danger-plugin-yarn
Advanced tools
Provides dependency information on dependency changes in a PR
Install:
yarn add danger-plugin-yarn --dev
At a glance:
// dangerfile.js
import yarn from 'danger-plugin-yarn'
yarn()
Provides 4 separate rules:
checkForRelease - Provides a 🎉 when there's a package version bump.checkForNewDependencies (async) - Provides npmjs.com and yarn why metadata about new dependencies.checkForLockfileDiff - Will warn you when there are dependencies or devDependencies changes without a yarn.lock change.checkForTypesInDeps - Will fail the build if you add any @types/[x] to dependencies instead of devDependencies.And exports a default function to handle all of them at once.
If you want to disable any combination of these particular rules, there is a matching disable* option flag:
disableCheckForRelease?: boolean
disableCheckForNewDependencies?: boolean
disableCheckForLockfileDiff?: boolean
disableCheckForTypesInDeps?: boolean
Which are used as follows:
yarn({
disableCheckForTypesInDeps: true
})
If you want the plugin to find your private packages on npm, you need to provide an npm authentication token:
// dangerfile.js
import yarn from 'danger-plugin-yarn'
yarn({ npmAuthToken: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' })
If you want the plugin to use different registry than registry.npmjs.org:
// dangerfile.js
import yarn from 'danger-plugin-yarn'
yarn({ npmRegistryUrl: 'https://registry.yarnpkg.com' })
The rest of this README is the contents of what it looks like when you add this plugin to your Dangerfile:
| Warnings | |
|---|---|
| :warning: |
New dependencies added: danger-plugin-yarn. |
Author: Orta Therox
Description: Provides dependency information on dependency changes in a PR
Homepage: https://github.com/orta/danger-plugin-yarn#readme
| Created | 24 days ago |
| Last Updated | 3 minutes ago |
| License | MIT |
| Maintainers | 1 |
| Releases | 14 |
| Direct Dependencies | date-fns, lodash.flatten, lodash.includes, node-fetch and esdoc |
| Keywords | danger, danger-plugin and yarn |
README
Provides dependency information on dependency changes in a PR
Install:
yarn add danger-plugin-yarn --dev
At a glance:
// dangerfile.js
import yarn from 'danger-plugin-yarn'
yarn()
Provides 4 separate rules:
checkForRelease - Provides a 🎉 when there's a package version bump.checkForNewDependencies (async) - Provides npmjs.com and yarn why metadata about new dependencies.checkForLockfileDiff - Will warn you when there are dependencies or devDependencies changes without a yarn.lock change.checkForTypesInDeps - Will fail the build if you add any @types/[x] to dependencies instead of devDependencies.And exports a default function to handle all of them at once.
Note: async functions like the default one have be to schedule'd by Danger.
See the GitHub release history.
See CONTRIBUTING.md.
yarn why danger-plugin-yarn outputHas been hoisted to "danger-plugin-yarn"This module exists because it's specified in "devDependencies".Disk size without dependencies: "80kB"Disk size with unique dependencies: "3.98MB"Disk size with transitive dependencies: "4.43MB"Number of shared dependencies: 7
Generated by :no_entry_sign: dangerJS
FAQs
Provides dependency information on dependency changes in a PR
The npm package danger-plugin-yarn receives a total of 29,546 weekly downloads. As such, danger-plugin-yarn popularity was classified as popular.
We found that danger-plugin-yarn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.