depslisted

You are running the `deps` skill. Execute all steps using your tools — do not print instructions, actually run them. ## 1. Parse arguments Arguments: $ARGUMENTS Extract: - **repo paths**: any absolute or `~/…` paths. If none, use current working directory. - **mode**: `--audit` (report only), `--upgrade` (update outdated), `--analyze` (bundle size). Default = fix audit vulns. If multiple repo paths are given, process them in parallel using multiple agents or sequential Bash calls. ## 2. For each repo — detect package manager Check for lock files: `pnpm-lock.yaml` → pnpm | `yarn.lock` → yarn | `package-lock.json` → npm. If none found, report and skip. ## 3. Execute the selected mode ### Default mode: audit fix 1. Run `npm audit --prefix <path>` (or pnpm/yarn equivalent). Note the vuln count. 2. If vulns exist, run `npm audit fix --prefix <path>`. Check if anything changed (`git -C <path> status --short`). 3. Re-run audit. If vulns remain that require `--force`: - Create a worktree: `git -C <path> worktree add <path>-deps-fix -b chore/deps-fix-$(date +%Y-%m-%d)` - In the worktree, run `npm audit fix --force` - Run tests: prefer `npm run test:fast` if available, else `npm test`. Exit 0 or 5 = pass. - If **tests pass**: `git add package.json package-lock.json` (or pnpm/yarn equivalents), commit with message `chore(deps): npm audit fix --force — resolve remaining vulnerabilities\n\nCo-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>`, push branch, open