NPM list in Dependabot PRs #11557
Unanswered
nielsvaneck
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi GitHub!
First off, loving the recent improvements to Dependabot. The extra context in the PRs makes it a lot easier to evaluate the changes that will be introduced by applying a package upgrade. Great work!
One of the things I find myself doing a lot when evaluating a Dependabot PR, is running
npm list <package-being-upgraded>
to get a better idea of how an affected package is brought into my dependencies.It would be super helpful if Dependabot could run that command (and/or its equivalent on other package managers) and put the output right in the PR description.
Thanks for great work on Dependabot, and I hope you'll take this suggestion into consideration.
-niels van eck
Beta Was this translation helpful? Give feedback.
All reactions