GitHub Action to check for vulnerable, outdated or unused dependencies in JavaScript or TypeScript projects.
This Action posts a comment on all Pull Requests with information about outdated packages, packages with security issues and unused packages as specified in package.json.
Supported package managers are npm and Yarn v1.
Create a file in your repo named .github/workflows/package-checkup.yml with the following contents:
name: Package Checkup
on:
pull_request:
types: ['opened', 'edited', 'reopened', 'synchronize']
jobs:
title:
name: checkup
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Check dependencies
uses: package-checkup-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}The following properties can be set under with in the workflow:
| Name | Description | Default | Required |
|---|---|---|---|
| showOutdatedPackages | Show a list of outdated packages | true | No |
| token | GitHub token used to post a comment on PRs | Yes |
Made with 🥃 by Ian Sutherland (@iansu). This project is released under the MIT license.