live-dependency-resolver
Use this skill when installing, adding, or updating packages, checking latest versions, scaffolding projects with dependencies, or generating code that imports third-party packages. Triggers on npm install, pip install, cargo add, gem install, go get, dependency resolution, package management, module installation, crate addition, or any task requiring live version verification across npm, pip, Go modules, Rust/cargo, and Ruby/gem ecosystems. Covers synonyms: dependency, package, module, crate, gem, library.
engineering dependenciesnpmpipcargogemgo-modulespackage-managementversion-checkWhat is live-dependency-resolver?
Use this skill when installing, adding, or updating packages, checking latest versions, scaffolding projects with dependencies, or generating code that imports third-party packages. Triggers on npm install, pip install, cargo add, gem install, go get, dependency resolution, package management, module installation, crate addition, or any task requiring live version verification across npm, pip, Go modules, Rust/cargo, and Ruby/gem ecosystems. Covers synonyms: dependency, package, module, crate, gem, library.
Quick Start
- Open your terminal or command prompt
- Run:
npx skills add AbsolutelySkilled/AbsolutelySkilled --skill live-dependency-resolver - Start your AI coding agent (Claude Code, Cursor, Gemini CLI, or any supported agent)
- The live-dependency-resolver skill is now active and ready to use
live-dependency-resolver
live-dependency-resolver is a production-ready AI agent skill for claude-code, gemini-cli, openai-codex, and 1 more. Installing, adding, or updating packages, checking latest versions, scaffolding projects with dependencies, or generating code that imports third-party packages.
Quick Facts
| Field | Value |
|---|---|
| Category | engineering |
| Version | 0.1.0 |
| Platforms | claude-code, gemini-cli, openai-codex, mcp |
| License | MIT |
How to Install
- Make sure you have Node.js installed on your machine.
- Run the following command in your terminal:
npx skills add AbsolutelySkilled/AbsolutelySkilled --skill live-dependency-resolver- The live-dependency-resolver skill is now available in your AI coding agent (Claude Code, Gemini CLI, OpenAI Codex, etc.).
Overview
LLMs have knowledge cutoff dates that are months old. When helping users install coding dependencies, this causes hallucinated version numbers, suggestions for deprecated packages, and incorrect install commands. This skill teaches agents to always verify packages against live registries before suggesting any installation - using CLI commands first for speed and simplicity, with web API fallback when CLI tools are unavailable.
Tags
dependencies npm pip cargo gem go-modules package-management version-check
Platforms
- claude-code
- gemini-cli
- openai-codex
- mcp
Related Skills
Pair live-dependency-resolver with these complementary skills:
Frequently Asked Questions
What is live-dependency-resolver?
Use this skill when installing, adding, or updating packages, checking latest versions, scaffolding projects with dependencies, or generating code that imports third-party packages. Triggers on npm install, pip install, cargo add, gem install, go get, dependency resolution, package management, module installation, crate addition, or any task requiring live version verification across npm, pip, Go modules, Rust/cargo, and Ruby/gem ecosystems. Covers synonyms: dependency, package, module, crate, gem, library.
How do I install live-dependency-resolver?
Run npx skills add AbsolutelySkilled/AbsolutelySkilled --skill live-dependency-resolver in your terminal. The skill will be immediately available in your AI coding agent.
What AI agents support live-dependency-resolver?
This skill works with claude-code, gemini-cli, openai-codex, mcp. Install it once and use it across any supported AI coding agent.
Maintainers
Generated from AbsolutelySkilled
SKILL.md
Live Dependency Resolver
LLMs have knowledge cutoff dates that are months old. When helping users install coding dependencies, this causes hallucinated version numbers, suggestions for deprecated packages, and incorrect install commands. This skill teaches agents to always verify packages against live registries before suggesting any installation - using CLI commands first for speed and simplicity, with web API fallback when CLI tools are unavailable.
When to use this skill
Trigger this skill when the user:
- Asks to install, add, or update any package or dependency
- Wants to check the latest version of a package
- Needs to scaffold a project with third-party dependencies
- Asks you to generate code that imports a third-party package
- Requests a
package.json,requirements.txt,Cargo.toml,Gemfile, orgo.mod - Asks to compare package versions or check compatibility
- Mentions any package by name in a context where version matters
Do NOT trigger this skill for:
- OS-level packages (apt, brew, yum) - different registries and tools
- Private/internal registry packages - requires authentication, out of scope
- Post-install usage questions where the package is already installed and version is irrelevant
Key principles
Never trust your training data for versions - Your knowledge cutoff means every version number you "know" is potentially wrong. Always verify against the live registry before suggesting any version, even for well-known packages like React or Django.
CLI first, API fallback - Use CLI tools (
npm view,pip index versions,cargo search,gem search,go list -m) as the primary lookup method. They're faster, work offline against local caches, and produce simpler output. Fall back to web APIs only when the CLI tool is unavailable or fails.Verify package existence before recommending - Before suggesting an unknown or less-popular package, confirm it actually exists in the registry. A nonexistent package name in an install command wastes the user's time and erodes trust.
Show your work - When providing version information, include the command you ran and the raw output. This lets the user verify the result and learn the lookup method for future use.
Respect major version boundaries - Major version bumps often contain breaking changes. When a user's existing code targets v4.x, don't blindly suggest upgrading to v5.x. Flag major version differences and let the user decide.
Core concepts
Quick reference table
| Ecosystem | CLI: check latest version | Web API fallback |
|---|---|---|
| npm | npm view <pkg> version |
curl https://registry.npmjs.org/<pkg>/latest |
| pip | pip index versions <pkg> |
curl https://pypi.org/pypi/<pkg>/json |
| Go | go list -m <mod>@latest |
curl https://proxy.golang.org/<mod>/@latest |
| cargo | cargo search <crate> --limit 1 |
curl -H "User-Agent: skill" https://crates.io/api/v1/crates/<name> |
| gem | gem search ^<name>$ --remote |
curl https://rubygems.org/api/v1/gems/<name>.json |
Decision tree
- User mentions a package -> identify the ecosystem
- Run the CLI command for that ecosystem
- If CLI fails (tool not installed, network error) -> try the web API
- If both fail -> tell the user you cannot verify and suggest they check manually
- Never silently fall back to training data
Major version handling
When a user's project already pins to a major version (e.g. "react": "^17.0.0"), check
whether the latest version is in the same major line. If it's a new major version, explicitly
flag this: "The latest React is 19.x, but your project uses 17.x. Upgrading across major
versions may require migration steps."
Common tasks
Check latest npm package version
# CLI (preferred)
npm view express version
# Returns: 4.21.2
# With more detail (all published versions)
npm view express versions --json
# Web API fallback
curl -s https://registry.npmjs.org/express/latest | jq '.version'Gotcha: For scoped packages like
@babel/core, the CLI works directly (npm view @babel/core version), but the API URL needs encoding:https://registry.npmjs.org/@babel%2fcore/latest.
Check latest Python package version
# CLI (preferred - requires pip 21.2+)
pip index versions numpy
# Output includes: LATEST: 2.2.3
# Web API fallback
curl -s https://pypi.org/pypi/numpy/json | jq '.info.version'Gotcha:
pip index versionsrequires pip 21.2+. On older pip versions, this command doesn't exist. Fall back to the PyPI JSON API. Also, always usepython -m pipinstead of barepipto ensure you're targeting the correct Python installation, especially in virtual environments.
Check latest Go module version
# CLI (preferred - must be in a Go module directory)
go list -m golang.org/x/sync@latest
# Returns: golang.org/x/sync v0.12.0
# Web API fallback
curl -s https://proxy.golang.org/golang.org/x/sync/@latest | jq '.Version'Gotcha: Go module paths are case-sensitive.
github.com/User/Repoandgithub.com/user/repoare different modules. The Go proxy uses case-encoding where uppercase letters become!+ lowercase (e.g.!user/!repo).
Add a Rust crate dependency
# CLI: search for latest version
cargo search serde --limit 1
# Output: serde = "1.0.219" # A generic serialization/deserialization framework
# CLI: add to project (cargo-edit required for older Rust, built-in since Rust 1.62)
cargo add serde --features derive
# Web API fallback
curl -s -H "User-Agent: live-dep-resolver" \
https://crates.io/api/v1/crates/serde | jq '.crate.max_version'Gotcha:
cargo searchoutput includes a description after the version. Parse carefully - extract just the version string within quotes. Also, crates.io API requires aUser-Agentheader or returns 403.
Check latest Ruby gem version
# CLI (preferred)
gem search ^rails$ --remote
# Output: rails (8.0.2)
# Web API fallback
curl -s https://rubygems.org/api/v1/gems/rails.json | jq '.version'Gotcha:
gem searchwithout regex anchors (^...$) matches partial names.gem search railreturns dozens of gems. Always use^name$for exact matches.
Scoped npm packages and version ranges
# Check a scoped package
npm view @types/react version
# Check a specific version range's latest match
npm view react@^18 version
# Returns the latest 18.x version
# Check peer dependencies (important for plugin ecosystems)
npm view eslint-plugin-react peerDependencies --jsonPython version compatibility check
# Check which Python versions a package supports
curl -s https://pypi.org/pypi/django/json | jq '.info.requires_python'
# Returns: ">=3.10"
# List all available versions to find one compatible with Python 3.9
pip index versions django
# Then check the classifiers for the specific version:
curl -s https://pypi.org/pypi/django/4.2.20/json | jq '.info.requires_python'Anti-patterns
| Mistake | Why it's wrong | What to do instead |
|---|---|---|
| Hardcoding a version from memory | Your training data is months old; the version may be outdated or wrong | Run the CLI lookup command and use the live result |
Suggesting npm install pkg@latest without checking |
@latest resolves at install time, but the user may need to know the version for lockfiles, CI, or compatibility |
Look up the version first, then suggest pkg@x.y.z explicitly |
Using pip install pkg without verifying it exists |
Typosquatting is real - python-dateutil vs dateutil can install malicious packages |
Verify the exact package name against the registry first |
| Ignoring major version boundaries | Blindly suggesting the latest version can break existing projects | Check the user's current pinned version and flag major bumps |
| Skipping the lookup because "everyone knows React" | Even popular packages have breaking version changes; React 18 vs 19 matters | Always verify, regardless of package popularity |
| Falling back to training data silently when CLI fails | The user trusts your output; stale data without disclosure breaks that trust | If both CLI and API fail, explicitly say you cannot verify the version |
Gotchas
pip index versionsdoes not exist on older pip - On pip versions before 21.2, theindexsubcommand is missing entirely. Running it produces a confusing "No such command" error, not a version list. Fall back to the PyPI JSON API (curl https://pypi.org/pypi/<pkg>/json) or upgrade pip first.Scoped npm packages need URL-encoding in API calls -
npm view @scope/pkg versionworks fine on the CLI, but the registry API URL must encode the slash:https://registry.npmjs.org/@scope%2fpkg/latest. Forgetting this returns a 404 that looks like the package does not exist.crates.io API requires a User-Agent header - Unlike npm and PyPI, the crates.io API returns a 403 Forbidden if you send a bare
curlrequest without aUser-Agentheader. Always pass-H "User-Agent: <anything>"when hitting the crates.io API.go list -monly works inside a Go module directory - Runninggo list -m <mod>@latestoutside a directory with ago.modfile fails with "not using modules". Eithercdinto a Go project first or use the Go proxy API as a fallback.@latesttag does not always mean the newest version - On npm,@latestis a dist-tag that maintainers control. Some packages set@latestto an older LTS release while publishing newer versions under@nextor@canary. Always cross-checknpm view <pkg> dist-tagsto see what@latestactually points to.
References
For detailed registry-specific commands, API endpoints, and edge cases, load the relevant reference file only when the current task requires that ecosystem:
references/npm-registry.md- npm CLI commands, registry API, scoped packages, peer deps, lockfilesreferences/python-registry.md- pip commands, PyPI API, pip vs pip3, virtual envs, PEP 440 specifiersreferences/go-modules.md- go list commands, Go proxy API, go get vs go install, major version suffixesreferences/rust-crates.md- cargo commands, crates.io API (User-Agent required), feature flags, version reqsreferences/ruby-gems.md- gem commands, RubyGems API, bundler vs gem install, version constraints
Only load a references file if the current task requires it - they are long and will consume context.
References
go-modules.md
Go Modules Reference
CLI Commands
go list -m (primary lookup)
# Latest version of a module
go list -m golang.org/x/sync@latest
# Output: golang.org/x/sync v0.12.0
# All available versions
go list -m -versions golang.org/x/sync
# Output: golang.org/x/sync v0.0.0-20181108010431-42b317875d0f v0.1.0 v0.2.0 ...
# JSON output with more detail
go list -m -json golang.org/x/sync@latest
# {"Path": "golang.org/x/sync", "Version": "v0.12.0", "Time": "2025-01-..."}Gotcha: go list -m must be run inside a Go module directory (one containing go.mod). Outside a module, use GOFLAGS=-mod=mod or the Go proxy API instead.
go get vs go install
These two commands serve different purposes:
# go get: add/update a dependency in go.mod (for libraries)
go get github.com/gin-gonic/gin@latest
go get github.com/gin-gonic/gin@v1.10.0
# go install: install a binary tool (for executables)
go install golang.org/x/tools/gopls@latest
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest- Use
go getwhen adding a library dependency to your project - Use
go installwhen installing a standalone CLI tool - Since Go 1.17,
go getno longer builds and installs binaries - usego installfor that
go mod tidy
# Clean up go.mod and go.sum
go mod tidy
# Add missing and remove unused dependencies
# Also downloads missing modulesGo Module Proxy API
Base URL: https://proxy.golang.org
Get latest version
# Latest version info
curl -s https://proxy.golang.org/golang.org/x/sync/@latest
# {"Version":"v0.12.0","Time":"2025-01-06T15:10:07Z"}
# List all versions
curl -s https://proxy.golang.org/golang.org/x/sync/@v/list
# v0.0.0-20181108010431-42b317875d0f
# v0.1.0
# v0.2.0
# ...
# Get go.mod for a specific version
curl -s https://proxy.golang.org/golang.org/x/sync/@v/v0.12.0.modCase-encoding in proxy URLs
Go module paths are case-sensitive. The proxy uses a special encoding where uppercase letters become ! + lowercase:
# github.com/Azure/azure-sdk-for-go -> github.com/!azure/azure-sdk-for-go
curl -s https://proxy.golang.org/github.com/'!azure'/azure-sdk-for-go/@latestThis rarely comes up for most packages but is critical for Microsoft, Google, and other mixed-case module paths.
Module Paths and Versioning
Module path structure
github.com/user/repo # Standard module
github.com/user/repo/v2 # Major version 2+
golang.org/x/tools # Go standard library extensions
google.golang.org/grpc # Vanity import pathMajor version suffixes
Go modules use major version suffixes in the import path for v2+:
import "github.com/user/repo" // v0.x or v1.x
import "github.com/user/repo/v2" // v2.x
import "github.com/user/repo/v3" // v3.x# Get latest v1
go list -m github.com/user/repo@latest
# Get latest v2 (different module path!)
go list -m github.com/user/repo/v2@latestGotcha: v0 and v1 do not have a version suffix in the import path. Starting from v2, the suffix is required. If you go get repo/v2 but the module hasn't published a v2, it fails.
Version selection
# Specific version
go get github.com/gin-gonic/gin@v1.10.0
# Latest tagged version
go get github.com/gin-gonic/gin@latest
# Specific commit (pseudo-version)
go get github.com/gin-gonic/gin@abc1234
# Upgrade all dependencies
go get -u ./...
# Upgrade only patch versions
go get -u=patch ./...go.mod File Format
module github.com/myorg/myproject
go 1.22
require (
github.com/gin-gonic/gin v1.10.0
golang.org/x/sync v0.12.0
)
// Indirect dependencies (transitive)
require (
github.com/some/indirect v1.0.0 // indirect
)
// Replace directives (local development or forks)
replace github.com/original/pkg => ../local-fork
// Exclude a broken version
exclude github.com/broken/pkg v1.0.1Common Gotchas
Module paths are case-sensitive -
github.com/User/Repoandgithub.com/user/repoare different modules. Always use the exact casing from the repository.go getin module mode requiresgo.mod- Runninggo getoutside a module directory withGO111MODULE=on(default since Go 1.16) fails. Initialize withgo mod initfirst.Major version suffixes change the import path - v2+ of a module is a completely different module path. You cannot
go get repo@v2.0.0- you mustgo get repo/v2@v2.0.0.@latestmay not be the newest tag -@latestresolves to the latest stable (non-pre-release) semver tag. Av2.0.0-beta.1tag won't be selected by@latest. Use@v2.0.0-beta.1explicitly for pre-releases.Private modules bypass the proxy - Modules from private repos aren't available on
proxy.golang.org. SetGONOSUMCHECKandGOPRIVATEfor private module paths:go env -w GOPRIVATE=github.com/myorg/*go mod tidymay upgrade dependencies - Runninggo mod tidycan change versions ingo.sumif the dependency graph has changed. Review the diff before committing.Retracted versions - Module authors can retract versions via
go.mod. A retracted version won't be selected by@latestbut can still be explicitly requested.
npm-registry.md
npm Registry Reference
CLI Commands
npm view (primary lookup)
# Latest version
npm view express version
# Output: 4.21.2
# All published versions as JSON array
npm view express versions --json
# Specific metadata fields
npm view express description homepage license
# Check dist-tags (latest, next, canary, etc.)
npm view express dist-tags --json
# Peer dependencies (critical for plugin ecosystems)
npm view eslint-plugin-react peerDependencies --json
# Check engines field (minimum Node.js version)
npm view express engines --json
# Time of publication for each version
npm view express time --jsonnpm info (alias)
npm info is an alias for npm view. Both work identically.
npm search
# Search for packages by keyword
npm search express --json | jq '.[0:5]'
# Search with specific fields
npm search --long expressnpx vs npm install
npx <pkg>- Downloads and runs a package without installing it globally. Use for one-off CLI tools likecreate-react-app,prettier, oreslint.npm install <pkg>- Installs intonode_modules/as a project dependency.npm install -g <pkg>- Installs globally. Prefernpxover global installs for most CLI tools.
Registry API
Base URL: https://registry.npmjs.org
Get package metadata
# Full metadata (large response)
curl -s https://registry.npmjs.org/express | jq '.["dist-tags"].latest'
# Abbreviated metadata (faster, less data)
curl -s -H "Accept: application/vnd.npm.install-v1+json" \
https://registry.npmjs.org/express | jq '.["dist-tags"].latest'
# Specific version
curl -s https://registry.npmjs.org/express/4.21.2 | jq '.version'
# Latest tag shortcut
curl -s https://registry.npmjs.org/express/latest | jq '.version'Scoped packages
Scoped packages (e.g. @scope/name) require URL encoding of the /:
# @babel/core -> @babel%2fcore
curl -s https://registry.npmjs.org/@babel%2fcore/latest | jq '.version'
# @types/react -> @types%2freact
curl -s https://registry.npmjs.org/@types%2freact/latest | jq '.version'The CLI handles this automatically - npm view @babel/core version works without encoding.
Version Ranges and Semver
npm uses node-semver for version resolution:
| Range | Meaning |
|---|---|
^1.2.3 |
>=1.2.3 <2.0.0 (default on install) |
~1.2.3 |
>=1.2.3 <1.3.0 |
1.2.3 |
Exact version |
* |
Any version |
>=1.0.0 <2.0.0 |
Explicit range |
1.x |
>=1.0.0 <2.0.0 |
Check what a range resolves to
# What's the latest version matching ^17?
npm view react@'^17' version
# Returns the latest 17.x
# What versions match a range?
npm view react versions --json | jq '[.[] | select(startswith("18."))]'Lockfiles
package-lock.json- npm's lockfile (npm 5+). Pins exact versions for reproducible installs.npm ci- Clean install from lockfile only. Fails ifpackage.jsonand lockfile are out of sync. Use in CI.npm install- Updates lockfile ifpackage.jsonchanged. Use in development.
Peer Dependencies
Peer dependencies declare compatibility requirements without installing the dependency:
# Check what peers a package requires
npm view eslint-plugin-react peerDependencies --json
# {"eslint": "^3 || ^4 || ^5 || ^6 || ^7 || ^8 || ^9"}
# npm 7+ auto-installs peer deps (npm 3-6 did not)
# This can cause version conflicts - check before installingCommon Gotchas
npm viewrequires the package to exist - If the package name is wrong, you get an E404. Use this as an existence check.Scoped packages in API URLs need encoding -
@scope/namebecomes@scope%2fnamein URLs. The CLI handles this transparently.npm viewshows thelatestdist-tag by default - Some packages publish newer versions under different tags (e.g.next,canary,rc). Checkdist-tagsif the user wants a pre-release.npm outdatedrequires a project - Only works inside a directory withpackage.json. Usenpm viewfor ad-hoc version checks.Private packages return 404 or 401 - If a package lookup fails with auth errors, it may be a private package requiring
.npmrcconfiguration. This is out of scope for this skill.Deprecated packages -
npm view <pkg>shows a deprecation notice if the package is deprecated. Always check for this and warn the user.
# Check if deprecated
npm view request deprecated
# Output: "request has been deprecated..."python-registry.md
Python Registry Reference
CLI Commands
pip index versions (primary lookup)
# List all available versions (requires pip 21.2+)
pip index versions numpy
# Output:
# numpy (2.2.3)
# Available versions: 2.2.3, 2.2.2, 2.2.1, ...
# INSTALLED: 1.26.4
# LATEST: 2.2.3
# Filter by Python version compatibility
pip index versions numpy --python-version 3.9Gotcha: pip index versions was added in pip 21.2. On older versions, this command does not exist. Check pip version with pip --version and fall back to the PyPI API.
pip vs pip3 vs python -m pip
# Recommended: always use python -m pip to ensure correct Python
python -m pip install numpy
python3 -m pip install numpy
# Direct pip command (may point to wrong Python)
pip install numpy # Could be Python 2 on some systems
pip3 install numpy # Usually Python 3, but not guaranteed
# Check which Python pip points to
pip --version
# pip 24.0 from /usr/lib/python3.12/site-packages/pip (python 3.12)pip show (installed package info)
# Check installed version and metadata
pip show numpy
# Name: numpy
# Version: 1.26.4
# Requires-Python: >=3.9
# ...pip install with version constraints
# Exact version
pip install django==4.2.20
# Minimum version
pip install django>=4.2
# Version range
pip install 'django>=4.2,<5.0'
# Latest compatible (equivalent to npm's ^)
pip install 'django~=4.2' # >=4.2, <5.0
# Upgrade to latest
pip install --upgrade djangoPyPI JSON API
Base URL: https://pypi.org
Get package metadata
# Full metadata (all versions)
curl -s https://pypi.org/pypi/numpy/json | jq '.info.version'
# Specific version
curl -s https://pypi.org/pypi/numpy/2.2.3/json | jq '.info.version'
# Python version requirement
curl -s https://pypi.org/pypi/django/json | jq '.info.requires_python'
# Output: ">=3.10"
# All available versions
curl -s https://pypi.org/pypi/numpy/json | jq '.releases | keys[]' | tail -10
# Package description and homepage
curl -s https://pypi.org/pypi/numpy/json | jq '{summary: .info.summary, home: .info.home_page}'Check package existence
# Returns 200 if exists, 404 if not
curl -s -o /dev/null -w "%{http_code}" https://pypi.org/pypi/some-package-name/jsonVirtual Environments
Always recommend virtual environments for Python projects:
# Create a venv
python -m venv .venv
# Activate (bash/zsh)
source .venv/bin/activate
# Activate (fish)
source .venv/bin/activate.fish
# Activate (Windows PowerShell)
.venv\Scripts\Activate.ps1
# Install into the venv
pip install numpy
# Deactivate
deactivateGotcha: Running pip install without an active virtual environment installs globally (or into the user site-packages with --user). Always check for an active venv before suggesting installs. Look for (.venv) in the shell prompt or check sys.prefix.
PEP 440 Version Specifiers
| Specifier | Meaning |
|---|---|
==1.2.3 |
Exact version |
>=1.2 |
Minimum version |
<=1.2 |
Maximum version |
~=1.2 |
Compatible release: >=1.2, <2.0 |
~=1.2.3 |
Compatible release: >=1.2.3, <1.3.0 |
!=1.2.3 |
Exclude specific version |
>=1.0,<2.0 |
Range (comma = AND) |
requirements.txt format
numpy>=1.26,<3.0
django~=4.2
requests==2.32.3
python-dateutil>=2.8pyproject.toml format (modern)
[project]
dependencies = [
"numpy>=1.26,<3.0",
"django~=4.2",
"requests>=2.32",
]Common Gotchas
pip index versionsrequires pip 21.2+ - Falls back silently to nothing on older versions. Always check pip version first or use the PyPI API.Package name normalization - PyPI treats
-,_, and.as equivalent in package names.python-dateutil,python_dateutil, andpython.dateutilall resolve to the same package. Use the canonical name (hyphens) in install commands.Typosquatting - PyPI has had malicious packages with names similar to popular ones (e.g.
python-dateutilvsdateutil). Always verify the exact package name.requires_pythonfield - Check this before recommending a package version. A user on Python 3.8 cannot install Django 5.x (requires Python 3.10+).System Python vs user Python - On macOS and many Linux distros,
pythonorpython3is the system Python. Installing packages into it can break system tools. Always use a virtual environment.pip resolver conflicts - pip 20.3+ has a strict dependency resolver. If install fails with resolver errors, the user may need to relax version constraints or use
--no-deps(with caution).Extras/optional dependencies - Some packages have optional feature groups:
pip install fastapi[standard] # Includes uvicorn, httptools, etc. pip install pandas[excel] # Includes openpyxl for Excel support
ruby-gems.md
Ruby Gems Reference
CLI Commands
gem search (primary lookup)
# Search for exact gem name (use anchors for exact match)
gem search ^rails$ --remote
# Output: rails (8.0.2)
# Without anchors, matches partial names (returns many results)
gem search rails --remote | head -5
# Output:
# rails (8.0.2)
# rails-admin (0.0.1)
# rails-api (0.4.1)
# ...Gotcha: Always use ^name$ regex anchors for exact matches. gem search rails without anchors returns dozens of gems with "rails" anywhere in the name.
gem info
# Detailed info about a gem
gem info rails --remote
# Output includes: version, authors, homepage, license, dependencies
# List all remote versions
gem list rails --remote --all | head -5
# rails (8.0.2, 8.0.1, 8.0.0, 7.2.2.1, ...)gem install
# Install latest version
gem install rails
# Install specific version
gem install rails -v 7.2.2.1
# Install with version constraint
gem install rails -v '~> 7.2'
# Install without docs (faster)
gem install rails --no-document
# Install into a specific directory
gem install rails --install-dir ./vendor/gemsgem specification
# Get detailed spec info in YAML
gem specification rails --remote
# Get specific field
gem specification rails --remote --field version
# Output: 8.0.2
# Get dependencies
gem specification rails --remote --field dependenciesRubyGems.org API
Base URL: https://rubygems.org
Get gem metadata
# Get gem info as JSON
curl -s https://rubygems.org/api/v1/gems/rails.json | jq '.version'
# Output: "8.0.2"
# Get all versions
curl -s https://rubygems.org/api/v1/versions/rails.json | jq '.[0:5] | .[].number'
# Get dependencies for a specific version
curl -s https://rubygems.org/api/v1/versions/rails/latest.json | jq '.version'
# Search for gems
curl -s 'https://rubygems.org/api/v1/search.json?query=rails&page=1' | jq '.[0:3] | .[].name'
# Get download count
curl -s https://rubygems.org/api/v1/gems/rails.json | jq '.downloads'Check gem existence
# Returns 200 if exists, 404 if not
curl -s -o /dev/null -w "%{http_code}" https://rubygems.org/api/v1/gems/some-gem-name.jsonBundler vs gem install
When to use which
gem install <name>- Install a standalone tool or global gem (e.g.rails,rubocop)bundle add <name>- Add a dependency to a project'sGemfileand install itbundle install- Install all dependencies fromGemfile.lockbundle exec <cmd>- Run a command using the project's bundled gems
Gemfile format
source 'https://rubygems.org'
# Latest version
gem 'rails'
# Specific version
gem 'rails', '8.0.2'
# Version constraints
gem 'rails', '~> 7.2' # >= 7.2, < 8.0
gem 'rails', '>= 7.0', '< 9'
# Development only
gem 'rspec', group: :development
gem 'rubocop', group: [:development, :test]
# GitHub source
gem 'my-gem', git: 'https://github.com/user/repo'
# Platform-specific
gem 'sqlite3', platforms: [:ruby, :mswin]bundle add
# Add to Gemfile and install
bundle add rails
# Add specific version
bundle add rails --version "~> 7.2"
# Add to a group
bundle add rspec --group development
# Skip install (just modify Gemfile)
bundle add rails --skip-installVersion Constraints
Ruby gems use these version constraint operators:
| Constraint | Meaning |
|---|---|
= 1.2.3 |
Exact version |
!= 1.2.3 |
Any version except |
> 1.2.3 |
Greater than |
>= 1.2.3 |
Greater than or equal |
< 2.0 |
Less than |
<= 2.0 |
Less than or equal |
~> 1.2 |
Pessimistic: >= 1.2, < 2.0 |
~> 1.2.3 |
Pessimistic: >= 1.2.3, < 1.3.0 |
The pessimistic operator (~>) is the most common. It's similar to npm's ^ for major versions and ~ for patch versions.
Platform Gems
Some gems have platform-specific variants (e.g. native extensions):
# Check available platforms for a gem
curl -s https://rubygems.org/api/v1/versions/nokogiri.json | \
jq '[.[0:5] | .[] | {number, platform}]'
# Common platforms:
# ruby - Pure Ruby (works everywhere)
# java - JRuby
# x86_64-linux
# x86_64-darwin
# arm64-darwin
# x64-mingw-ucrt (Windows)Bundler automatically selects the correct platform variant. When specifying versions manually, be aware that platform-specific gems may have different available versions.
Common Gotchas
gem searchwithout anchors matches partial names -gem search railreturnsrails,rails-api,railties, etc. Always use^name$for exact matches.Bundler lockfile platform -
Gemfile.lockrecords the platform. Moving between architectures (x86 to ARM) requiresbundle lock --add-platform <platform>.System Ruby vs user Ruby - On macOS, the system Ruby (
/usr/bin/ruby) is managed by Apple and should not have gems installed into it. Use rbenv, rvm, or asdf to manage Ruby versions.requirename differs from gem name - The gemactiverecordis required asactive_record. The gemrspec-coreis required asrspec/core. Check the gem's README for the correct require path.Yanked gems - Gem authors can yank versions from RubyGems.org. Yanked versions won't appear in search results but may still be in existing
Gemfile.lockfiles.Pre-release versions - Pre-release versions (e.g.
8.0.0.rc1) are not installed by default. Usegem install rails --preor specify the exact version.Native extension build failures - Gems with C extensions (nokogiri, pg, mysql2) require system libraries. Common fixes:
# nokogiri brew install libxml2 libxslt # macOS # pg (PostgreSQL) brew install postgresql # macOS # mysql2 brew install mysql # macOS
rust-crates.md
Rust Crates Reference
CLI Commands
cargo search (primary lookup)
# Search for a crate by name
cargo search serde --limit 1
# Output: serde = "1.0.219" # A generic serialization/deserialization framework
# Search with more results
cargo search http --limit 10
# The output format is: name = "version" # description
# Parse carefully - extract just the version between quotesGotcha: cargo search output includes a description after the version number. When extracting the version programmatically, parse only the content between the first pair of double quotes after =.
cargo add (add dependency)
# Add latest version (built-in since Rust 1.62)
cargo add serde
# Add with specific features
cargo add serde --features derive
cargo add tokio --features full
# Add specific version
cargo add serde@1.0.219
# Add as dev dependency
cargo add --dev criterion
# Add as build dependency
cargo add --build cc
# Dry run to see what would change
cargo add serde --dry-runFor Rust versions before 1.62, cargo add requires the cargo-edit crate:
cargo install cargo-editcargo update
# Update all dependencies to latest compatible versions
cargo update
# Update a specific crate
cargo update serde
# Update to a specific version
cargo update serde --precise 1.0.219crates.io API
Base URL: https://crates.io/api/v1
Critical: crates.io requires a User-Agent header on all API requests. Requests without it return 403 Forbidden.
Get crate metadata
# Get crate info (requires User-Agent header)
curl -s -H "User-Agent: live-dep-resolver" \
https://crates.io/api/v1/crates/serde | jq '.crate.max_version'
# Get specific version info
curl -s -H "User-Agent: live-dep-resolver" \
https://crates.io/api/v1/crates/serde/1.0.219 | jq '.version.num'
# List all versions
curl -s -H "User-Agent: live-dep-resolver" \
https://crates.io/api/v1/crates/serde/versions | jq '.versions[].num' | head -10
# Get download count
curl -s -H "User-Agent: live-dep-resolver" \
https://crates.io/api/v1/crates/serde | jq '.crate.downloads'
# Search for crates
curl -s -H "User-Agent: live-dep-resolver" \
'https://crates.io/api/v1/crates?q=json&per_page=5' | jq '.crates[].name'Check crate existence
# Returns 200 if exists, 404 if not
curl -s -o /dev/null -w "%{http_code}" \
-H "User-Agent: live-dep-resolver" \
https://crates.io/api/v1/crates/some-crate-nameFeature Flags
Rust crates use feature flags to enable optional functionality:
# Cargo.toml - enabling features
[dependencies]
serde = { version = "1.0", features = ["derive"] }
tokio = { version = "1", features = ["full"] }
reqwest = { version = "0.12", features = ["json", "rustls-tls"] }
# Default features are enabled automatically
# To disable them:
serde_json = { version = "1.0", default-features = false }Checking available features
# Via API
curl -s -H "User-Agent: live-dep-resolver" \
https://crates.io/api/v1/crates/tokio/1.43.0 | jq '.version.features'
# Via docs.rs (human-readable)
# https://docs.rs/tokio/latest/tokio/#feature-flagsCommon feature patterns:
derive- Proc macro derives (serde, thiserror)full- All features enabled (tokio)json- JSON support (reqwest)rustls-tls/native-tls- TLS backend selectionasync- Async runtime support
Cargo.toml Version Requirements
| Requirement | Meaning |
|---|---|
"1.0.219" |
>=1.0.219, <2.0.0 (default caret) |
"^1.0.219" |
Same as above (explicit caret) |
"~1.0.219" |
>=1.0.219, <1.1.0 (tilde) |
"=1.0.219" |
Exact version only |
">=1.0, <2.0" |
Explicit range |
"*" |
Any version |
Note: Cargo's default "1.0.219" is equivalent to npm's ^1.0.219. This is the recommended way to specify versions - it allows patch and minor updates while preventing breaking changes.
Workspace dependencies (monorepo)
# Root Cargo.toml
[workspace.dependencies]
serde = { version = "1.0", features = ["derive"] }
tokio = { version = "1", features = ["full"] }
# Member Cargo.toml
[dependencies]
serde = { workspace = true }
tokio = { workspace = true }Common Gotchas
crates.io API requires User-Agent - Any request without a
User-Agentheader returns 403. Always include one:-H "User-Agent: my-app".cargo searchoutput needs parsing - The output format isname = "version" # description. Don't include the description text when extracting the version.Feature flags can change between versions - A feature available in v1.0 may be renamed or removed in v2.0. Always check features for the specific version being installed.
Yanked versions - Crate authors can yank versions (similar to npm deprecation). Yanked versions won't be selected by cargo but can still be used if already in
Cargo.lock. The API field isversion.yanked.cargo addavailability - Built into cargo since Rust 1.62 (June 2022). For older toolchains, installcargo-edit:cargo install cargo-edit.Crate name vs module name - Crate names use hyphens (
serde-json) but Rust code uses underscores (serde_json). The registry treats them as equivalent butusestatements require underscores.Build scripts and proc macros - Some crates require a C compiler or system libraries.
openssl-sysneeds OpenSSL headers;ringneeds a C compiler. Check the crate's README for system dependencies.
Frequently Asked Questions
What is live-dependency-resolver?
Use this skill when installing, adding, or updating packages, checking latest versions, scaffolding projects with dependencies, or generating code that imports third-party packages. Triggers on npm install, pip install, cargo add, gem install, go get, dependency resolution, package management, module installation, crate addition, or any task requiring live version verification across npm, pip, Go modules, Rust/cargo, and Ruby/gem ecosystems. Covers synonyms: dependency, package, module, crate, gem, library.
How do I install live-dependency-resolver?
Run npx skills add AbsolutelySkilled/AbsolutelySkilled --skill live-dependency-resolver in your terminal. The skill will be immediately available in your AI coding agent.
What AI agents support live-dependency-resolver?
live-dependency-resolver works with claude-code, gemini-cli, openai-codex, mcp. Install it once and use it across any supported AI coding agent.
Is live-dependency-resolver free?
Yes, live-dependency-resolver is completely free and open source under the MIT license. Install it with a single command and start using it immediately.
What is the difference between live-dependency-resolver and similar tools?
live-dependency-resolver is an AI agent skill that teaches your coding agent specialized software engineering knowledge. Unlike standalone tools, it integrates directly into claude-code, gemini-cli, openai-codex and other AI agents.
Can I use live-dependency-resolver with Cursor or Windsurf?
live-dependency-resolver works with any AI coding agent that supports the skills protocol, including Claude Code, Cursor, Windsurf, GitHub Copilot, Gemini CLI, and 40+ more.