依赖管理指南：跨语言版本控制、安全审计与冲突解决最佳实践

dependency-management by aj-geddes/useful-ai-prompts

160 周安装量

160 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill dependency-management

开发代码质量开发运维

🇨🇳中文介绍

依赖管理

概述

跨 JavaScript/Node.js、Python、Ruby、Java 及其他生态系统的全面依赖管理。涵盖版本控制、冲突解决、安全审计以及维护健康依赖关系的最佳实践。

何时使用

安装或更新项目依赖
解决版本冲突
审计安全漏洞
管理锁定文件（package-lock.json, Gemfile.lock 等）
实施语义化版本控制
设置单体仓库依赖
优化依赖树
管理对等依赖

快速开始

最小工作示例：

# 初始化项目
npm init -y

# 安装依赖
npm install express
npm install --save-dev jest
npm install --save-exact lodash  # 精确版本

# 更新依赖
npm update
npm outdated  # 检查过时的包

# 安全审计
npm audit
npm audit fix

# 根据锁定文件进行干净安装
npm ci  # 在 CI/CD 中使用

# 查看依赖树
npm list
npm list --depth=0  # 仅查看顶层依赖

参考指南

references/ 目录下的详细实现：

指南

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

🇺🇸English

Dependency Management

Overview
When to Use
Quick Start
Reference Guides
Best Practices

Overview

Comprehensive dependency management across JavaScript/Node.js, Python, Ruby, Java, and other ecosystems. Covers version control, conflict resolution, security auditing, and best practices for maintaining healthy dependencies.

When to Use

Installing or updating project dependencies
Resolving version conflicts
Auditing security vulnerabilities
Managing lock files (package-lock.json, Gemfile.lock, etc.)
Implementing semantic versioning
Setting up monorepo dependencies
Optimizing dependency trees
Managing peer dependencies

Quick Start

Minimal working example:

# Initialize project
npm init -y

# Install dependencies
npm install express
npm install --save-dev jest
npm install --save-exact lodash  # Exact version

# Update dependencies
npm update
npm outdated  # Check for outdated packages

# Audit security
npm audit
npm audit fix

# Clean install from lock file
npm ci  # Use in CI/CD

# View dependency tree
npm list
npm list --depth=0  # Top-level only

Reference Guides

Detailed implementations in the references/ directory:

Guide	Contents
Package Manager Basics	Package Manager Basics
Semantic Versioning (SemVer)	Semantic Versioning (SemVer)
Dependency Lock Files	Dependency Lock Files
Resolving Dependency Conflicts	Resolving Dependency Conflicts
Security Vulnerability Management	Security Vulnerability Management
Monorepo Dependency Management	Monorepo Dependency Management
Peer Dependencies

Best Practices

✅ DO

Commit lock files to version control
Use npm ci or equivalent in CI/CD pipelines
Regular dependency audits (weekly/monthly)
Keep dependencies up-to-date (automate with Dependabot)
Use exact versions for critical dependencies
Document why specific versions are pinned
Test after updating dependencies
Use semantic versioning correctly
Minimize dependency count
Review dependency licenses

❌ DON'T

Manually edit lock files
Mix package managers (npm + yarn in same project)
Use npm install in CI/CD (use npm ci)
Ignore security vulnerabilities
Use wildcards (*) for versions
Install packages globally when local install is possible
Commit node_modules to git
Use latest tag in production
Blindly run npm audit fix
Install unnecessary dependencies

Weekly Installs

124

Repository

aj-geddes/usefu…-prompts

GitHub Stars

127

First Seen

Jan 21, 2026

Security Audits

Gen Agent Trust HubPass SocketFail SnykPass

Installed on

opencode102

gemini-cli99

claude-code97

codex96

cursor93

github-copilot82

包管理器基础	包管理器基础
语义化版本控制 (SemVer)	语义化版本控制 (SemVer)
依赖锁定文件	依赖锁定文件
解决依赖冲突	解决依赖冲突
安全漏洞管理	安全漏洞管理
单体仓库依赖管理	单体仓库依赖管理
对等依赖	对等依赖
性能优化	性能优化
CI/CD 最佳实践	CI/CD 最佳实践
依赖更新策略	依赖更新策略