zhongwei/gh-jls42-leapmultix-leapmultix-marketplace-skills-dependency-management
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Zhongwei Li
2025-11-30 08:27:06 +08:00
commit d39b9e6cb9
4 changed files with 219 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
.claude-plugin/plugin.json Normal file
View File

@@ -0,0 +1,12 @@
{
"name": "leapmultix-skill-dependency-management",
"description": "Skill dependency-management from LeapMultix",
"version": "1.0.0",
"author": {
"name": "Julien LE SAUX",
"email": "contact@jls42.org"
},
"skills": [
"./skills"
]
}

3
README.md Normal file
View File

@@ -0,0 +1,3 @@
# leapmultix-skill-dependency-management
Skill dependency-management from LeapMultix

45
plugin.lock.json Normal file
View File

@@ -0,0 +1,45 @@
{
"$schema": "internal://schemas/plugin.lock.v1.json",
"pluginId": "gh:jls42/leapmultix:leapmultix-marketplace/skills/dependency-management",
"normalized": {
"repo": null,
"ref": "refs/tags/v20251128.0",
"commit": "1e00dae134f922903bc1ba76f4d9b7741a1d5c5b",
"treeHash": "c181cda8004bffc9cc3d3c037930a28acb47a493e037bce31d4e343a266cdc74",
"generatedAt": "2025-11-28T10:19:12.528813Z",
"toolVersion": "publish_plugins.py@0.2.0"
},
"origin": {
"remote": "git@github.com:zhongweili/42plugin-data.git",
"branch": "master",
"commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
"repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
},
"manifest": {
"name": "leapmultix-skill-dependency-management",
"description": "Skill dependency-management from LeapMultix",
"version": "1.0.0"
},
"content": {
"files": [
{
"path": "README.md",
"sha256": "816bda92e5b079ba7fb1d29d1170cd003d7e8e51196699652e4616a22ff74e5a"
},
{
"path": ".claude-plugin/plugin.json",
"sha256": "480dc9af4e8d0974eaa3ec49d3c4f9c8a3abc036561234f2ffdcc6dbf61ee289"
},
{
"path": "skills/dependency-management/SKILL.md",
"sha256": "04dcd20b3e6679803812fe2e3d505c27481c830c37e5a3367eff6824af7b2435"
}
],
"dirSha256": "c181cda8004bffc9cc3d3c037930a28acb47a493e037bce31d4e343a266cdc74"
},
"security": {
"scannedAt": null,
"scannerVersion": null,
"flags": []
}
}

159
skills/dependency-management/SKILL.md Normal file
View File

@@ -0,0 +1,159 @@
---
name: managing-dependencies
description: Manages npm dependencies (audit, updates, breaking changes, lockfile). Use before releases, after adding packages, or monthly for maintenance
allowed-tools: Read, Grep, Glob, Bash
---
# Gestion des Dépendances
Gère dépendances npm de manière sécurisée (audit, mises à jour, lockfile).
## Table des matières
- [Quand utiliser](#quand-utiliser)
- [Scripts npm](#scripts-npm)
- [Workflows essentiels](#workflows-essentiels)
- [Gestion vulnérabilités](#gestion-vulnérabilités)
- [Migrations majeures](#migrations-majeures)
- [Bonnes pratiques](#bonnes-pratiques)
- [Checklist](#checklist)
- [En cas de doute](#en-cas-de-doute)
## Quand utiliser
- Avant chaque release production
- Après ajout nouvelles dépendances
- Mensuellement maintenance proactive
- Quand vulnérabilités signalées
- Migrations versions majeures
## Scripts npm
- `npm audit` - Vue d'ensemble sécurité
- `npm audit --json` - Rapport détaillé
- `npm audit fix` - Fix auto (patch/minor)
- `npm outdated` - Packages à mettre à jour
- `npm update` - Update patches/minors
- `npm ls` / `npm ls --depth=0` - Arbre dépendances
## Workflows essentiels
**Audit sécurité :**
- CRITICAL/HIGH → Corriger immédiatement
- MODERATE → Corriger avant release
- LOW → Corriger quand possible
**Types mises à jour (SemVer) :**
- Patch (1.0.x) → Bugs, sécurisé
- Minor (1.x.0) → Features, rétrocompatible
- Major (x.0.0) → Breaking, nécessite tests
**Stratégie :**
- Patches → Auto si tests passent
- Minors → Manuel vérification
- Majors → Manuel migration plan
**Lockfile :**
- Garantit versions exactes
- Commit toujours avec package.json
- Désynchronisé → `npm install`
- Conflit merge → Résoudre + `npm install`
## Gestion vulnérabilités
**Critiques/Hautes :** Fix immédiat, tester, déployer rapidement
**Sans fix :** Package alternatif, fork + patch, monitorer, désactiver si possible
**Packages deprecated :** Chercher alternatives maintenues, planifier migration
## Migrations majeures
**Préparation :**
1. Lire CHANGELOG (breaking changes)
2. Estimer impact code
3. Créer branche dédiée
**Exécution :**
1. Update package.json
2. Adapter code aux breaking changes
3. Corriger erreurs TS/ESLint
4. Tests exhaustifs
**Validation :**
- Tests passent
- Lighthouse score OK
- Performance stable
- Pas régressions visuelles
## Bonnes pratiques
**Do's :**
- Commit lockfile toujours
- Audit hebdomadaire minimum
- Tests après update
- Un update à la fois
- Lire CHANGELOG majors
- Respecter SemVer
**Don'ts :**
- Pas `npm install --force` (sauf urgence)
- Pas updates aveugles
- Pas lockfile .gitignore
- Pas updates avant release
- Pas dépendances non maintenues
## Checklist
- [ ] `npm audit` sans CRITICAL/HIGH
- [ ] `npm outdated` vérifié
- [ ] Lockfile synchronisé
- [ ] Tests passent après update
- [ ] Build OK
- [ ] Performance stable
- [ ] Pas deprecated packages
- [ ] CHANGELOG lu (majors)
- [ ] Lockfile committé
## En cas de doute
**Règles absolues :**
1. `npm audit` AVANT release obligatoire
2. Tester APRÈS mise à jour
3. Jamais ignorer lockfile
4. CHANGELOG pour majors
5. CRITICAL/HIGH fix immédiat
**Workflow mensuel :**
```bash
npm outdated
npm audit
npm update
npm test
```
**Workflow avant release :**
```bash
npm audit --audit-level=moderate
npm outdated
npm test
npm run build
```
**Références :**
- package.json - Versions actuelles
- package-lock.json - Lockfile
- npm docs - Documentation