Skip to main content
ClaudeWave
Skill323 estrellas del repoactualizado yesterday

dependency-triage

Dependency Triage analyzes package dependencies across ecosystems (npm, pip, go, etc.) and classifies each update by risk level, CVE severity, and recommended action. Use this skill to systematically evaluate whether dependency upgrades should be applied automatically via patch bumps, require human review for minor/major versions, or be escalated due to security vulnerabilities, denylist restrictions, or dependency conflicts.

Ver fuenteRepositorio: loop-engineering
Instalar en Claude Code
Copiar
git clone --depth 1 https://github.com/cobusgreyling/loop-engineering /tmp/dependency-triage && cp -r /tmp/dependency-triage/starters/dependency-sweeper/.grok/skills/dependency-triage ~/.claude/skills/dependency-triage
Después abre una sesión nueva de Claude Code; el skill carga automáticamente.
Definición

SKILL.md

# Dependency Triage Skill

## Output per package

```markdown
### package-name (ecosystem: npm|pip|go|etc.)
- Current: x.y.z
- Suggested: x.y.z
- Risk: patch | minor | major
- CVE: none | CVE-XXXX (severity)
- Actionable: yes | no (denylist / human gate)
- Suggested loop action: patch-in-worktree | escalate-human | skip
```

## Classification Rules

- **patch**: semver patch or lockfile-only security fix with no API change
- **minor**: semver minor — cautious, verifier required
- **major**: always escalate-human unless explicitly pre-approved in state
- **denylist**: packages in state denylist → escalate-human, no auto-touch
- **high-severity CVE**: escalate if fix requires major or breaking change

## Rules

- Prefer the smallest safe bump that resolves the advisory.
- Never bundle unrelated package updates in one change.
- Record human overrides from `dependency-sweeper-state.md` every run.
- If lockfile conflict or peer dependency warning → escalate-human.
Del mismo repositorio
loop-budgetSkill

Check token budget and run-log spend before and after a loop run. Enforces early exit when over budget or when there is no actionable work.

loop-triageSkill

>

loop-verifierSubagent

Independent checker for loop-produced changes. Rejects unless tests pass and scope is minimal. Never implement fixes.

minimal-fixSkill

>

changelog-scanSkill

>

draft-release-notesSkill

>

ci-triageSkill

>

post-merge-scanSkill

>