依赖升级
ln-710-dependency-upgrader
by levnikolaevich
面向多技术栈项目,自动识别 npm、NuGet、pip 等包管理器,先做 Git 状态与安全审计,再分派子 Skill 升级依赖并统一校验汇总,适合批量更新项目依赖。
跨多个包管理器统一协调依赖升级,省去逐个排查与手动同步的麻烦,特别适合多技术栈项目稳妥提效。
安装
claude skill add --url github.com/levnikolaevich/claude-code-skills/tree/master/ln-710-dependency-upgrader文档
Paths: File paths (
shared/,references/,../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root.
ln-710-dependency-upgrader
Type: L2 Domain Coordinator Category: 7XX Project Bootstrap Parent: ln-700-project-bootstrap
Coordinates dependency upgrades by detecting package managers and delegating to appropriate L3 workers.
Overview
| Aspect | Details |
|---|---|
| Input | Detected stack from ln-700 |
| Output | All dependencies upgraded to latest compatible versions |
| Workers | ln-711 (npm), ln-712 (nuget), ln-713 (pip) |
Workflow
See diagram.html for visual workflow.
Phases: Pre-flight → Detect → Security Audit → Delegate → Collect → Verify → Report
Phase 0: Pre-flight Checks
Verify project state before starting upgrade.
| Check | Method | Block if |
|---|---|---|
| Uncommitted changes | git status --porcelain | Non-empty output |
| Create backup branch | git checkout -b upgrade-backup-{timestamp} | Failure |
| Lock file exists | Check for lock file | Missing (warn only) |
Skip upgrade if uncommitted changes exist. User must commit or stash first.
Phase 1: Detect Package Managers
Detection Rules
| Package Manager | Indicator Files | Worker |
|---|---|---|
| npm | package.json + package-lock.json | ln-711 |
| yarn | package.json + yarn.lock | ln-711 |
| pnpm | package.json + pnpm-lock.yaml | ln-711 |
| nuget | *.csproj files | ln-712 |
| pip | requirements.txt | ln-713 |
| poetry | pyproject.toml + poetry.lock | ln-713 |
| pipenv | Pipfile + Pipfile.lock | ln-713 |
Phase 2: Security Audit (Pre-flight)
Security Checks
| Package Manager | Command | Block Upgrade |
|---|---|---|
| npm | npm audit --audit-level=high | Critical only |
| pip | pip-audit --json | Critical only |
| nuget | dotnet list package --vulnerable | Critical only |
Release Age Check
| Option | Default | Description |
|---|---|---|
| minimumReleaseAge | 14 days | Skip packages released < 14 days ago |
| ignoreReleaseAge | false | Override for urgent security patches |
Per Renovate best practices: waiting 14 days gives registries time to pull malicious packages.
Phase 3: Delegate to Workers
CRITICAL: All delegations use Task tool with
subagent_type: "general-purpose"for context isolation.
Prompt template:
Task(description: "Upgrade deps via ln-71X",
prompt: "Execute ln-71X-{worker}. Read skill from ln-71X-{worker}/SKILL.md. Context: {delegationContext}",
subagent_type: "general-purpose")
Anti-Patterns:
- ❌ Direct Skill tool invocation without Task wrapper
- ❌ Any execution bypassing subagent context isolation
Delegation Context
Each worker receives standardized context:
| Field | Type | Description |
|---|---|---|
| projectPath | string | Absolute path to project |
| packageManager | enum | npm, yarn, pnpm, nuget, pip, poetry, pipenv |
| options.upgradeType | enum | major, minor, patch |
| options.allowBreaking | bool | Allow breaking changes |
| options.testAfterUpgrade | bool | Run tests after upgrade |
Worker Selection
| Package Manager | Worker | Notes |
|---|---|---|
| npm, yarn, pnpm | ln-711-npm-upgrader | Handles all Node.js |
| nuget | ln-712-nuget-upgrader | Handles .NET projects |
| pip, poetry, pipenv | ln-713-pip-upgrader | Handles all Python |
Phase 4: Collect Results
Result Schema
| Field | Type | Description |
|---|---|---|
| status | enum | success, partial, failed |
| upgrades[] | array | List of upgraded packages |
| upgrades[].package | string | Package name |
| upgrades[].from | string | Previous version |
| upgrades[].to | string | New version |
| upgrades[].breaking | bool | Is breaking change |
| warnings[] | array | Non-blocking warnings |
| errors[] | array | Blocking errors |
Phase 5: Verify Build
Build Commands by Stack
| Stack | Command |
|---|---|
| Node.js | npm run build or yarn build |
| .NET | dotnet build --configuration Release |
| Python | pytest or python -m pytest |
On Build Failure
- Identify failing package from error
- Search Context7/Ref for migration guide
- Apply known fixes
- If still fails: rollback package, log warning
Phase 6: Report Summary
Report Schema
| Field | Type | Description |
|---|---|---|
| totalPackages | int | Total packages analyzed |
| upgraded | int | Successfully upgraded |
| skipped | int | Already latest |
| failed | int | Rolled back |
| breakingChanges | int | Major version upgrades |
| buildVerified | bool | Build passed after upgrade |
| duration | string | Total time |
Configuration
Options:
# Upgrade scope
upgradeType: major # major | minor | patch
# Breaking changes
allowBreaking: true
autoMigrate: true # Apply known migrations
# Security
auditLevel: high # none | low | moderate | high | critical
minimumReleaseAge: 14 # days, 0 to disable
blockOnVulnerability: true
# Scope
skipDev: false # Include devDependencies
skipOptional: true # Skip optional deps
# Verification
testAfterUpgrade: true
buildAfterUpgrade: true
# Rollback
rollbackOnFailure: true
Error Handling
Recoverable Errors
| Error | Recovery |
|---|---|
| Peer dependency conflict | Try --legacy-peer-deps |
| Build failure | Rollback package, continue |
| Network timeout | Retry 3 times |
Fatal Errors
| Error | Action |
|---|---|
| No package managers found | Skip this step |
| All builds fail | Report to parent, suggest manual review |
References
Definition of Done
- Pre-flight checks passed (clean git state, backup branch created)
- All package managers detected from indicator files
- Security audit completed per manager (critical vulns block upgrade)
- Workers delegated via Task tool with context isolation
- Worker results collected with upgrade/skip/fail counts
- Build verified after all upgrades applied
- Summary report generated with totalPackages, upgraded, skipped, failed, buildVerified
Version: 1.1.0 Last Updated: 2026-01-10
相关 Skills
网页构建器
by anthropics
面向复杂 claude.ai HTML artifact 开发,快速初始化 React + Tailwind CSS + shadcn/ui 项目并打包为单文件 HTML,适合需要状态管理、路由或多组件交互的页面。
✎ 在 claude.ai 里做复杂网页 Artifact 很省心,多组件、状态和路由都能顺手搭起来,React、Tailwind 与 shadcn/ui 组合效率高、成品也更精致。
前端设计
by anthropics
面向组件、页面、海报和 Web 应用开发,按鲜明视觉方向生成可直接落地的前端代码与高质感 UI,适合做 landing page、Dashboard 或美化现有界面,避开千篇一律的 AI 审美。
✎ 想把页面做得既能上线又有设计感,就用前端设计:组件到整站都能产出,难得的是能避开千篇一律的 AI 味。
网页应用测试
by anthropics
用 Playwright 为本地 Web 应用编写自动化测试,支持启动开发服务器、校验前端交互、排查 UI 异常、抓取截图与浏览器日志,适合调试动态页面和回归验证。
✎ 借助 Playwright 一站式验证本地 Web 应用前端功能,调 UI 时还能同步查看日志和截图,定位问题更快。
相关 MCP 服务
GitHub
编辑精选by GitHub
GitHub 是 MCP 官方参考服务器,让 Claude 直接读写你的代码仓库和 Issues。
✎ 这个参考服务器解决了开发者想让 AI 安全访问 GitHub 数据的问题,适合需要自动化代码审查或 Issue 管理的团队。但注意它只是参考实现,生产环境得自己加固安全。
Context7 文档查询
编辑精选by Context7
Context7 是实时拉取最新文档和代码示例的智能助手,让你告别过时资料。
✎ 它能解决开发者查找文档时信息滞后的问题,特别适合快速上手新库或跟进更新。不过,依赖外部源可能导致偶尔的数据延迟,建议结合官方文档使用。
by tldraw
tldraw 是让 AI 助手直接在无限画布上绘图和协作的 MCP 服务器。
✎ 这解决了 AI 只能输出文本、无法视觉化协作的痛点——想象让 Claude 帮你画流程图或白板讨论。最适合需要快速原型设计或头脑风暴的开发者。不过,目前它只是个基础连接器,你得自己搭建画布应用才能发挥全部潜力。