, requires code changes
   • Minor version (0.X.0) : New features, backward compatible
   • Patch version (0.0.X) : Bug fixes, backward compatible

5. Breaking Change Detection :

   • Parse changelog entries for breaking change indicators
   • Identify deprecated APIs
   • Check for removed features
   • Document migration requirements
   • Generate breaking change report

Step 4: Check for Updates

Check available updates:

• Query package registries
• Compare current vs latest versions
• Identify major/minor/patch updates
• Apply semantic versioning analysis
• Warn about breaking changes

Step 5: Security Audit

Check for vulnerabilities:

• Scan for known vulnerabilities
• Check security advisories
• Identify high-risk packages
• Suggest security updates

Step 6: Generate Report

Create dependency report:

• List outdated packages
• Identify breaking changes
• Suggest update strategy
• Provide migration guidance </execution_process>

Integration with Security Architect Agent :

• Reviews security vulnerabilities
• Validates security updates
• Ensures compliance

<best_practices>

1. Regular Analysis : Analyze dependencies regularly
2. Security First : Prioritize security updates
3. Test Updates : Always test after updates
4. Gradual Updates : Update incrementally
5. Document Changes : Track update decisions </best_practices>

# Dependency Health Report

## Summary

- Total Dependencies: 45
- Outdated: 12
- Vulnerable: 3
- Up to Date: 30

## Outdated Packages

- react: 18.0.0 -> 18.2.0 (minor update)
- next: 13.4.0 -> 14.0.0 (major update - breaking changes)
- typescript: 5.0.0 -> 5.3.0 (patch update)

## Security Vulnerabilities

- lodash: 4.17.20 (CVE-2021-23337) - Update to 4.17.21
- axios: 0.21.1 (CVE-2021-3749) - Update to 1.6.0

## Update Recommendations

1. Update patch versions (safe)
2. Review minor updates (low risk)
3. Plan major updates (breaking changes)

</formatting_example>

<formatting_example> Update Plan

# Dependency Update Plan

## Phase 1: Patch Updates (Safe)

- Update lodash: 4.17.20 -> 4.17.21
- Update typescript: 5.0.0 -> 5.3.0

## Phase 2: Minor Updates (Low Risk)

- Update react: 18.0.0 -> 18.2.0
- Update @types/node: 20.0.0 -> 20.10.0

## Phase 3: Major Updates (Breaking Changes)

- Update next: 13.4.0 -> 14.0.0
  - Breaking changes: [List]
  - Migration steps: [Steps]
  - Testing required: [Tests]

</formatting_example>

# Analyze dependencies
Analyze dependencies for this project

# Check for updates
Check for dependency updates

# Security audit
Perform security audit of dependencies

# Generate update plan
Generate update plan for major version updates

</usage_example>

Rules

• Always check for security vulnerabilities first
• Research breaking changes before major updates
• Test thoroughly after any dependency update

Memory Protocol (MANDATORY)

Before starting:

cat .claude/context/memory/learnings.md

After completing:

• New pattern -> .claude/context/memory/learnings.md
• Issue found -> .claude/context/memory/issues.md
• Decision made -> .claude/context/memory/decisions.md

ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.

Weekly Installs

64

Repository

oimiragieo/agent-studio

GitHub Stars

22

First Seen

Jan 27, 2026

Security Audits

Gen Agent Trust HubPassSocketPassSnykWarn

Installed on

github-copilot62

gemini-cli61

cursor61

kimi-cli60

codex60

amp60