When does the skill trigger?

It automatically invokes when it detects standard package installation or update commands, such as 'npm install', 'poetry add', or 'composer require'.

How does it handle security vulnerabilities?

It runs native audit tools (like npm audit or cargo audit) during the pre-installation check to identify vulnerabilities and will suggest patched versions or block installation of insecure packages.

Does this work with monorepos and workspaces?

Yes, the skill is designed to handle monorepo considerations, validating peer dependencies and ensuring version consistency across workspace members.

Will it automatically change my lockfiles?

It auto-resolves safe changes like patch versions and dev-dependency updates. For breaking changes or production dependencies, it presents options for manual review before execution.

Which package managers does this skill support?

The skill supports a wide range of popular ecosystems including npm, yarn, and pnpm for JavaScript; pip and poetry for Python; cargo for Rust; and composer for PHP.

Dependency Conflict Resolver

Name: Dependency Conflict Resolver
Author: marcusgoll

bymarcusgoll

•

Security & Testing

Resolves package manager dependency conflicts and security vulnerabilities across multiple languages before installation occurs.

The Dependency Conflict Resolver is a proactive utility designed to prevent broken builds and security risks by analyzing package dependencies across JavaScript, Python, Rust, and PHP ecosystems. It automatically triggers during installation commands to scan for peer dependency mismatches, version constraint violations, and known vulnerabilities. By categorizing conflicts into auto-resolvable patches and manual review scenarios, it streamlines the development workflow while ensuring project stability and security compliance without bypassing critical versioning rules.

Key Features

01Multi-ecosystem support for npm, yarn, pnpm, pip, poetry, cargo, and composer.

02Deep semver compatibility analysis for peer, transitive, and platform-specific dependencies.

03Intelligent classification of conflicts into auto-fixes, manual reviews, or installation blocks.

04Interactive resolution prompts that offer multiple fix strategies with risk assessments.

05Automated security vulnerability scanning via integrated ecosystem-specific audit tools.

0618 GitHub stars

Use Cases

01Preventing dependency hell during major framework migrations and library upgrades.

02Automating security patch identification and remediation in production-ready repositories.

03Ensuring version consistency and peer dependency alignment across complex monorepos.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add marcusgoll/spec-flow dependency-conflict-resolver

For use in Claude.ai and ChatGPT

Download Skill