add-dependabot is an npm package that automatically adds a dependabot.yml configuration file to your repository if dependencies are detected in package.json. This allows Dependabot to keep your npm dependencies up-to-date with minimal effort.
- Automatically detects dependencies in
package.jsonand creates a.github/dependabot.ymlfile. - Sets up a customizable update schedule for npm dependencies.
- Skips configuration if no dependencies are found in the project.
- Offers user-friendly prompts to configure Dependabot using checkboxes.
- Supports command-line flags for specifying update intervals and modes.
Once installed, run the following command in the root directory of your project:
npx add-dependabotThis will:
- Check if your
package.jsoncontains any dependencies. - If dependencies are found, it creates a
.github/dependabot.ymlfile based on user input. - If the file already exists, it skips creating a new one and logs a message.
You can also use command-line flags to specify the update interval and mode:
-
Mode Options:
--local: Creates a directdependabot.ymlfile in the.githubdirectory.--action: Sets up a GitHub Actions workflow for Dependabot updates.
-
Interval Options:
--daily: Sets Dependabot to check for updates daily.--weekly: Sets Dependabot to check for updates weekly (default).--monthly: Sets Dependabot to check for updates monthly.
Example command with flags:
npx add-dependabot --mode local --interval weeklyTo install add-dependabot globally, use the following command:
npm install -g add-dependabotOr add it to your project as a dev dependency:
npm install --save-dev add-dependabot.github/dependabot.yml(if applicable)workflows/dependabot-action.yml(created by the script)
A typical run might look like:
$ npx add-dependabot
Checking for dependencies...
Dependencies detected. Adding Dependabot configuration...
Dependabot configuration file created at .github/dependabot.ymlIf you use command-line flags:
$ npx add-dependabot --mode action --interval daily
Creating GitHub Actions workflow for checking Dependabot...
GitHub Actions workflow created at .github/workflows/dependabot.ymlThe generated .github/dependabot.yml file will look like this:
version: 2
updates:
- package-ecosystem: 'npm'
directory: '/'
schedule:
interval: 'weekly' # Adjusts based on user inputYou can manually adjust the update schedule or other settings in the generated file.
- Dependabot configuration already exists: If the
.github/dependabot.ymlfile already exists, the package will not overwrite it. You can manually edit the file if you need to change the schedule or other settings. - No dependencies found: If the script detects no dependencies in
package.json, it will skip creating the configuration file.
Contributions are welcome! Please feel free to contact me here - GitHub to submit a pull request or open an issue if you find a bug or have a feature request.
This project is licensed under the MIT License. See the LICENSE file for details.
Developed by Prathamesh Shanbhag.
- Command-Line Flags Section: Explained the options for the mode (
localoraction) and the intervals (daily,weekly,monthly). - Example with Flags: Provided an example of how to use the command with flags to clarify usage.