dependency-assessmentlisted

# Dependency Assessment ## What This Skill Enables Agents with this skill can make disciplined decisions about third-party packages instead of reflexively running `npm install` or `pip install` at the first sign of complexity. Without it, agents accumulate dependencies that bloat bundles, introduce supply-chain risk, and create upgrade nightmares. A skilled agent treats every new dependency as a long-term commitment and evaluates it accordingly. ## Core Competencies ### 1. Apply the "Do We Really Need This?" Checklist Before adding any package, answer every question honestly: | Question | Guidance | |---|---| | Does the standard library already cover this? | Check built-ins first. `fetch` exists natively; you may not need `axios`. | | Is the functionality fewer than ~50 lines to implement? | A `leftPad` situation. Write it yourself. | | Will this dependency be used in more than one place? | A single call site rarely justifies a new dependency. | | Does the project already have a similar package? | Two date libraries in one project is a code smell. | | Is this a direct dependency or only needed at build time? | Dev dependencies carry less runtime risk but still need auditing. | If you answer "no need" to any of the first four questions, stop. Write the code inline or use what already exists. ### 2. Evaluate Package Health Never install a package without checking its vital signs: | Signal | Healthy | Warning | Critical | |---|---|---|---| | **Last commit** | Within 3