managing-npm
"Manages npm, pnpm, and bun dependencies following strict protocols. Use when installing, updating, or auditing packages. Do not use for TypeScript configuration or build tooling."
Install
npx skillscat add git-fg/thecattoolkit/managing-npm Install via the SkillsCat registry.
SKILL.md
Dependency Management Protocol
Core Principle
NEVER manually edit package.json for dependency changes. Always use package manager commands.
Dependency Operations
Adding Dependencies
# Production dependency
bun add <package>
pnpm add <package>
npm install <package>
# Dev dependency
bun add -d <package>
pnpm add -D <package>
npm install --save-dev <package>Removing Dependencies
bun remove <package>
pnpm remove <package>
npm uninstall <package>Updating Dependencies
# Check outdated
bun outdated
pnpm outdated
npm outdated
# Update specific package
bun update <package>
pnpm update <package>
npm update <package>
# Update all (interactive)
pnpm update --interactive
npx npm-check-updates -iSecurity Audit
# Run audit
bun audit
pnpm audit
npm audit
# Auto-fix vulnerabilities
pnpm audit --fix
npm audit fix
# Force fix (breaking changes allowed)
npm audit fix --forceLockfile Hygiene
- Commit lockfiles (
bun.lockb,pnpm-lock.yaml,package-lock.json) - Never delete lockfiles to resolve conflicts - regenerate properly
- Use
--frozen-lockfilein CI environments
# CI install (no lockfile changes)
bun install --frozen-lockfile
pnpm install --frozen-lockfile
npm ciQuality Gates
- Dependencies added via CLI, not manual edits
- Lockfile committed with changes
- No high/critical vulnerabilities in audit
- Unused dependencies removed
Categories
Install
npx skillscat add git-fg/thecattoolkit/managing-npm Install via the SkillsCat registry.