danger-plugin-yarn

Provides dependency information on dependency changes in a PR

Usage

Install:

yarn add danger-plugin-yarn --dev

At a glance:

// dangerfile.js
import yarn from 'danger-plugin-yarn'

yarn()

Provides 4 separate rules:

• checkForRelease - Provides a 🎉 when there's a package version bump.
• checkForNewDependencies (async) - Provides npmjs.com and yarn why metadata about new dependencies.
• checkForLockfileDiff - Will warn you when there are dependencies or devDependencies changes without a yarn.lock change.
• checkForTypesInDeps - Will fail the build if you add any @types/[x] to dependencies instead of devDependencies.

And exports a default function to handle all of them at once.

Feature Flags

If you want to disable any combination of these particular rules, there is a matching disable* option flag:

  disableCheckForRelease?: boolean
  disableCheckForNewDependencies?: boolean
  disableCheckForLockfileDiff?: boolean
  disableCheckForTypesInDeps?: boolean

Which are used as follows:

yarn({
  disableCheckForTypesInDeps: true
})

Private packages

If you want the plugin to find your private packages on npm, you need to provide an npm authentication token:

// dangerfile.js
import yarn from 'danger-plugin-yarn'

yarn({ npmAuthToken: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' })

Specify registry URL

If you want the plugin to use different registry than registry.npmjs.org:

// dangerfile.js
import yarn from 'danger-plugin-yarn'

yarn({ npmRegistryUrl: 'https://registry.yarnpkg.com' })

What does this look like?

The rest of this README is the contents of what it looks like when you add this plugin to your Dangerfile:

---

	Warnings
⚠️	New dependencies added: danger-plugin-yarn.

danger-plugin-yarn

Author: Orta Therox

Description: Provides dependency information on dependency changes in a PR

Homepage: https://github.com/orta/danger-plugin-yarn#readme

Created	24 days ago
Last Updated	3 minutes ago
License	MIT
Maintainers	1
Releases	14
Direct Dependencies	date-fns, lodash.flatten, lodash.includes, node-fetch and esdoc
Keywords	danger, danger-plugin and yarn

README

# danger-plugin-yarn

Provides dependency information on dependency changes in a PR

Usage

Install:

yarn add danger-plugin-yarn --dev

At a glance:

// dangerfile.js
import yarn from 'danger-plugin-yarn'

yarn()

Provides 4 separate rules:

• checkForRelease - Provides a 🎉 when there's a package version bump.
• checkForNewDependencies (async) - Provides npmjs.com and yarn why metadata about new dependencies.
• checkForLockfileDiff - Will warn you when there are dependencies or devDependencies changes without a yarn.lock change.
• checkForTypesInDeps - Will fail the build if you add any @types/[x] to dependencies instead of devDependencies.

And exports a default function to handle all of them at once.

Note: async functions like the default one have be to schedule'd by Danger.

Changelog

See the GitHub release history.

Contributing

See CONTRIBUTING.md.

yarn why danger-plugin-yarn output

• Has been hoisted to "danger-plugin-yarn"
• This module exists because it's specified in "devDependencies".
• Disk size without dependencies: "80kB"
• Disk size with unique dependencies: "3.98MB"
• Disk size with transitive dependencies: "4.43MB"
• Number of shared dependencies: 7

Generated by 🚫 dangerJS