Deadpendency Rules

Deadpendency performs the following checks.

Rules that perform checks against the source repository currently only support GitHub repositories. More git hosts are planned to be supported.

Note: the defaults may be adjusted from time to time.

Rule Description Warn at Fail at Config Notes
No Recent Commit No commits within X months. 12 months 18 months
  warn-at-months: 12
  fail-at-months: 18
Cannot be configured to more than 24 months.
Few Yearly Commits Few total commits for the past year. 1-2 commits
  warn-at-count: 2
  # disabled by default
  fail-at-count: disabled
No Recent Package Release No package release within X months. 18 months 24 months
  warn-at-months: 18
  fail-at-months: 24
Repository Archived The source repository has been archived.
repository-archived: fail
Produces failure by default.
Repository Is Fork The source repository is a fork.
repository-is-fork: warn
Produces warning by default.
Package Deprecated The package is deprecated (or flagged as abandoned) in the registry.
package-deprecated: fail
Supported by
Single Recent Author All the commits in the last year were authored by a single person.
single-recent-author: warn
Produces warning by default.
No Repository Identified No source repository was identified in the dependency file, deadpendency config or package registry.
repository-not-identified: warn
Produces warning by default.
No Repository Found A repository was identified, but it does not exist (404).
repository-not-found: warn
Produces warning by default.