See a detailed example of using Deadpendency.
Configuration is done by including a
.github/deadpendency.yaml file in your GitHub repository source. This file is optional.
In some cases you have additional, or different dependency files to load than the default ones.
additional-dependency-files: - type: pip-requirements-txt path: other-dependencies.txt - type: pipenv-pipfile path: custom/CustomPipfile
- Python Pip Requirements File -
- Python Setup Py File -
- Python Pipenv Pipfile -
- Python Pyproject File -
- PHP Packagist Compose File -
- Ruby Bundler Gemfile -
- Ruby Gemspec -
- Haskell Cabal File -
- Haskell Hpack File -
- Rust Crates Cargo File -
- C# .NET Project File -
- Visual Basic .NET Project File -
- Maven Pom Xml File -
- Build Gradle File -
- Go Module File -
Useful when there are specific additional dependencies you want to be checked that are missing from your dependency files. Or for some reason Deadpendency is not detecting them.
If you provide a dependency as additional AND that dependency is found in your dependency files, the additional dependency will take precedence. This means you can provide a different source repository if required.
Useful when you choose to depend on an unhealthy dependency.
When programming languages have the same package registry, ignoring in one language will ignore for all languages. For example, if you ignore
The default config
rules-config: no-recent-package-release: warn-at-months: 18 fail-at-months: 24 no-recent-commit: warn-at-months: 12 fail-at-months: 18 few-yearly-commits: warn-at-count: 2 fail-at-count: disabled # does not fail by default # these can be 'disabled', 'warn' or 'fail' repository-archived: fail repository-is-fork: warn package-deprecated: fail single-recent-author: warn repository-not-identified: warn repository-not-found: warn
Customize the config
rules-config is provided, the defaults above are used. Settings can be overridden as per the below example.
rules-config: no-recent-package-release: warn-at-months: 6 # fail-at-months: 24 - omitted to use the default no-recent-commit: warn-at-months: 3 fail-at-months: disabled # disable the failure threshhold few-yearly-commits: disabled # or an entire check can be disabled single-recent-author: disabled # disable this check too repository-is-fork: fail # this warns by default, but we want it to fail instead
Note: the defaults may be adjusted from time to time.
See rules for detailed information on rules and defaults.