Deadpendency Rules

Deadpendency performs the following checks.

Rules that perform checks against the source repository currently only support GitHub repositories. More git hosts are planned to be supported.

Note: the defaults may be adjusted from time to time.

Rule	Description	Warn at	Fail at	Config	Notes
No Recent Commit	No commits within X months.	12 months	18 months	`no-recent-commit: warn-at-months: 12 fail-at-months: 18`	Cannot be configured to more than 24 months.
Few Yearly Commits	Few total commits for the past year.	1-2 commits		`few-yearly-commits: warn-at-count: 2 # disabled by default fail-at-count: disabled`
No Recent Package Release	No package release within X months.	18 months	24 months	`no-recent-package-release: warn-at-months: 18 fail-at-months: 24`
Repository Archived	The source repository has been archived.		✅	`repository-archived: fail`	Produces failure by default.
Repository Is Fork	The source repository is a fork.	✅		`repository-is-fork: warn`	Produces warning by default.
Package Deprecated	The package is deprecated (or flagged as abandoned) in the registry.		✅	`package-deprecated: fail`	Supported by Npm Hackage NuGet Packagist Maven
Single Recent Author	All the commits in the last year were authored by a single person.	✅		`single-recent-author: warn`	Produces warning by default.
No Repository Identified	No source repository was identified in the dependency file, deadpendency config or package registry.	✅		`repository-not-identified: warn`	Produces warning by default.
No Repository Found	A repository was identified, but it does not exist (404).	✅		`repository-not-found: warn`	Produces warning by default.