Skip to content

Enforces dependencies versioning practices (e.g. exact versions only). Use it with GitHub/Gitlab CI and NPX. πŸš€

License

Notifications You must be signed in to change notification settings

matheusjardimb/dependencies-checker

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

βœ… Dependencies Checker

javscript-action status badge release npm version

Easily control the versions of dependencies your project accepts. Why?

  • 🀝 Consistency: Guarantees to use the exact same versions everywhere.
  • πŸ› Avoid bugs: Make sure there are no duplicate entries in your dependencies.
  • βš™οΈ Automation: Automatically rejects PRs when conditions are not met.

Usage

The lib only takes the path to the package.json as a param. It will default to the current directory when not provided.

GitHub actions

Create a file .github/workflows/dependencies-checker.yml with:

name: Check for dependencies without specific version

on: [ push ]

jobs:
  dependency_check_job:
    runs-on: ubuntu-latest
    name: Check for dependencies without specific version
    steps:
      - uses: actions/checkout@v3
      - uses: matheusjardimb/dependencies-checker@latest

Add the following to specify a custom package.json path:

      - uses: matheusjardimb/dependencies-checker@latest
        with:
          packageJsonPath: 'app/package.json'
          quiet: true

Gitlab

Add the following block to your .gitlab-ci.yml file:

validate_dependencies:
  image: node:20.5.0
  script:
    - export INPUT_PACKAGEJSONPATH='package.json' # This line is optional
    - export INPUT_QUIET='true' # This line is optional
    - npx dependencies-checker@latest

NPX

Dependencies checker is also published into npm, so you can run with:

export INPUT_PACKAGEJSONPATH='package.json' # This line is optional
export INPUT_QUIET='true' # This line is optional
npx dependencies-checker@latest

Custom rules

Add a dependencies-checker block to your package.json file, if you need customize the default rules:

{
  "dependencies": {
    "react": "^18.2.0",
    "axios": "1.3.5 | 1.3.6",
    "react-native": "0.71.2"
  },
  "devDependencies": {
    "prettier": "^2.8.8"
  },
  // ...
  "dependencies-checker": {
    "blocks-to-check": [
      // Ignores "devDependencies"
      "dependencies"
    ],
    "ignored-dependencies": [
      // Ignores the '^' at "react"
      "react"
    ],
    // These version descriptors are not allowed by default:
    //     'latest', '^', '~', 'x', '*', '>', '<', '|', '-'
    "valid-descriptors": [
      // Allows the '|' at "axios"
      '|'
    ]
  }
}

License

See more about the MIT licensing at LICENSE.md. This project was originally created as a fork of github-developer/javascript-action.

Contributing

Pull requests are welcome! See CONTRIBUTING.md for more. Please consider activating pre-commit before committing (npm run pre-commit.install).

About

Enforces dependencies versioning practices (e.g. exact versions only). Use it with GitHub/Gitlab CI and NPX. πŸš€

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Contributors 3

  •  
  •  
  •