Danger is a tool that helps automate code review chores. It allows you to create rules that can be enforced during the code review process, ensuring that certain standards and practices are followed.
Automate Code Review
This feature allows you to automate code review tasks by defining rules that can fail or warn if certain conditions are not met. For example, you can fail a pull request if it does not have a description or warn if it does not have any labels.
danger({
fail: 'This PR does not have a description.',
warn: 'This PR does not have any labels.'
});Check for Changelog Updates
This feature checks if the changelog has been updated in the pull request. If not, it can warn the user to add a changelog entry for their changes.
if (!danger.git.modified_files.includes('CHANGELOG.md')) {
warn('Please add a changelog entry for your changes.');
}Enforce PR Size Limits
This feature allows you to enforce size limits on pull requests. If a pull request exceeds a certain number of additions and deletions, it can warn the user to consider breaking it down into smaller PRs.
const bigPRThreshold = 500;
if (danger.github.pr.additions + danger.github.pr.deletions > bigPRThreshold) {
warn('This PR is too large. Consider breaking it down into smaller PRs.');
}ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. While it focuses on linting and enforcing coding standards, it can be used in conjunction with Danger to ensure code quality.
Prettier is an opinionated code formatter that enforces a consistent style by parsing your code and re-printing it. It complements Danger by ensuring code style consistency, which can be part of the automated code review process.
Husky is a tool that allows you to run scripts before committing or pushing code. It can be used to enforce pre-commit hooks, ensuring that certain checks (like those defined in Danger) are run before code is committed.
Danger on Node, wonder what's going on? see VISION.md
This is like, really, really early.
However,
git clone https://github.com/danger/danger-js.git
cd danger-js
# if you don't have have yarn installed
npm install -g yarn
yarn install
You can then verify your install by running the tests, and the linters:
npm test
npm run lint
npm run flow
You'll have a nicer experience as a developer if you use VS Code with Flow enabled, and if you install flow-typed.
npm install -g flow-typed
flow-typed install
( and maybe flow-typed install jest@14)
You can run the danger command globally from your dev build by running npm run link.
The aim is to be able to have this library self testing with Danger-js ASAP, then smarter abstractions can be thought about.
0.0.2
OK, first usable for others version. Only supports GitHub and Travis CI.
You can run by doing:
danger
Make sure you set a DANGER_GITHUB_API_TOKEN on your CI -
see the Ruby guide for that.
Then you can make a dangerfile.js (has to be lowercase, deal with it.) It has access to a whopping 2 DSL attributes.
pr
git
fail(message: string)
pr probably won't be sticking around for the long run, but if you're using a 0.0.2 release, you should be OK with
that. It's the full metadata of the PR, so
this JSON file.
git currently has:
git.modified_file
git.created_files
git.deleted_files
which are string arrays of files.
fail(message: string) will let you raise an error, and will make the process return 1 after the parsing has finished.
Overall: your Dangerfile should look something like:
import { danger } from "danger"
const hasChangelog = danger.git.modified_files.includes("changelog.md")
if (!hasChangelog) {
fail("No Changelog changes!")
}
That should do ya. I think. This doesn't support babel, and I haven't explored using other modules etc, so...
./[@orta]
FAQs
Unit tests for Team Culture
The npm package danger receives a total of 372,438 weekly downloads. As such, danger popularity was classified as popular.
We found that danger demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.
Security News
The npm package for the LottieFiles Player web component was hit with a supply chain attack after a software engineer's npmjs credentials were compromised.