dependency-management
About
This Claude Skill enforces exact version dependency installation across all package managers to ensure reproducible builds, supply chain security, and stability. Use it when working with dependency files like package.json, requirements.txt, or go.mod, during package installation/updates, or when configuring CI/CD pipelines. It mandates lock files, prohibits version ranges, and requires security audits before installation.
Quick Install
Claude Code
Recommended/plugin add https://github.com/KubrickCode/ai-config-toolkitgit clone https://github.com/KubrickCode/ai-config-toolkit.git ~/.claude/skills/dependency-managementCopy and paste this command in Claude Code to install this skill
Documentation
Dependency Management
Basic Principles
Always Use Exact Versions
- 고정 버전만 사용:
package@1.2.3 - 금지:
^1.2.3,~1.2.3,latest,*, version ranges - 예외: 라이브러리 peerDependencies만 허용
Lock Files Are Mandatory
- 항상 버전 관리에 커밋
- 수동 편집 금지
- CI/CD는 frozen/locked 모드 필수
Security Audit First
- 설치 전 취약점 확인
- 정기 감사 자동화
Installation Commands
# Node.js
npm install --save-exact package@1.2.3
pnpm add --save-exact package@1.2.3
yarn add --exact package@1.2.3
# Python
pip install package==1.2.3
poetry add package@1.2.3
# Go
go get package@v1.2.3
# Rust
cargo add package@=1.2.3
# PHP
composer require vendor/package:1.2.3
# Ruby (Gemfile)
gem 'package', '1.2.3'
# Java/Kotlin
implementation("group:artifact:1.2.3") # Gradle
<version>1.2.3</version> # Maven
# .NET
dotnet add package PackageName --version 1.2.3
CI/CD Commands
npm ci # npm
pnpm install --frozen-lockfile # pnpm
yarn install --frozen-lockfile # yarn
poetry install --no-update # poetry
go mod verify # go
cargo build --locked # rust
composer install --no-update # php
bundle install --frozen # ruby
dotnet restore --locked-mode # .NET
Common Mistakes
| ❌ 잘못된 사용 | ✅ 올바른 사용 |
|---|---|
npm install (CI) | npm ci |
package@latest | package@1.2.3 |
package@^1.2.3 | package@1.2.3 |
| Lock 파일 .gitignore | Lock 파일 커밋 |
| Lock 파일 수동 편집 | 패키지 매니저로 재생성 |
GitHub Repository
Related Skills
content-collections
MetaThis skill provides a production-tested setup for Content Collections, a TypeScript-first tool that transforms Markdown/MDX files into type-safe data collections with Zod validation. Use it when building blogs, documentation sites, or content-heavy Vite + React applications to ensure type safety and automatic content validation. It covers everything from Vite plugin configuration and MDX compilation to deployment optimization and schema validation.
creating-opencode-plugins
MetaThis skill provides the structure and API specifications for creating OpenCode plugins that hook into 25+ event types like commands, files, and LSP operations. It offers implementation patterns for JavaScript/TypeScript modules that intercept and extend the AI assistant's lifecycle. Use it when you need to build event-driven plugins for monitoring, custom handling, or extending OpenCode's capabilities.
langchain
MetaLangChain is a framework for building LLM applications using agents, chains, and RAG pipelines. It supports multiple LLM providers, offers 500+ integrations, and includes features like tool calling and memory management. Use it for rapid prototyping and deploying production systems like chatbots, autonomous agents, and question-answering services.
Algorithmic Art Generation
MetaThis skill helps developers create algorithmic art using p5.js, focusing on generative art, computational aesthetics, and interactive visualizations. It automatically activates for topics like "generative art" or "p5.js visualization" and guides you through creating unique algorithms with features like seeded randomness, flow fields, and particle systems. Use it when you need to build reproducible, code-driven artistic patterns.