- Home
- Skills
- Git Fg
- Thecattoolkit
- Managing Npm
managing-npm_skill
- Python
1
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill git-fg/thecattoolkit --skill managing-npm- SKILL.md1.8 KB
Overview
This skill manages npm, pnpm, and bun dependencies following strict protocols to keep projects reproducible and secure. It enforces command-line operations for adding, removing, updating, and auditing packages and ensures lockfile hygiene and CI-safe installs. Use it to standardize dependency workflows and reduce package-related risks.
How this skill works
The skill validates that dependency changes are performed through package manager commands rather than manual edits to package.json. It runs package operations (add, remove, update), performs security audits and fixes, and enforces lockfile policies including CI frozen installs. It also produces a simple quality gate checklist to confirm best practices are met.
When to use it
- Installing a new production or dev dependency
- Removing an unused dependency
- Checking for and applying package updates
- Running security audits and fixing vulnerabilities
- Configuring CI installs to prevent lockfile drift
Best practices
- Never edit package.json manually; always use bun/pnpm/npm commands
- Commit lockfiles (bun.lockb, pnpm-lock.yaml, package-lock.json) with changes
- Use --frozen-lockfile (or npm ci) in CI to avoid unexpected updates
- Run audits regularly and address high/critical vulnerabilities promptly
- Regenerate lockfiles properly instead of deleting them to resolve conflicts
Example use cases
- Add a library as a dev dependency using pnpm add -D jest
- Remove a deprecated package with npm uninstall <package>
- Run pnpm outdated and pnpm update --interactive to upgrade safely
- Run npm audit fix and escalate to npm audit fix --force only after review
- Configure CI to run pnpm install --frozen-lockfile to ensure reproducible builds
FAQ
No. Always use the package manager CLI to add, remove, or update dependencies to keep lockfiles and metadata consistent.
What if a lockfile conflict occurs in a merge?
Do not delete the lockfile. Recreate it by running the appropriate install command and resolve the conflict, then commit the regenerated lockfile.