dependency-management
About
This Claude Skill enforces exact version dependency installation across all package managers to ensure reproducible builds, supply chain security, and stability. Use it when working with dependency files like package.json, requirements.txt, or go.mod, during package installation/updates, or when configuring CI/CD pipelines. It mandates lock files, prohibits version ranges, and requires security audits before installation.
Documentation
Dependency Management
Basic Principles
Always Use Exact Versions
- 고정 버전만 사용:
[email protected] - 금지:
^1.2.3,~1.2.3,latest,*, version ranges - 예외: 라이브러리 peerDependencies만 허용
Lock Files Are Mandatory
- 항상 버전 관리에 커밋
- 수동 편집 금지
- CI/CD는 frozen/locked 모드 필수
Security Audit First
- 설치 전 취약점 확인
- 정기 감사 자동화
Installation Commands
# Node.js
npm install --save-exact [email protected]
pnpm add --save-exact [email protected]
yarn add --exact [email protected]
# Python
pip install package==1.2.3
poetry add [email protected]
# Go
go get [email protected]
# Rust
cargo add package@=1.2.3
# PHP
composer require vendor/package:1.2.3
# Ruby (Gemfile)
gem 'package', '1.2.3'
# Java/Kotlin
implementation("group:artifact:1.2.3") # Gradle
<version>1.2.3</version> # Maven
# .NET
dotnet add package PackageName --version 1.2.3
CI/CD Commands
npm ci # npm
pnpm install --frozen-lockfile # pnpm
yarn install --frozen-lockfile # yarn
poetry install --no-update # poetry
go mod verify # go
cargo build --locked # rust
composer install --no-update # php
bundle install --frozen # ruby
dotnet restore --locked-mode # .NET
Common Mistakes
| ❌ 잘못된 사용 | ✅ 올바른 사용 |
|---|---|
npm install (CI) | npm ci |
package@latest | [email protected] |
package@^1.2.3 | [email protected] |
| Lock 파일 .gitignore | Lock 파일 커밋 |
| Lock 파일 수동 편집 | 패키지 매니저로 재생성 |
Quick Install
/plugin add https://github.com/KubrickCode/ai-config-toolkit/tree/main/dependency-managementCopy and paste this command in Claude Code to install this skill
GitHub 仓库
Related Skills
langchain
MetaLangChain is a framework for building LLM applications using agents, chains, and RAG pipelines. It supports multiple LLM providers, offers 500+ integrations, and includes features like tool calling and memory management. Use it for rapid prototyping and deploying production systems like chatbots, autonomous agents, and question-answering services.
webapp-testing
TestingThis Claude Skill provides a Playwright-based toolkit for testing local web applications through Python scripts. It enables frontend verification, UI debugging, screenshot capture, and log viewing while managing server lifecycles. Use it for browser automation tasks but run scripts directly rather than reading their source code to avoid context pollution.
business-rule-documentation
MetaThis skill provides standardized templates for systematically documenting business logic and domain knowledge following Domain-Driven Design principles. It helps developers capture business rules, process flows, decision trees, and terminology glossaries to maintain consistency between requirements and implementation. Use it when documenting domain models, creating business rule repositories, or bridging communication between business and technical teams.
Algorithmic Art Generation
MetaThis skill helps developers create algorithmic art using p5.js, focusing on generative art, computational aesthetics, and interactive visualizations. It automatically activates for topics like "generative art" or "p5.js visualization" and guides you through creating unique algorithms with features like seeded randomness, flow fields, and particle systems. Use it when you need to build reproducible, code-driven artistic patterns.