Danger is a tool that helps automate code review chores. It allows you to create rules that can be enforced during the code review process, ensuring that certain standards and practices are followed.
Automate Code Review
This feature allows you to automate code review tasks by defining rules that can fail or warn if certain conditions are not met. For example, you can fail a pull request if it does not have a description or warn if it does not have any labels.
danger({
fail: 'This PR does not have a description.',
warn: 'This PR does not have any labels.'
});Check for Changelog Updates
This feature checks if the changelog has been updated in the pull request. If not, it can warn the user to add a changelog entry for their changes.
if (!danger.git.modified_files.includes('CHANGELOG.md')) {
warn('Please add a changelog entry for your changes.');
}Enforce PR Size Limits
This feature allows you to enforce size limits on pull requests. If a pull request exceeds a certain number of additions and deletions, it can warn the user to consider breaking it down into smaller PRs.
const bigPRThreshold = 500;
if (danger.github.pr.additions + danger.github.pr.deletions > bigPRThreshold) {
warn('This PR is too large. Consider breaking it down into smaller PRs.');
}ESLint is a tool for identifying and reporting on patterns found in ECMAScript/JavaScript code. While it focuses on linting and enforcing coding standards, it can be used in conjunction with Danger to ensure code quality.
Prettier is an opinionated code formatter that enforces a consistent style by parsing your code and re-printing it. It complements Danger by ensuring code style consistency, which can be part of the automated code review process.
Husky is a tool that allows you to run scripts before committing or pushing code. It can be used to enforce pre-commit hooks, ensuring that certain checks (like those defined in Danger) are run before code is committed.
Formalize your Pull Request etiquette.
What is Danger JS? • Vision • Helping Out • Plugin Development
Danger runs after your CI, automating your team's conventions surrounding code review.
This provides another logical step in your process, through which Danger can help lint your rote tasks in daily code review.
You can use Danger to codify your team's norms, leaving humans to think about harder problems.
Danger JS works with GitHub, BitBucket Server, BitBucket Cloud for code review, then with: Travis CI, GitLab CI, Semaphore, Circle CI, GitHub Actions, Jenkins, Docker Cloud, Bamboo, Bitrise, surf-build, Codeship, Drone, Buildkite, Nevercode, buddybuild, Buddy.works, TeamCity, Visual Studio Team Services, Screwdriver, Concourse, Netlify, CodeBuild, Codefresh, AppCenter, BitBucket Pipelines, Cirrus CI, Codemagic or Xcode Cloud.
You can:
Danger provides the glue to let you build out the rules specific to your team's culture, offering useful metadata and a comprehensive plugin system to share common issues.
Alright. So, actually, you may be in the wrong place. From here on in, this README is going to be for people who are interested in working on and improving on Danger JS.
We keep all of the end-user documentation at http://danger.systems/js.
Some quick links to get you started:
Awesommmmee. Everything you need is down below. You can also refer to CONTRIBUTING file where you'll find the same information listed below.
git clone https://github.com/danger/danger-js.git
cd danger-js
# if you don't have yarn installed
npm install -g yarn
yarn install
You can then verify your install by running the tests, and the linters:
yarn test
yarn lint
The fixers for both tslint and prettier will be applied when you commit, and on a push your code will be verified that it compiles.
You can run your dev copy of danger against a PR by running:
yarn build; node --inspect distribution/commands/danger-pr.js https://github.com/danger/danger-js/pull/817
Check the architecture doc.
Check the issues, I try and keep my short term perspective there. Long term is in the VISION.md.
Following this commit as a model:
main branch. Ensure your working tree is clean, and make sure you have the latest changes by running
git pull.npm run release -- patch --ci.:ship:
We try to keep as much discussion as possible in GitHub issues, but also have a pretty inactive Slack --- if you'd like an invite, ping @Orta a DM on Twitter with your email. It's mostly interesting if you want to stay on top of Danger without all the emails from GitHub.
This project is open source under the MIT license, which means you have full access to the source code and can modify it to fit your own needs.
This project subscribes to the Moya Contributors Guidelines which TLDR: means we give out push access easily and often.
Contributors subscribe to the Contributor Code of Conduct based on the Contributor Covenant version 1.3.0.
11.0.0 -> 11.0.2
Breaking: Upgrade @octokit/rest from ^16.43.1 to ^18.12.0 - #1204 [@fbartho]
This is only likely to hit you if you use danger.github.api pretty extensively in your Dangerfiles, but better to keep an eye out.
FAQs
Unit tests for Team Culture
The npm package danger receives a total of 372,438 weekly downloads. As such, danger popularity was classified as popular.
We found that danger demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.