GitHub Action adding comments to pull requests with package health information about newly added npm dependencies
See it in action 👇
Adding new dependencies in a project should never be a small change, and often
it should trigger discussions between maintainers. This action can help you
making sure that you are not missing the addition of new package in your npm project's
dependencies and devDependencies.
To highlight new packages, this action compares the list of dependencies present in the current pull request branch with the ones present in the base branch.
This check only occurs for each package.json file added or updated with the
current pull request. This action is not only looking at the root-level package.json but potentially
any existing package.json in the project to be compatible with monorepo projects.
Specify the built-in secrets available to Actions via the token input. Here's an example for a step in the job:
- name: "Deps: show dependencies metadata"
uses: lirantal/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
Not required.
This GitHub Action should run every time a commit is pushed to the pull request
to check any potential addition or change in one of your package.json.
name: "Deps: show new dependencies metadata"
on:
- pull_request
jobs:
deps_new_dependencies_advisor:
runs-on: ubuntu-latest
steps:
- name: "Checkout repo for a local instance"
uses: actions/checkout@v2
- name: "Deps: show new dependencies metadata"
uses: lirantal/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
This project is released under the MIT License.
Damien Senger [email protected]
Liran Tal [email protected]