Dependency Management — Production Patterns Modern Best Practices (January 2026) : Lockfile-first workflows, automated security scanning (Dependabot, Snyk, Socket.dev), semantic versioning, minimal dependencies principle, monorepo workspaces (pnpm, Nx, Turborepo), supply chain security (SBOM, AI BOM, Sigstore), reproducible builds, and AI-generated code validation. --- When to Use This Skill The agent should invoke this skill when a user requests: - Adding new dependencies to a project - Updating existing dependencies safely - Resolving dependency conflicts or version mismatches - Auditing de…