How do I scope updates to specific packages?

Provide package names as arguments to bump-deps and use --include to limit all taze commands to those packages (e.g., /bump-deps react,typescript).

What happens with major updates?

Major updates are prompted individually for remaining packages; some packages may be auto-skipped (e.g., lucide-react). Use the AskUserQuestion flow to approve or skip each major update.

Do I need to handle monorepos specially?

The script auto-detects monorepo mode; when running taze directly, you can add -r if a monorepo is detected (e.g., workspaces in package.json or pnpm-workspace.yaml).

bump-deps

Scanned

npx machina-cli add skill PaulRBerg/agent-skills/bump-deps --openclaw

Files (1)

SKILL.md

5.8 KB

Bump Dependencies Skill

Update Node.js dependencies using taze CLI with smart prompting: auto-apply MINOR/PATCH updates, prompt for MAJOR updates individually, skip fixed-version packages.

When package names are provided as arguments (e.g. /bump-deps react typescript), scope all taze commands to only those packages using --include.

Prerequisites

Before starting, verify taze is installed by running:

scripts/run-taze.sh

If exit code is 1, stop and inform the user that taze must be installed:

Global install: npm install -g taze
One-time: npx taze

Update Workflow

Step 1: Scan for Updates

Run the taze script to discover available updates. The script auto-detects monorepo projects (workspaces in package.json or pnpm-workspace.yaml) and enables recursive mode automatically.

scripts/run-taze.sh

Step 2: Parse and Categorize Updates

From the taze output, categorize each package update:

Category	Version Change	Action
Fixed	No `^` or `~` prefix (e.g., `"1.0.0"`)	Skip entirely
PATCH	`x.y.z` → `x.y.Z` (e.g., `1.0.0` → `1.0.1`)	Auto-apply
MINOR	`x.y.z` → `x.Y.0` (e.g., `1.0.0` → `1.1.0`)	Auto-apply
MAJOR	`x.y.z` → `X.0.0` (e.g., `1.0.0` → `2.0.0`)	Prompt user

If package arguments were provided, filter to only those packages.

Identifying fixed versions: In package.json, fixed versions have no range prefix:

Fixed: "lodash": "4.17.21" → skip
Ranged: "lodash": "^4.17.21" → process

Step 3: Apply MINOR/PATCH Updates

Apply all non-major updates automatically without prompting:

# All packages
taze minor --write

# Specific packages only (when args provided)
taze minor --write --include react,typescript

The script auto-detects monorepo mode, but when running taze directly, detect it yourself: check for workspaces in package.json or pnpm-workspace.yaml and add -r if present.

Report the packages that were updated.

Step 4: Prompt for MAJOR Updates

Auto-skip packages: Never prompt for these packages—auto-apply their major updates:

lucide-react (icon library with frequent major bumps, backward-compatible in practice)

For each remaining package with a major update available, use AskUserQuestion to ask the user individually:

Package: <package-name>
Current: <current-version>
Available: <new-version>

Update to major version?

Question format:

header: Package name (max 12 chars, truncate if needed)
options: "Yes, update" / "No, skip"
multiSelect: false

Collect all approved major updates.

Step 5: Apply Approved MAJOR Updates

After collecting user approvals, apply the approved major updates:

taze major --write --include <pkg1>,<pkg2>,<pkg3>

Add -r if monorepo was detected.

Step 6: Update Bun Catalogs

After applying all updates, check the root package.json for Bun workspace catalogs. Bun monorepos can centralize dependency versions using catalog and catalogs fields inside the workspaces object:

{
  "workspaces": {
    "packages": ["packages/*"],
    "catalog": {
      "react": "^19.0.0"
    },
    "catalogs": {
      "testing": {
        "jest": "^30.0.0"
      }
    }
  }
}

Workspace packages reference these with "react": "catalog:" (default catalog) or "jest": "catalog:testing" (named catalog).

Skip this step if neither workspaces.catalog nor workspaces.catalogs exists in the root package.json.

For each package that was updated in Steps 3/5:

Check if it appears in workspaces.catalog — if so, update the version there
Check each named catalog in workspaces.catalogs — if the package appears, update the version there

Preserve the existing range prefix (^, ~, or none) from the catalog entry. For example, if the catalog has "react": "^19.0.0" and taze bumped react to 19.1.0, update the catalog to "react": "^19.1.0".

Use Edit to apply the version changes directly to the root package.json.

Step 7: Install Dependencies

After all updates are applied, run ni to install dependencies. It auto-detects the package manager.

Taze Output Interpretation

Taze displays updates grouped by type. Example output:

@types/node  ^20.0.0  →  ^22.0.0   (major)
typescript   ^5.3.0   →  ^5.4.0    (minor)
eslint       ^8.56.0  →  ^8.57.0   (patch)

The rightmost column indicates update type (major/minor/patch).

Packages shown with --include-locked that have no ^ or ~ are fixed versions—skip these entirely.

Script Reference

Script	Purpose
`scripts/run-taze.sh`	Run taze in non-interactive mode, check installation

Important Notes

Fixed-version dependencies (no ^ or ~) indicate intentional pinning—never modify these
MAJOR updates may contain breaking changes—always prompt the user
MINOR/PATCH updates are backward-compatible by semver convention—safe to auto-apply
The --include flag accepts comma-separated package names or regex patterns
Monorepo detection is automatic—no flag needed
Bun catalogs (workspaces.catalog / workspaces.catalogs) are the source of truth for workspace packages using the catalog: protocol—always update catalog entries alongside regular deps

Source

git clone https://github.com/PaulRBerg/agent-skills/blob/main/skills/bump-deps/SKILL.mdView on GitHub

Overview

Bump Dependencies updates Node.js packages using the taze CLI with smart prompting. It auto-applies MINOR and PATCH updates, prompts for MAJOR updates individually, and skips fixed-version packages. If you provide package names, commands are scoped with --include to those packages.

How This Skill Works

The skill runs a taze scan to detect available updates, auto-detects monorepos, and categorizes changes into Fixed, PATCH, MINOR, and MAJOR. It auto-applies MINOR/PATCH updates, then prompts for MAJOR updates, collecting approvals before applying them; it also checks Bun workspace catalogs when present. You can limit scope with package arguments via --include.

When to Use It

When you want to update dependencies across a Node.js project
When you need to update npm/pnpm/yarn/bun packages or check for outdated packages
When you want to update package.json dependencies with controlled MAJOR prompts
When you work in a monorepo and want to scope updates with --include
When you want to verify final dependency versions and Bun catalogs after updates

Quick Start

Step 1: Ensure taze is installed by running scripts/run-taze.sh
Step 2: Run bump-deps with optional package args, e.g. /bump-deps react typescript
Step 3: Respond to major-update prompts, review changes, and verify Bun catalogs if used

Best Practices

Verify taze is installed using scripts/run-taze.sh before running bump-deps
Let MINOR/PATCH updates auto-apply first to minimize disruption
Limit scope with --include when targeting specific packages
Carefully review MAJOR-update prompts and approve only safe upgrades
After updates, run tests and update Bun catalogs if your workspace uses them

Example Use Cases

Using /bump-deps react typescript to update only these two packages
In a monorepo, run taze minor --write to auto-apply all minor/patch updates
Prompt for major updates for remaining packages and approve selectively
Apply approved major updates with taze major --write --include pkg1,pkg2
Post-update, review and adjust Bun catalogs in the workspace manifest

Frequently Asked Questions

Add this skill to your agents