This is a comprehensive dependency management guide that walks you through go.mod workflows, semantic versioning, and MVS quirks. It enforces a critical rule: AI agents must ask before adding dependencies, checking if the standard library already solves the problem. You get practical commands for upgrading (prefer go get -u=patch for safety), vendoring strategies, the tools.go pattern for pinning CLI versions, and references for vulnerability scanning with govulncheck. The skill pushes back against dependency bloat by treating every package as a long term maintenance commitment. Useful when adding libraries, resolving version conflicts, setting up Dependabot, or auditing what's inflating your binary size.
npx skills add https://github.com/samber/cc-skills-golang --skill golang-dependency-management