A skill for evaluating packages and managing dependencies securely.
Works with Claude Code, Codex CLI, and other agents supporting the Agent Skills format.
/plugin marketplace add andrew/managing-dependencies
Or copy SKILL.md to your skills directory manually:
# Claude Code
mkdir -p ~/.claude/skills/managing-dependencies
cp SKILL.md ~/.claude/skills/managing-dependencies/
# Codex CLI
mkdir -p ~/.codex/skills/managing-dependencies
cp SKILL.md ~/.codex/skills/managing-dependencies/
# Project-specific (Claude Code)
mkdir -p .claude/skills/managing-dependencies
cp SKILL.md .claude/skills/managing-dependencies/
# Project-specific (Codex CLI)
mkdir -p .codex/skills/managing-dependencies
cp SKILL.md .codex/skills/managing-dependencies/Provides guidance for:
- Evaluating packages before adding them
- Detecting typosquatting and dependency confusion
- Managing lockfiles and version constraints
- Running security audits
- Reviewing dependency changes in PRs
The skill activates automatically when you ask Claude Code about dependencies, packages, or supply chain security. Examples:
- "Should I add lodash or write this myself?"
- "Review the lockfile changes in this PR"
- "Audit this project's dependencies"
- "Is this package trustworthy?"
CC0 1.0 - Public domain
