This walks you through the full dependency maintenance workflow: running npm audit for vulnerabilities, finding outdated packages with npm-check-updates, detecting unused deps with depcheck, and analyzing bundle size impact. It's got good defensive advice too, like which packages depcheck wrongly flags as unused (TypeScript types, ESLint plugins, config-referenced tools). The conservative versus aggressive update strategies are practical, and the lock file reminders are the kind of thing everyone forgets until CI breaks. If you maintain any JavaScript project and currently just run npm install when things break, this gives you a proper checklist to stay ahead of security issues and bloat.
npx skills add https://github.com/onewave-ai/claude-skills --skill dependency-auditor