
Provides dependency information on dependency changes in a PR

danger, danger-plugin, yarn
npm install danger-plugin-yarn@0.2.2



Build Status npm version semantic-release

Provides dependency information on dependency changes in a PR



yarn add danger-plugin-yarn --dev

At a glance:

// dangerfile.js
import yarn from 'danger-plugin-yarn'


Provides 4 separate rules:

  • checkForRelease - Provides a 🎉 when there's a package version bump.
  • checkForNewDependencies (async) - Provides npmjs.com and yarn why metadata about new dependencies.
  • checkForLockfileDiff - Will warn you when there are dependencies or devDependencies changes without a yarn.lock change.
  • checkForTypesInDeps - Will fail the build if you add any @types/[x] to dependencies instead of devDependencies.

And exports a default function to handle all of them at once.

Feature Flags

If you want to disable any combination of these particular rules, there is a matching disable* option flag:

  disableCheckForRelease?: boolean
  disableCheckForNewDependencies?: boolean
  disableCheckForLockfileDiff?: boolean
  disableCheckForTypesInDeps?: boolean

Which are used as follows:

  disableCheckForTypesInDeps: true

Private packages

If you want the plugin to find your private packages on npm, you need to provide an npm authentication token:

// dangerfile.js
import yarn from 'danger-plugin-yarn'

yarn({ npmAuthToken: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' })

Specify registry URL

If you want the plugin to use different registry than registry.npmjs.org:

// dangerfile.js
import yarn from 'danger-plugin-yarn'

yarn({ npmRegistryUrl: 'https://registry.yarnpkg.com' })

What does this look like?

The rest of this README is the contents of what it looks like when you add this plugin to your Dangerfile:


New dependencies added: danger-plugin-yarn.

Author: Orta Therox

Description: Provides dependency information on dependency changes in a PR

Homepage: https://github.com/orta/danger-plugin-yarn#readme

Created 24 days ago
Last Updated 3 minutes ago
License MIT
Maintainers 1
Releases 14
Direct Dependencies date-fns, lodash.flatten, lodash.includes, node-fetch and esdoc
Keywords danger, danger-plugin and yarn
README # danger-plugin-yarn

Build Status npm version semantic-release

Provides dependency information on dependency changes in a PR



yarn add danger-plugin-yarn --dev

At a glance:

// dangerfile.js
import yarn from 'danger-plugin-yarn'


Provides 4 separate rules:

  • checkForRelease - Provides a 🎉 when there's a package version bump.
  • checkForNewDependencies (async) - Provides npmjs.com and yarn why metadata about new dependencies.
  • checkForLockfileDiff - Will warn you when there are dependencies or devDependencies changes without a yarn.lock change.
  • checkForTypesInDeps - Will fail the build if you add any @types/[x] to dependencies instead of devDependencies.

And exports a default function to handle all of them at once.

Note: async functions like the default one have be to schedule'd by Danger.


See the GitHub release history.



yarn why danger-plugin-yarn output

  • Has been hoisted to "danger-plugin-yarn"
  • This module exists because it's specified in "devDependencies".
  • Disk size without dependencies: "80kB"
  • Disk size with unique dependencies: "3.98MB"
  • Disk size with transitive dependencies: "4.43MB"
  • Number of shared dependencies: 7

Generated by 🚫 dangerJS