upgrade-packages
Installation
SKILL.md
Upgrade packages
Safe, incremental dependency upgrades for pnpm projects. Pair with fix-dependency-security for audit and install hardening.
Principles
- Prefer non-breaking upgrades — stay within semver ranges in
package.json(^,~) before jumping majors. - One logical change per commit — e.g. “bump patch/minors” vs “Next 15 → 16 + codemods”.
- Framework libs are worth major upgrades —
next,react,react-dom,typescript,tailwindcss, and the active linter (@biomejs/biomein devprofile;eslintin ESLint-based repos) — but require changelog review, codemods, and code fixes; never bump only the version pin. - Keep related packages aligned — React + types + DOM; Next +
@next/envoverride; linter + its plugins (Biome or ESLint ecosystem). - Install with SFW when supply-chain hardening is enabled:
sfw pnpm install/sfw pnpm update.