renovate - npm Package Compare versions

Comparing version 1.1.3 to 1.5.0

package.json

 {
   "name": "renovate",
   "description": "Keep npm dependencies up-to-date via Pull Requests",
-  "version": "1.1.3",
-  "main": "renovate.js",
+  "version": "1.5.0",
+  "bin": "./app/index.js",
+  "main": "app/index.js",
   "scripts": {
-    "lint": "eslint .",
-    "start": "node renovate",
-    "test": "eslint ."
+    "eslint": "eslint app",
+    "eslint-fix": "eslint app --fix",
+    "istanbul": "istanbul cover _mocha test",
+    "lint": "eslint app",
+    "mocha": "mocha test",
+    "start": "node app",
+    "test": "npm run lint && npm run istanbul"
   },
@@ -30,2 +35,3 @@ "repository": {
   "dependencies": {
+    "changelog": "singapore/changelog",
     "gh-got": "5.0.0",
@@ -39,7 +45,10 @@ "got": "6.7.1",
   "devDependencies": {
+    "chai": "3.5.0",
     "eslint": "3.13.1",
     "eslint-config-airbnb-base": "11.0.1",
     "eslint-plugin-import": "2.2.0",
-    "eslint-plugin-promise": "3.4.0"
+    "eslint-plugin-promise": "3.4.0",
+    "istanbul": "0.4.5",
+    "mocha": "3.2.0"
   }
 }

README.md

@@ -5,11 +5,17 @@ # renovate
 
+## What does it do?
+
+This script scans your repository package.json files, detects if any dependencies need version updating - or pinning - and if so then submits Pull Requests for each.
+
+This was inspired by the services at [Greenkeeper](https://greenkeeper.io) and [Doppins](https://doppins.com).
+
 ## Before you Start
 
-To run this script, you will need to select a GitHub account for it to use. The account will need read/write access to push and update upgrade branches to GitHub, as well as raise Pull Requests.
+To run this script, you will need to select a GitHub user account for it to create branches and submit Pull Requests from. The account will need read/write access to push and update upgrade branches to GitHub, as well as raise Pull Requests.
 
-We recommend using a "bot" account so that it's clear to other users of the repository that these are automated actions and not a team member performing them all manually.
+We recommend you consider using a "bot" account for this so that it's clear to other users of the repository that these are automated actions and not not confused with an actual team member's actions.
 
-The script will need a GitHub "access token" for authenticating API access. You can find instructions for generating it here: https://help.github.com/articles/creating-an-access-token-for-command-line-use/
+The script will need a GitHub Personal Access Token with "repo" permissions. You can find instructions for generating it here: https://help.github.com/articles/creating-an-access-token-for-command-line-use/
 
-This token needs to be exposed via the environment variable `RENOVATE_TOKEN`.
+This token needs to be exposed via the environment variable `RENOVATE_TOKEN` or added to a configuration file.
 
@@ -25,3 +31,3 @@ ## Running the Script
 ```sh
-node src <username>/<repo> <path to package.json>
+npm start <username>/<repo> <path to package.json>
 ```
@@ -34,3 +40,3 @@
 ```sh
-node src singapore/renovate
+npm start foo/bar
 ```
@@ -41,3 +47,3 @@
 ```sh
-node src singapore/renovate containers/build/package.json
+npm start foo/bar src/package.json
 ```
@@ -48,3 +54,32 @@
 ```sh
-RENOVATE_TOKEN=JDSUW284HSJDSFKSUS22942H2H15KK node src singapore/renovate
+RENOVATE_TOKEN=JDSUW284HSJDSFKSUS22942H2H15KK npm start foo/bar
 ```
+
+## Configuration file
+
+It's also possible to configure renovate with a `config.js` file in the working directory. Here is an example:
+
+```js
+module.exports = {
+  token: 'JDSUW284HSJDSFKSUS22942H2H15KK',
+  logLevel: 'verbose',
+  repositories: [
+    'foo/bar',
+    'foo/baz',
+    {
+      name: 'foo/lint',
+      packageFiles: [
+        'package.json',
+        'containers/build/package.json',
+      ],
+    },
+    'foo/package-go',
+  ],
+};
+```
+
+As you can hopefully infer from the above, it's possible to define multiple repositories as well as multiple package files per repository, and they will be processed in sequence.
+
+If you configure the token and at least one repository in your `config.js` then you don't need any CLI arguments and can just run `npm start`.
+
+It's also possible to change the string templates used for generating branch names, commit messages, and Pull Request titles and body. To override the defaults, copy/paste/edit the templates from `app/config/defaults.js` into your `config.js`. You must copy all of them, even if you only edit one.

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

GitHub dependency

Supply chain risk

Contains a dependency which resolves to a GitHub URL. Dependencies fetched from GitHub specifiers are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Manifest confusion

Supply chain risk

This package has inconsistent metadata. This could be malicious or caused by an error when publishing the package.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

24986

increased by13.3%

Lines of code

592

increased by3.5%

Number of lines in readme file

81

increased by76.09%

Worsened metrics

Dependency count

7

increased by16.67%

Dev dependency count

7

increased by75%

Number of package files

10

decreased by-9.09%

Number of high supply chain risk alerts

1

increased byInfinity%

Number of medium supply chain risk alerts

2

increased byInfinity%

Dependency changes

• + Addedchangelog@singapore/changelog