← 返回 Skills 市场
Dependency Upgrade
作者
Bovin Phang
· GitHub ↗
· v2.5.0
· MIT-0
35
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install fec-dependency-upgrade
功能描述
Use when planning, implementing, or reviewing frontend dependency upgrades, package migrations, lockfile changes, major framework version bumps, CVE remediat...
使用说明 (SKILL.md)
依赖升级
适用于前端依赖升级、漏洞修复、大版本迁移和 lockfile 风险评审。需要具体流程和检查清单时加载 references/dependency-upgrade-workflow.md。
Purpose
用来源驱动和小批验证的方式升级依赖,降低破坏性变更、供应链风险和 CI 回归。
Procedure
- 建立事实基线:读取 package manager、lockfile、Node 版本、workspace 范围、CI 命令和当前验证状态。
- 分类升级目标:安全修复、补丁升级、小版本升级、大版本迁移、框架迁移、构建工具迁移或依赖清理。
- 查证来源:对版本敏感的库读取官方 release notes、migration guide、peer dependency、Node/browser 支持和弃用项。
- 拆小批次:安全补丁可集中处理;大版本、构建工具、框架和测试工具必须单独批次验证。
- 处理兼容边界:检查 ESM/CJS、TypeScript 类型、CSS 处理、SSR/RSC、插件 API、peer dependency 和 polyfill 变化。
- 运行验证矩阵:至少覆盖 install、typecheck、unit/component tests、build;关键应用补 E2E、Storybook 或手工冒烟。
- 同步文档:记录升级原因、版本、破坏性变更、迁移命令、回滚方式和仍需人工验证的路径。
Constraints
- 不在缺少来源和验证的情况下进行大版本连跳。
- 不为了消除 audit 警告盲目升级运行时关键包;先判断可利用路径和修复影响。
- 不手工编辑 lockfile 规避依赖冲突。
- 不把依赖升级和无关重构混在一个批次。
- 不移除 peer dependency 或构建插件,除非有证据证明没有被运行时、子包或 CI 使用。
Expected Output
输出升级清单、风险分类、来源依据、批次策略、修改范围、验证命令、失败处理和回滚建议。完成后 lockfile 与 package 清单一致,关键验证通过,破坏性变更有记录。
安全使用建议
Install this if you want an agent to help plan or perform frontend dependency upgrades. Review proposed package and lockfile changes carefully, especially for major version migrations or CVE-driven updates, and run the suggested verification commands before accepting changes.
能力评估
Purpose & Capability
The skill's stated purpose is frontend dependency upgrade planning, package migration, lockfile review, CVE remediation, and CI verification; its instructions directly support that purpose.
Instruction Scope
The trigger wording is broad within dependency-upgrade work, but the runtime guidance is scoped to package, lockfile, compatibility, verification, and rollback decisions rather than unrelated system access.
Install Mechanism
The package contains Markdown guidance, JSON metadata, and a reference checklist; no executable scripts, install hooks, obfuscated payloads, or automatic setup behavior were present.
Credentials
It expects reading package manager state, lockfiles, Node/workspace details, official release notes, and CI commands, which is proportionate for dependency upgrade work.
Persistence & Privilege
Dependency upgrades may persist changes to package manifests and lockfiles, but that is the disclosed core workflow and remains user-directed; no background persistence or privilege escalation is declared.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install fec-dependency-upgrade - 安装完成后,直接呼叫该 Skill 的名称或使用
/fec-dependency-upgrade触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.5.0
- Added comprehensive Chinese and English process documentation for frontend dependency upgrades, risk assessment, and workflow.
- Detailed step-by-step upgrade procedure, including verification, batch strategies, and compatibility checks.
- Defined constraints to prevent risky or unsafe upgrade practices.
- Listed clear expected output for all upgrade tasks.
- Included usage guidance for scenarios like CVE remediation, framework migrations, and lockfile changes.
元数据
常见问题
Dependency Upgrade 是什么?
Use when planning, implementing, or reviewing frontend dependency upgrades, package migrations, lockfile changes, major framework version bumps, CVE remediat... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 35 次。
如何安装 Dependency Upgrade?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install fec-dependency-upgrade」即可一键安装,无需额外配置。
Dependency Upgrade 是免费的吗?
是的,Dependency Upgrade 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Dependency Upgrade 支持哪些平台?
Dependency Upgrade 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Dependency Upgrade?
由 Bovin Phang(@bovinphang)开发并维护,当前版本 v2.5.0。
推荐 Skills