renovate
Advanced tools
Renovate is a powerful tool for automating dependency updates in your projects. It helps keep your dependencies up-to-date, ensuring that your project remains secure and compatible with the latest versions of libraries and tools.
Automated Dependency Updates
Renovate can automatically update your dependencies by creating pull requests for new versions. The configuration above extends the base configuration, which includes sensible defaults for most projects.
{
"extends": ["config:base"]
}Customizable Configuration
You can customize Renovate's behavior using a configuration file. In this example, packages that match the pattern '^@my-org/' are grouped together in a single pull request.
{
"extends": ["config:base"],
"packageRules": [
{
"packagePatterns": ["^@my-org/"],
"groupName": "my-org packages"
}
]
}Scheduling Updates
Renovate allows you to schedule when updates should be created. The configuration above schedules updates to be created before 5 AM on Mondays.
{
"extends": ["config:base"],
"schedule": ["before 5am on monday"]
}Dependabot is a GitHub-native tool for automating dependency updates. It is similar to Renovate in that it creates pull requests for new versions of dependencies. However, Dependabot is more tightly integrated with GitHub and may be easier to set up for users already using GitHub.
Greenkeeper is another tool for automating dependency updates. It was one of the first tools in this space and offers similar functionality to Renovate. However, Greenkeeper has been deprecated in favor of Snyk, which now includes similar features.
Snyk is a comprehensive security tool that includes features for automating dependency updates. While it offers similar functionality to Renovate, Snyk also provides additional security features such as vulnerability scanning and remediation.
Automated dependency updates. Multi-platform and multi-language.
Renovate works on these platforms:
Renovate is widely used in the developer community:
Renovate is built on a big community and actively invites and supports contributions. Information about our contributors and community can be found on OSS Insight.
We believe everyone benefits from automation, whether it's a little or a lot. This means that Renovate:
Get started with Renovate by checking out our tutorial.
It's easiest to use the hosted Renovate app. Install the Renovate app now.
More details on the GitHub App installation.
There are two ways to run Renovate on Azure DevOps:
Go to the Visual Studio Marketplace and install the Renovate Me extension in your organization.
From there you can create a pipeline with the RenovateMe task.
Note This extension is created and maintained personally by a Renovate developer/user so support requests relating to the extension itself cannot be answered directly in the main Renovate repository.
You can create a custom pipeline with a yml definition that triggers npx renovate.
More details on how to configure the pipeline.
For Bitbucket Cloud, Bitbucket Server, Forgejo, Gitea and GitLab, use our self-hosting option.
Go to our documentation website to learn how to configure Renovate. We have a full list of configuration options.
To get help with your configuration, go to the discussions tab in the Renovate repository and open a new "config help" discussion post.
To run your own instance of Renovate you have several options:
renovate CLI tool from npmjs, run it on a schedule (e.g. using cron)renovate/renovate Docker Hub image (same content/versions as the CLI tool), run it on a schedulerenovate/renovate:slim Docker Hub image if you only use package managers that don't need third-party binaries (e.g. JavaScript, Docker, NuGet, pip)More details on the self-hosting development.
If you want to contribute to Renovate or get a local copy running, please read the instructions in contributing guidelines. To get started look at the list of good first issues.
If you find any bug with Renovate that may be a security problem, then e-mail us at: renovate-disclosure@mend.io. This way we can evaluate the bug and hopefully fix it before it gets abused. Please give us enough time to investigate the bug before you report it anywhere else.
Please do not create GitHub issues for security-related doubts or problems.
FAQs
Automated dependency updates. Flexible so you don't need to be.
The npm package renovate receives a total of 110,782 weekly downloads. As such, renovate popularity was classified as popular.
We found that renovate demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team uncovered a malicious Python package typosquatting the popular 'fabric' SSH library, silently exfiltrating AWS credentials from unsuspecting developers.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.