Add check for new dependencies #681
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Is there a list anywhere of unsafe packages / packages with vulnerabilities? Could be nice to also warn about adding insecure dependencies. |
Not that I'm aware of. If packages are unsafe, npm would usually take them down. |
|
@sindresorhus this can be kind of verbose: Tall Photo
Text versionMaybe if there's more than X entries in a directory, |
👍 Maybe also show the file count? |
|
I could make a package for this, and reuse it here. Or would you rather not have a dependency for this? @sindresorhus (I'd first search for an existing package, of course.) |
|
I don't see the need to have a dependency for just this. |
Vylpes
pushed a commit
to Vylpes/random-bunny
that referenced
this pull request
Sep 11, 2023
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [np](https://github.com/sindresorhus/np) | devDependencies | major | [`^7.7.0` -> `^8.0.0`](https://renovatebot.com/diffs/npm/np/7.7.0/8.0.4) | --- ### Release Notes <details> <summary>sindresorhus/np (np)</summary> ### [`v8.0.4`](https://github.com/sindresorhus/np/releases/tag/v8.0.4) [Compare Source](sindresorhus/np@v8.0.3...v8.0.4) - Handle first time display of dependencies ([#​707](sindresorhus/np#707)) [`3f43d78`](sindresorhus/np@3f43d78) ### [`v8.0.3`](https://github.com/sindresorhus/np/releases/tag/v8.0.3) [Compare Source](sindresorhus/np@v8.0.2...v8.0.3) - Fix skipping publish step ([#​706](sindresorhus/np#706)) [`51dcc2d`](sindresorhus/np@51dcc2d) ### [`v8.0.2`](https://github.com/sindresorhus/np/releases/tag/v8.0.2) [Compare Source](sindresorhus/np@v8.0.1...v8.0.2) - Fix publish not working with Yarn [`3d448c2`](sindresorhus/np@3d448c2) - Include stack trace in errors [`12fce88`](sindresorhus/np@12fce88) ### [`v8.0.1`](https://github.com/sindresorhus/np/releases/tag/v8.0.1) [Compare Source](sindresorhus/np@v8.0.0...v8.0.1) - Fix a crash in the new dependency check [`beb7db1`](sindresorhus/np@beb7db1) ### [`v8.0.0`](https://github.com/sindresorhus/np/releases/tag/v8.0.0) [Compare Source](sindresorhus/np@v7.7.0...v8.0.0) ##### Breaking - Require Node.js 16 ([#​683](sindresorhus/np#683)) [`72879e0`](sindresorhus/np@72879e0) ##### Improvements - Add 2FA support for npm version 9+ ([#​693](sindresorhus/np#693)) [`9cb4bfd`](sindresorhus/np@9cb4bfd) - Improve startup time ([#​688](sindresorhus/np#688)) [`eba203f`](sindresorhus/np@eba203f) - Improve the reliability of detecting which files will be included in the package ([#​682](sindresorhus/np#682)) [`a6ce792`](sindresorhus/np@a6ce792) - Add check for new dependencies ([#​681](sindresorhus/np#681)) [`6867fb9`](sindresorhus/np@6867fb9) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC43NC4yIiwidXBkYXRlZEluVmVyIjoiMzYuODkuMCIsInRhcmdldEJyYW5jaCI6ImRldmVsb3AifQ==--> Reviewed-on: https://gitea.vylpes.xyz/RabbitLabs/random-bunny/pulls/67 Co-authored-by: Renovate Bot <renovate@vylpes.com> Co-committed-by: Renovate Bot <renovate@vylpes.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #624.
Adds a confirmation step for new dependencies that have been added since the last release:
It's part of the same check as for new files, so there's no additional prompts.