In Pull Requests, this action highlight the addition of new NPM dependencies in
one of the package.json of your repository.
Adding new dependencies in a project should never be a small change, and often
it should trigger discussions between maintainers. This action can help you
making sure that you are not missing the addition of new package in your NPM
dependencies and devDependencies.
To highlight new packages, this action compares the list of dependencies
registered in the current branch with the ones registered in the base branch.
This check only occurs for each package.json file added or updated with the
current pull request.
This action is not only looking at the root-level package.json but potentially
any existing package.json in the project to be compatible with monorepo
projects.
This GitHub Action should run everytime a commit is pushed to the pull request
to check any potential addition or change in one of your package.json.
name: Inspect dependencies
on:
- pull_request
jobs:
check_new_dependencies:
runs-on: ubuntu-latest
steps:
- name: Check for new dependencies
uses: hiwelo/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
This project is released under the MIT License.