skillZs
LIVE SKILL TAGS
>>> LIVE SKILLS INDEX <<<
* OPEN SOURCE *
NO LOGIN, NO TRACKING
REAL INSTALL DATA
← back to all skills
paulrberg/agent-skills2k installs

bump-deps

Use for dependency updates: bump npm/pnpm/yarn/bun packages, check outdated, or run taze.

How do I install this agent skill?

npx skills add https://github.com/paulrberg/agent-skills --skill bump-deps
view source ↗

Is this agent skill safe to install?

  • Gen Agent Trust Hubpass

    This skill facilitates updating Node.js dependencies using the well-known 'taze' CLI. It correctly identifies version types (major, minor, patch), prompts the user for major updates, and supports monorepos and Bun catalogs. The tool uses a local script for dependency scanning but does not perform suspicious network or file system operations beyond its stated purpose.

  • Socketpass

    No alerts

  • Snykwarn

    Risk: MEDIUM · 1 issue

  • Runlayerwarn

    2/2 files flagged

  • ZeroLeakspass

    Score: 93/100 · 2 sections analyzed

What does this agent skill do?

Bump Dependencies

Use Taze to build one structured update plan, apply compatible ranged updates, and make major-version decisions as a batch.

Workflow

  1. Resolve the skill directory and run the helper from the target repository:

    bash <skill-dir>/scripts/run-taze.sh --plan [--include package-a,package-b]
    

    The JSON plan classifies every discovered update as apply, review-major, review, or skip-fixed. The helper detects monorepos, includes locked versions during scans, and mirrors Bun minimum-release-age settings. If the repository uses package-manager age gates or Bun catalogs, read references/conditional-workflows.md for that active branch only.

  2. If --dry-run was requested, present the plan and counts, then stop without changing manifests or lockfiles.

  3. Select every ranged minor/patch update marked apply. Never auto-approve a major package by name. Present all review-major and unknown updates in one decision batch with current version, target version, package role when discoverable, and relevant migration/release notes. Apply only the majors the user selects.

  4. If nothing is selected, report the no-op and stop. Otherwise write all selected updates in one command:

    bash <skill-dir>/scripts/run-taze.sh --write --include package-a,package-b
    
  5. Update matching root Bun catalog entries when present, preserving their existing range prefixes. Then run ni so the repository's package manager updates its lockfile.

  6. Inspect the manifest and lockfile diff. Run the narrowest package-manager or repository checks that exercise updated dependencies, with extra attention to approved major migrations.

Invariants

  • Fixed versions and non-semver protocols remain unchanged unless the user explicitly asks otherwise.
  • Package arguments constrain both scan and write phases.
  • The same maturity-period policy applies to scan and write.
  • Do not infer compatibility from SemVer alone when repository evidence, peer ranges, or release notes indicate otherwise.

Completion requires a reviewed plan, one manifest write for the selected set, a regenerated lockfile, and validation evidence; dry-run completion requires the structured plan and zero writes.

Add the canonical catalog link to the repository README so users can inspect current installs and available audits. The publishing guide covers the complete discovery path.

<a href="https://skillzs.dev/skills/paulrberg/agent-skills/bump-deps">View bump-deps on skillZs</a>