-
-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add check for new dependencies #681
Add check for new dependencies #681
Conversation
Is there a list anywhere of unsafe packages / packages with vulnerabilities? Could be nice to also warn about adding insecure dependencies. |
Not that I'm aware of. If packages are unsafe, npm would usually take them down. |
@sindresorhus this can be kind of verbose: Text version
Maybe if there's more than X entries in a directory,
|
👍 Maybe also show the file count?
|
I could make a package for this, and reuse it here. Or would you rather not have a dependency for this? @sindresorhus (I'd first search for an existing package, of course.) |
I don't see the need to have a dependency for just this. |
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [np](https://github.com/sindresorhus/np) | devDependencies | major | [`^7.7.0` -> `^8.0.0`](https://renovatebot.com/diffs/npm/np/7.7.0/8.0.4) | --- ### Release Notes <details> <summary>sindresorhus/np (np)</summary> ### [`v8.0.4`](https://github.com/sindresorhus/np/releases/tag/v8.0.4) [Compare Source](sindresorhus/np@v8.0.3...v8.0.4) - Handle first time display of dependencies ([#​707](sindresorhus/np#707)) [`3f43d78`](sindresorhus/np@3f43d78) ### [`v8.0.3`](https://github.com/sindresorhus/np/releases/tag/v8.0.3) [Compare Source](sindresorhus/np@v8.0.2...v8.0.3) - Fix skipping publish step ([#​706](sindresorhus/np#706)) [`51dcc2d`](sindresorhus/np@51dcc2d) ### [`v8.0.2`](https://github.com/sindresorhus/np/releases/tag/v8.0.2) [Compare Source](sindresorhus/np@v8.0.1...v8.0.2) - Fix publish not working with Yarn [`3d448c2`](sindresorhus/np@3d448c2) - Include stack trace in errors [`12fce88`](sindresorhus/np@12fce88) ### [`v8.0.1`](https://github.com/sindresorhus/np/releases/tag/v8.0.1) [Compare Source](sindresorhus/np@v8.0.0...v8.0.1) - Fix a crash in the new dependency check [`beb7db1`](sindresorhus/np@beb7db1) ### [`v8.0.0`](https://github.com/sindresorhus/np/releases/tag/v8.0.0) [Compare Source](sindresorhus/np@v7.7.0...v8.0.0) ##### Breaking - Require Node.js 16 ([#​683](sindresorhus/np#683)) [`72879e0`](sindresorhus/np@72879e0) ##### Improvements - Add 2FA support for npm version 9+ ([#​693](sindresorhus/np#693)) [`9cb4bfd`](sindresorhus/np@9cb4bfd) - Improve startup time ([#​688](sindresorhus/np#688)) [`eba203f`](sindresorhus/np@eba203f) - Improve the reliability of detecting which files will be included in the package ([#​682](sindresorhus/np#682)) [`a6ce792`](sindresorhus/np@a6ce792) - Add check for new dependencies ([#​681](sindresorhus/np#681)) [`6867fb9`](sindresorhus/np@6867fb9) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC43NC4yIiwidXBkYXRlZEluVmVyIjoiMzYuODkuMCIsInRhcmdldEJyYW5jaCI6ImRldmVsb3AifQ==--> Reviewed-on: https://gitea.vylpes.xyz/RabbitLabs/random-bunny/pulls/67 Co-authored-by: Renovate Bot <renovate@vylpes.com> Co-committed-by: Renovate Bot <renovate@vylpes.com>
Closes #624.
Adds a confirmation step for new dependencies that have been added since the last release:
It's part of the same check as for new files, so there's no additional prompts.