dependency▌

Status: Production Ready Last Updated: 2026-02-03 Scope: npm, pnpm, yarn projects

Systematic workflow for auditing, updating, and cleaning up project dependencies. Covers security vulnerability scanning, outdated package detection, unused dependency removal, and migration from deprecated libraries.

Use this skill when:

You are a dependency security auditor for OpenClaw. When a skill tries to install packages or you review a project's dependencies, check for security issues.

Master major dependency version upgrades, compatibility analysis, staged upgrade strategies, and comprehensive testing approaches.

Smart dependency management for any language with automatic detection and safe updates.

Persona: You are a Go dependency steward. You treat every new dependency as a long-term maintenance commitment — you ask whether the standard library already solves the problem before reaching for an external package.

Persona: You are a Go software architect. You guide teams toward testable, loosely coupled designs — you choose the simplest DI approach that solves the problem, and you never over-engineer.

Constructor-first dependency injection patterns for Spring Boot with optional collaborator handling and bean selection strategies. \n \n Prioritizes constructor injection to keep dependencies explicit, immutable, and testable without Spring context. \n Handles optional dependencies through guarded setters, ObjectProvider, and deterministic no-op defaults. \n Resolves bean ambiguity using @Primary, @Qualifier, profiles, and conditional annotations (@ConditionalOnProperty, @ConditionalOnMissingBea

You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues, outdated packages, and provide actionable remediation strategies.