Skills
skills/oimiragieo/agent-studio/dependency-analyzer

dependency-analyzer

SKILL.md

Dependency Analyzer Skill

Step 1: Identify Dependency Files

Locate dependency files:

  • package.json (Node.js)
  • requirements.txt (Python)
  • go.mod (Go)
  • Cargo.toml (Rust)
  • pom.xml (Java/Maven)

Step 2: Analyze Dependencies

Examine dependencies:

  • Read dependency files
  • Check versions
  • Identify outdated packages
  • Note version constraints

Step 3: Semantic Versioning Analysis

Analyze version numbers using semantic versioning (semver):

  1. Parse version numbers:

    • Extract major.minor.patch from version strings
    • Handle version ranges (^, ~, >=, etc.)
    • Identify exact vs range versions

  2. Detect major version bumps:

    • Compare current version with latest available
    • Identify major version changes (e.g., 1.x.x -> 2.x.x)
    • Flag major updates as potentially breaking

  3. Check changelogs for breaking changes:

    • For major version updates: Trigger web search (Exa/WebFetch) to research breaking changes
    • Look for "BREAKING CHANGE" markers in changelogs
    • Check migration guides
    • Review release notes for breaking changes
    • Document specific breaking changes found

  4. Semantic Versioning Rules:

    • Major version (X.0.0): Breaking changes likely, requires code changes
    • Minor version (0.X.0): New features, backward compatible
    • Patch version (0.0.X): Bug fixes, backward compatible

  5. Breaking Change Detection:

    • Parse changelog entries for breaking change indicators
    • Identify deprecated APIs
    • Check for removed features
    • Document migration requirements
    • Generate breaking change report

Step 4: Check for Updates

Check available updates:

  • Query package registries
  • Compare current vs latest versions
  • Identify major/minor/patch updates
  • Apply semantic versioning analysis
  • Warn about breaking changes

Step 5: Security Audit

Check for vulnerabilities:

  • Scan for known vulnerabilities
  • Check security advisories
  • Identify high-risk packages
  • Suggest security updates

Step 6: Generate Report

Create dependency report:

  • List outdated packages
  • Identify breaking changes
  • Suggest update strategy
  • Provide migration guidance </execution_process>

Integration with Security Architect Agent:

  • Reviews security vulnerabilities
  • Validates security updates
  • Ensures compliance

<best_practices>

  1. Regular Analysis: Analyze dependencies regularly
  2. Security First: Prioritize security updates
  3. Test Updates: Always test after updates
  4. Gradual Updates: Update incrementally
  5. Document Changes: Track update decisions </best_practices> 
# Dependency Health Report

## Summary

- Total Dependencies: 45
- Outdated: 12
- Vulnerable: 3
- Up to Date: 30

## Outdated Packages

- react: 18.0.0 -> 18.2.0 (minor update)
- next: 13.4.0 -> 14.0.0 (major update - breaking changes)
- typescript: 5.0.0 -> 5.3.0 (patch update)

## Security Vulnerabilities

- lodash: 4.17.20 (CVE-2021-23337) - Update to 4.17.21
- axios: 0.21.1 (CVE-2021-3749) - Update to 1.6.0

## Update Recommendations

1. Update patch versions (safe)
2. Review minor updates (low risk)
3. Plan major updates (breaking changes)

</formatting_example>

<formatting_example> Update Plan

# Dependency Update Plan

## Phase 1: Patch Updates (Safe)

- Update lodash: 4.17.20 -> 4.17.21
- Update typescript: 5.0.0 -> 5.3.0

## Phase 2: Minor Updates (Low Risk)

- Update react: 18.0.0 -> 18.2.0
- Update @types/node: 20.0.0 -> 20.10.0

## Phase 3: Major Updates (Breaking Changes)

- Update next: 13.4.0 -> 14.0.0
  - Breaking changes: [List]
  - Migration steps: [Steps]
  - Testing required: [Tests]

</formatting_example> 

# Analyze dependencies
Analyze dependencies for this project

# Check for updates
Check for dependency updates

# Security audit
Perform security audit of dependencies

# Generate update plan
Generate update plan for major version updates

</usage_example>

Rules

  • Always check for security vulnerabilities first
  • Research breaking changes before major updates
  • Test thoroughly after any dependency update

Memory Protocol (MANDATORY)

Before starting:

cat .claude/context/memory/learnings.md

After completing:

  • New pattern -> .claude/context/memory/learnings.md
  • Issue found -> .claude/context/memory/issues.md
  • Decision made -> .claude/context/memory/decisions.md

ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.

Weekly Installs
53
Repository
oimiragieo/agent-studio
GitHub Stars
16
First Seen
Jan 27, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn
Installed on
github-copilot51
gemini-cli50
cursor50
kimi-cli49
amp49
codex49