Microsoft's Agent Package Manager (APM) brings npm-style dependency management to AI agent artifacts like Claude Skills, MCP servers, and prompt files. It uses an apm.yml manifest and apm.lock.yaml lockfile to version and reproduce agent setups across teams. The post covers practical recipes: installing single skills from monorepos, building meta-packages that bundle skills and MCPs, and working around sharp edges like the reserved /collections/ path classifier and the missing .apm/ directory validator bug. Security considerations include the lack of a central registry (GitHub repos are the registry), mutable refs by default, SKILL.md as a prompt-injection surface, and MCP servers executing subprocesses. Recommendations include pinning SHA commits, using fine-grained PATs, and treating apm audit as one signal among many.
Table of contents
Background and prior artHow APM worksTrade-offs and alternativesApplications and examplesValidation and measurementSecurity and performance considerationsLimitations and future workFAQOne concrete next stepSort: