Smart dependency management for any language with automatic detection and safe updates.
update my dependencies
The skill auto-detects your project type and handles the rest.
Trigger Example Update dependencies "update dependencies", "update deps" Check outdated "check for outdated packages" Fix dependency issues "fix my dependency problems" Security audit "audit dependencies for vulnerabilities" Diagnose deps "diagnose dependency issues"
Language Package File Update Tool Audit Tool Node.js package.json tazenpm auditPython requirements.txt, pyproject.toml pip-reviewsafety, pip-auditGo go.mod go get -u
Update Type Version Change Action Fixed No ^ or ~ Skip (intentionally pinned) PATCH x.y.z → x.y.ZAuto-apply MINOR x.y.z → x.Y.0Auto-apply MAJOR x.y.z → X.0.0
User Request
│
▼
┌─────────────────────────────────────────────────────┐
│ Step 1: DETECT PROJECT TYPE │
│ • Scan for package files (package.json, go.mod...) │
│ • Identify package manager │
├─────────────────────────────────────────────────────┤
│ Step 2: CHECK PREREQUISITES │
│ • Verify required tools are installed │
│ • Suggest installation if missing │
├─────────────────────────────────────────────────────┤
│ Step 3: SCAN FOR UPDATES │
│ • Run language-specific outdated check │
│ • Categorize: MAJOR / MINOR / PATCH / Fixed │
├─────────────────────────────────────────────────────┤
│ Step 4: AUTO-APPLY SAFE UPDATES │
│ • Apply MINOR and PATCH automatically │
│ • Report what was updated │
├─────────────────────────────────────────────────────┤
│ Step 5: PROMPT FOR MAJOR UPDATES │
│ • AskUserQuestion for each MAJOR update │
│ • Show current → new version │
├─────────────────────────────────────────────────────┤
│ Step 6: APPLY APPROVED MAJORS │
│ • Update only approved packages │
├─────────────────────────────────────────────────────┤
│ Step 7: FINALIZE │
│ • Run install command │
│ • Run security audit │
└─────────────────────────────────────────────────────┘
# Check prerequisites scripts/check-tool.sh taze "npm install -g taze"
# Scan for updates taze
# Apply minor/patch taze minor --write
# Apply specific majors taze major --write --include pkg1,pkg2
# Monorepo support taze -r # recursive
# Security npm audit npm audit fix # Check outdated pip list --outdated
# Update all (careful!) pip-review --auto
# Update specific pip install --upgrade package-name
# Security pip-audit safety check # Check outdated go list -m -u all
# Update all go get -u ./...
# Tidy up go mod tidy
# Security govulncheck ./... # Check outdated cargo outdated
# Update within semver cargo update
# Security cargo audit # Check outdated bundle outdated
# Update all bundle update
# Update specific bundle update --conservative gem-name
# Security bundle audit # Check outdated mvn versions:display-dependency-updates
# Update to latest mvn versions:use-latest-releases
# Security mvn dependency:tree mvn dependency-check:check # Check outdated dotnet list package --outdated
# Update specific dotnet add package PackageName
# Security dotnet list package --vulnerable When dependencies are broken, run diagnosis:
Issue Symptoms Fix Version Conflict "Cannot resolve dependency tree" Clean install, use overrides/resolutions Peer Dependency "Peer dependency not satisfied" Install required peer version Security Vuln npm audit shows issuesnpm audit fix or manual updateUnused Deps Bloated bundle Run depcheck (Node) or equivalent Duplicate Deps Multiple versions installed Run
# Node.js - Nuclear reset rm -rf node_modules package-lock.json npm cache clean --force npm install
# Python - Clean virtualenv rm -rf venv python -m venv venv source venv/bin/activate pip install -r requirements.txt
# Go - Reset modules rm go.sum go mod tidy Run security checks for any project:
# Node.js npm audit npm audit --json | jq '.metadata.vulnerabilities'
# Python pip-audit safety check
# Go govulncheck ./...
# Rust cargo audit
# Ruby bundle audit
# .NET dotnet list package --vulnerable Severity Action Critical Fix immediately High Fix within 24h Moderate Fix within 1 week Low Fix in next release
Avoid Why Instead Update fixed versions Intentionally pinned Skip them Auto-apply MAJOR Breaking changes Prompt user Batch MAJOR prompts Loses context Prompt individually Skip lock file Irreproducible builds Always commit lock files Ignore security alerts Vulnerabilities Address by severity
After updates:
Deep Dive: Project Detection The skill auto-detects project type by scanning for package files:
File Found Language Package Manager package.jsonNode.js npm/yarn/pnpm requirements.txtPython pip pyproject.tomlPython pip/poetry PipfilePython pipenv go.mod
Deep Dive: Node.js with taze # Install taze globally (recommended) npm install -g taze
# Or use npx npx taze # 1. Scan all updates taze
# 2. Apply safe updates (minor + patch) taze minor --write Deep Dive: Version Strategies MAJOR.MINOR.PATCH (e.g., 2.3.1)
MAJOR: Breaking changes - requires code changes
MINOR: New features - backward compatible
PATCH: Bug fixes - backward compatible
Specifier Meaning Example ^1.2.3Minor + Patch OK >=1.2.3 <2.0.0~1.2.3Patch only >=1.2.3 <1.3.01.2.3
Deep Dive: Conflict Resolution Diagnosis:
npm ls package-name # See dependency tree npm explain package-name # Why installed yarn why package-name # Yarn equivalent Resolution with overrides:
// package.json { "overrides" : { "lodash" : "^4.18.0" } Script Purpose scripts/check-tool.shVerify tool is installed scripts/run-taze.shRun taze with proper flags
Claude Sonnet 4.5