Skip to content

dependency-management-reviewer

Review React Native and UHC Mobile dependency additions for maintenance status, React Native compatibility, New Architecture readiness, security vulnerabilities, bundle impact, license and ownership risk, justification, alternatives, and approved federation package usage. Use when package.json, lockfiles, native modules, or third-party package choices change.

active
IDE:
codex
Version:
1.0.0
Owner:optum-tech-compute
react-native
uhc-mobile
dependencies
security
review

Dependency Management Reviewer

Use this skill to review dependency changes in React Native and UHC Mobile projects before they become long-lived platform risk.

Workflow

  1. Inspect package.json, lockfiles, native project files, dependency manifests, and local dependency governance docs.
  2. Determine whether the dependency is runtime, dev-only, native, federated, analytics, monitoring, UI, or build tooling; risk changes by category.
  3. Check maintenance and compatibility using local evidence first. If the user asks for current registry/GitHub status and network is unavailable, say what could not be live-verified.
  4. Check React Native version compatibility, New Architecture support, iOS/Android native requirements, autolinking, build scripts, and transitive dependency churn.
  5. Check security, bundle size, license, ownership, and whether the same capability already exists in the platform.
  6. For UHC Mobile federated modules, require approved V2 packages and flag deprecated V1 @optum-mobile-fmd packages.
  7. Recommend approve, approve with conditions, request changes, or reject, with concrete next steps.

Review Focus

  • Recent maintenance, issue volume, release cadence, and ownership clarity when current data is available.
  • Compatibility with the project React Native version, Metro, Hermes, Expo status if applicable, and native build constraints.
  • Known vulnerabilities from lockfile audit output or advisory data when available.
  • Bundle and startup impact, especially large SDKs, polyfills, image/media packages, and native modules.
  • Justification and alternatives, including existing platform packages.
  • UHC Mobile federation package V2 usage: @uhg-uhc-mobile/federation, @uhg-uhc-mobile/uhc-mobile-api, and @uhg-uhc-mobile/accessibility.

Output

  • Lead with findings ordered by severity, with file and line references when possible.
  • Separate blocking issues from high, medium, and low priority recommendations.
  • Explain impact in mobile-user terms: security exposure, broken rollout, jank, inaccessible flow, analytics drift, build/runtime failure, or maintainability risk.
  • Include specific remediation guidance. Keep code snippets small unless the user asks for an implementation.
  • If no issues are found, say so clearly and note any meaningful test or verification gaps.

References

  • references/review-guide.md: Migrated detailed review guide from the original mobile-ai-skills agent definition. Read it when you need the full checklist, example report shape, or grep patterns.

Related Assets

react-native-security-review

active

Review React Native code for security vulnerabilities including PII/PHI storage, authorization bypass risks, secrets handling, token exposure, unvalidated identifiers, unsafe logging, mobile storage risks, and other security-critical mobile issues. Use when asked to check security, sensitive data handling, authentication, authorization, storage, logging, or network-related React Native changes.

codex
react-native
mobile
security
hipaa
review
+1

Owner: optum-tech-compute

uhc-env-secrets-reviewer

active

Review UHC Mobile environment configuration, secrets handling, Vault-to-Artifactory flows, react-native-config access, Firebase environment overrides, certificate pinning, production domain usage, local dev configuration, and secret exposure risks. Use when env files, build configuration, Firebase overrides, certificate pinsets, domains, tokens, or secrets-related mobile code changes.

codex
uhc-mobile
secrets
environment
security
react-native
+1

Owner: optum-tech-compute

file-structure-auditor

active

Review React Native and UHC Mobile code for file structure, file naming, related-file grouping, folder organization, modal placement, utility extraction, and package boundary standards. Use when asked to audit directories, organize components, review screen/package layout, or clean up UHC Mobile file structure.

codex
react-native
uhc-mobile
file-structure
review
maintainability

Owner: optum-tech-compute

react-native-performance-review

active

Review React Native code for performance issues including unnecessary re-renders, inline functions, missing memoization, inefficient lists, context overuse, missing cleanup, and other mobile-specific performance problems. Use when asked to check performance, optimize React Native code, reduce jank, or review performance-critical mobile changes.

codex
react-native
mobile
performance
review
uhc-mobile

Owner: optum-tech-compute

uhc-analytics-reviewer

active

Review UHC Mobile analytics implementations for .analytics.ts isolation, track-prefixed functions, Adobe payload casing, analytics constants, screenNameMapEntries updates, route mapping, A/B test tracking, event placement, and federated analytics events. Use when adding or changing mobile analytics, tracking hooks, navigation tracking, or Adobe payloads.

codex
uhc-mobile
analytics
adobe
react-native
review

Owner: optum-tech-compute

uhc-code-organization-auditor

active

Audit UHC Mobile code organization, naming conventions, file structure, import/export patterns, component section ordering, selector and analytics naming, feature-flag naming, and module boundaries before feature merges or cleanup work. Use when reviewing UHC Mobile React Native packages for maintainability and repository convention drift.

codex
uhc-mobile
react-native
code-organization
review
maintainability

Owner: optum-tech-compute