/danger-plugin-dependencies

Provides dependency information on dependency changes in a PR *

Primary LanguageTypeScriptMIT LicenseMIT

danger-plugin-dependencies

npm version

Provides dependency information on dependency changes in a PR

Usage

Install:

npm install @seadub/danger-plugin-dependencies --save-dev
# or
yarn add @seadub/danger-plugin-dependencies --dev

At a glance:

// dangerfile.js
import dependencies from '@seadub/danger-plugin-dependencies'

schedule(dependencies())

Provides 4 separate rules:

  • checkForRelease - Provides a 🎉 when there's a package version bump.
  • checkForNewDependencies (async) - Provides npmjs.com (and yarn why, when type is "yarn") metadata about new dependencies.
  • checkForLockfileDiff - Will warn you when there are dependencies or devDependencies changes without a package-lock.json or yarn.lock change.
  • checkForTypesInDeps - Will fail the build if you add any @types/[x] to dependencies instead of devDependencies.

And exports a default function to handle all of them at once.

Note: async functions like the default one have be to schedule'd by Danger.

yarn vs npm usage

By default, the dependencies method will attempt to determine if you are using npm or yarn to manage your dependencies based on sniffing for the lockfiles on disk. If no lockfiles exist, or running on Peril it will fail without an explicitly stated manasger type in the options.

You may explicitly pass one in the options:

// dangerfile.js
import dependencies from '@seadub/danger-plugin-dependencies'

schedule(dependencies({ type: "npm" }))
// or for yarn
schedule(dependencies({ type: "yarn" }))

Private packages

If you want the plugin to find your private packages on npm, you need to provide an npm authentication token:

// dangerfile.js
import dependencies from 'danger-plugin-dependencies'

schedule(dependencies({ npmAuthToken: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' }))

Changelog

See the GitHub release history.

Contributing

See CONTRIBUTING.md.

What does this look like?

The rest of this README is the contents of what it looks like when you add this plugin to your Dangerfile:


Warnings
⚠️

New dependencies added: danger-plugin-yarn.

Author: Orta Therox

Description: Provides dependency information on dependency changes in a PR

Homepage: https://github.com/orta/danger-plugin-yarn#readme

Created24 days ago
Last Updated3 minutes ago
LicenseMIT
Maintainers1
Releases14
Direct Dependenciesdate-fns, lodash.flatten, lodash.includes, node-fetch and esdoc
Keywordsdanger, danger-plugin and yarn
README # danger-plugin-yarn

Build Status npm version semantic-release

Provides dependency information on dependency changes in a PR

Usage

Install:

yarn add danger-plugin-yarn --dev

At a glance:

// dangerfile.js
import yarn from 'danger-plugin-yarn'

schedule(yarn())

Provides 4 separate rules:

  • checkForRelease - Provides a 🎉 when there's a package version bump.
  • checkForNewDependencies (async) - Provides npmjs.com and yarn why metadata about new dependencies.
  • checkForLockfileDiff - Will warn you when there are dependencies or devDependencies changes without a yarn.lock change.
  • checkForTypesInDeps - Will fail the build if you add any @types/[x] to dependencies instead of devDependencies.

And exports a default function to handle all of them at once.

Note: async functions like the default one have be to schedule'd by Danger.

Changelog

See the GitHub release history.

Contributing

See CONTRIBUTING.md.

yarn why danger-plugin-yarn output

  • Has been hoisted to "danger-plugin-yarn"
  • This module exists because it's specified in "devDependencies".
  • Disk size without dependencies: "80kB"
  • Disk size with unique dependencies: "3.98MB"
  • Disk size with transitive dependencies: "4.43MB"
  • Number of shared dependencies: 7

Generated by 🚫 dangerJS