Bump Deps

Name: Bump Deps
Author: paulrberg

paulrberg/agent-skills

Surface and apply dependency updates across a repo or monorepo using taze before you ship or harden releases.

Overview

bump-deps is an agent skill for the Ship phase that runs taze to list and drive dependency updates, including monorepo recursive mode and major-version visibility.

Install

npx skills add https://github.com/paulrberg/agent-skills --skill bump-deps

What is this skill?

Non-interactive taze runner with clear exit codes for missing CLI or package.json
Auto-detects npm/pnpm workspaces and enables recursive monorepo mode
taze major with --include-locked to show all updates including breaking versions
Optional --include package filter and target directory argument
Documents npm global install or npx fallback when taze is absent
Documented exit codes: 0 success, 1 taze missing, 2 no package.json
Runs taze major with --include-locked for full update visibility

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.5k installs on skills.sh; 62 GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You do not know which dependencies are stale or locked behind semver ranges until something breaks or a security advisory forces a fire drill.

Who is it for?

Solo maintainers with package.json or pnpm/npm monorepos who want an agent to run standardized taze passes before shipping.

Skip if: Projects without Node package.json, teams that forbid automated version probes, or workflows that only use language-specific lockfiles outside the npm ecosystem.

When should I use this skill?

You need to inspect or drive dependency updates with taze, optionally filtered by package, with monorepo auto-detection.

What do I get? / Deliverables

You get a complete taze report of available updates—including majors and locked pins—so you can choose what to bump before release.

Terminal report of available dependency updates from taze
Monorepo-aware recursive scan when workspaces are detected

Recommended Skills

Release Skillsjimliu/baoyu-skills

release-skills is a universal agent workflow for solo and indie builders who are ready to ship a new version instead of …19.5k installs·20.9k stars

Changelog Automationwshobson/agents

Changelog Automation is an agent skill for solo and indie builders who ship software on a regular cadence and want relea…8.9k installs·36.5k stars

Msstore Cligithub/awesome-copilot

Microsoft Store Developer CLI (msstore) is an agent skill that teaches coding agents how to operate Microsoft’s Store pu…6.8k installs·34.6k stars

Changelog Generatorcomposiohq/awesome-claude-skills

Changelog-generator is an agent skill that automates the tedious translation from git commits to readable release docume…4.4k installs·63.7k stars

Shopify App Store Reviewshopify/shopify-ai-toolkit

Shopify App Store Review is an agent skill from Shopify’s AI toolkit that helps solo and indie builders stress-test a Sh…3.8k installs·373 stars

Shipping And Launchaddyosmani/agent-skills

shipping-and-launch is an agent skill that walks solo builders through deploying to production with discipline: every la…3.8k installs·49.1k stars

Journey fit

Primary fit

Dependency freshness and breaking-change visibility belong in Ship when you are preparing releases and reducing known-vulnerable or stale packages. Updated dependencies directly support supply-chain hygiene and pre-release hardening rather than greenfield feature coding.

How it compares

Use as a scripted taze wrapper for upgrade visibility instead of manually editing package.json without a monorepo-aware scan.

Common Questions / FAQ

Who is bump-deps for?

Indie developers and small teams on JavaScript or TypeScript repos who maintain npm or pnpm workspaces and use taze for dependency hygiene.

When should I use bump-deps?

In Ship before a release or security pass when you need a full picture of dependency updates, including breaking major bumps, across one package or a monorepo.

Is bump-deps safe to install?

Check the Security Audits panel on this Prism page; the skill runs shell and network-adjacent package tooling—review taze output and test after any applied upgrades.

SKILL.md

READMESKILL.md - Bump Deps

#!/usr/bin/env bash
# run-taze.sh - Run taze in non-interactive mode
#
# Usage: run-taze.sh [--include pkg1,pkg2] [path]
#
# Automatically detects monorepo projects (workspaces in package.json
# or pnpm-workspace.yaml) and enables recursive mode.
#
# Exit codes:
#   0 - Success (updates displayed)
#   1 - taze not installed
#   2 - No package.json found

set -euo pipefail

include=""
if [[ "${1:-}" == "--include" ]]; then
    include="$2"
    shift 2
fi

target_dir="${1:-.}"

# Check taze availability
if ! command -v taze &>/dev/null; then
    cat >&2 <<'EOF'
ERROR: taze CLI is not installed.

Install taze globally:
  npm install -g taze

Or run via npx:
  npx taze

Documentation: https://github.com/antfu-collective/taze
EOF
    exit 1
fi

# Check for package.json
if [[ ! -f "$target_dir/package.json" ]]; then
    echo "ERROR: No package.json found in $target_dir" >&2
    exit 2
fi

cd "$target_dir"

# Auto-detect monorepo
recursive=""
if grep -q '"workspaces"' package.json 2>/dev/null \
    || [[ -f pnpm-workspace.yaml ]]; then
    recursive="-r"
fi

# Build include flag
include_flag=""
if [[ -n "$include" ]]; then
    include_flag="--include $include"
fi

# Run taze major to show ALL available updates (including breaking)
# -l/--include-locked shows fixed versions (no ^ or ~)
# shellcheck disable=SC2086
taze major $recursive $include_flag --include-locked 2>&1


---
argument-hint: '[--dry-run] [package ...]'
disable-model-invocation: false
effort: high
name: bump-deps
user-invocable: true
description: This skill should be used when the user asks to "update dependencies", "update npm packages", "bump dependencies", "upgrade node packages", "check for outdated packages", "update package.json", or mentions dependency updates, npm/pnpm/yarn/bun package upgrades, or taze CLI usage.
---

# Bump Dependencies Skill

Update Node.js dependencies using taze CLI with smart prompting: auto-apply MINOR/PATCH updates, prompt for MAJOR updates individually, skip fixed-version packages.

When package names are provided as arguments (e.g. `/bump-deps react typescript`), scope all taze commands to only those packages using `--include`.

When `--dry-run` is passed (e.g. `/bump-deps --dry-run` or `/bump-deps --dry-run react`), scan for updates and present a summary table **without applying any changes**. See [Dry Run Mode](#dry-run-mode) below.

## Prerequisites

Before starting, verify taze is installed by running:

```bash
scripts/run-taze.sh
```

If exit code is 1, stop and inform the user that taze must be installed:

- Global install: `npm install -g taze`
- One-time: `npx taze`

## Update Workflow

### Step 1: Scan for Updates

Run the taze script to discover available updates. The script auto-detects monorepo projects (`workspaces` in package.json or `pnpm-workspace.yaml`) and enables recursive mode automatically.

```bash
scripts/run-taze.sh
```

### Step 2: Parse and Categorize Updates

From the taze output, categorize each package update:

| Category  | Version Change                              | Action        |
| --------- | ------------------------------------------- | ------------- |
| **Fixed** | No `^` or `~` prefix (e.g., `"1.0.0"`)      | Skip entirely |
| **PATCH** | `x.y.z` → `x.y.Z` (e.g., `1.0.0` → `1.0.1`) | Auto-apply    |
| **MINOR** | `x.y.z` → `x.Y.0` (e.g., `1.0.0` → `1.1.0`) | Auto-apply    |
| **MAJOR** | `x.y.z` → `X.0.0` (e.g., `1.0.0` → `2.0.0`) | Prompt user   |

If package arguments were provided, filter to only those packages.

#### Dry Run Mode

If `--dry-run` was passed, **stop here** — do not apply any updates. Instead, present a single markdown table summarizing all available updates and exit. The table must include every discovered package (including fixed-version packages, shown as skipped):

```
| Package | Current | Available | Type | Action |
|---------|---------|-----------|------|--------|
| @types/node | ^20.0.0 | ^22.0.0 | major | prompt |
| typescript | ^5.3.0 | ^5.4.0 | minor | auto-apply |
| e

What is this skill?

Non-interactive taze runner with clear exit codes for missing CLI or package.json

Auto-detects npm/pnpm workspaces and enables recursive monorepo mode

taze major with --include-locked to show all updates including breaking versions

Optional --include package filter and target directory argument

Documents npm global install or npx fallback when taze is absent

Documented exit codes: 0 success, 1 taze missing, 2 no package.json

Runs taze major with --include-locked for full update visibility

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1.5k installs on skills.sh; 62 GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

SKILL.md

READMESKILL.md - Bump Deps

#!/usr/bin/env bash
# run-taze.sh - Run taze in non-interactive mode
#
# Usage: run-taze.sh [--include pkg1,pkg2] [path]
#
# Automatically detects monorepo projects (workspaces in package.json
# or pnpm-workspace.yaml) and enables recursive mode.
#
# Exit codes:
#   0 - Success (updates displayed)
#   1 - taze not installed
#   2 - No package.json found

set -euo pipefail

include=""
if [[ "${1:-}" == "--include" ]]; then
    include="$2"
    shift 2
fi

target_dir="${1:-.}"

# Check taze availability
if ! command -v taze &>/dev/null; then
    cat >&2 <<'EOF'
ERROR: taze CLI is not installed.

Install taze globally:
  npm install -g taze

Or run via npx:
  npx taze

Documentation: https://github.com/antfu-collective/taze
EOF
    exit 1
fi

# Check for package.json
if [[ ! -f "$target_dir/package.json" ]]; then
    echo "ERROR: No package.json found in $target_dir" >&2
    exit 2
fi

cd "$target_dir"

# Auto-detect monorepo
recursive=""
if grep -q '"workspaces"' package.json 2>/dev/null \
    || [[ -f pnpm-workspace.yaml ]]; then
    recursive="-r"
fi

# Build include flag
include_flag=""
if [[ -n "$include" ]]; then
    include_flag="--include $include"
fi

# Run taze major to show ALL available updates (including breaking)
# -l/--include-locked shows fixed versions (no ^ or ~)
# shellcheck disable=SC2086
taze major $recursive $include_flag --include-locked 2>&1


---
argument-hint: '[--dry-run] [package ...]'
disable-model-invocation: false
effort: high
name: bump-deps
user-invocable: true
description: This skill should be used when the user asks to "update dependencies", "update npm packages", "bump dependencies", "upgrade node packages", "check for outdated packages", "update package.json", or mentions dependency updates, npm/pnpm/yarn/bun package upgrades, or taze CLI usage.
---

# Bump Dependencies Skill

Update Node.js dependencies using taze CLI with smart prompting: auto-apply MINOR/PATCH updates, prompt for MAJOR updates individually, skip fixed-version packages.

When package names are provided as arguments (e.g. `/bump-deps react typescript`), scope all taze commands to only those packages using `--include`.

When `--dry-run` is passed (e.g. `/bump-deps --dry-run` or `/bump-deps --dry-run react`), scan for updates and present a summary table **without applying any changes**. See [Dry Run Mode](#dry-run-mode) below.

## Prerequisites

Before starting, verify taze is installed by running:

```bash
scripts/run-taze.sh
```

If exit code is 1, stop and inform the user that taze must be installed:

- Global install: `npm install -g taze`
- One-time: `npx taze`

## Update Workflow

### Step 1: Scan for Updates

Run the taze script to discover available updates. The script auto-detects monorepo projects (`workspaces` in package.json or `pnpm-workspace.yaml`) and enables recursive mode automatically.

```bash
scripts/run-taze.sh
```

### Step 2: Parse and Categorize Updates

From the taze output, categorize each package update:

| Category  | Version Change                              | Action        |
| --------- | ------------------------------------------- | ------------- |
| **Fixed** | No `^` or `~` prefix (e.g., `"1.0.0"`)      | Skip entirely |
| **PATCH** | `x.y.z` → `x.y.Z` (e.g., `1.0.0` → `1.0.1`) | Auto-apply    |
| **MINOR** | `x.y.z` → `x.Y.0` (e.g., `1.0.0` → `1.1.0`) | Auto-apply    |
| **MAJOR** | `x.y.z` → `X.0.0` (e.g., `1.0.0` → `2.0.0`) | Prompt user   |

If package arguments were provided, filter to only those packages.

#### Dry Run Mode

If `--dry-run` was passed, **stop here** — do not apply any updates. Instead, present a single markdown table summarizing all available updates and exit. The table must include every discovered package (including fixed-version packages, shown as skipped):

```
| Package | Current | Available | Type | Action |
|---------|---------|-----------|------|--------|
| @types/node | ^20.0.0 | ^22.0.0 | major | prompt |
| typescript | ^5.3.0 | ^5.4.0 | minor | auto-apply |
| e

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is bump-deps for?

When should I use bump-deps?

Is bump-deps safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is bump-deps for?

When should I use bump-deps?

Is bump-deps safe to install?

SKILL.md