(this is an extension of https://github.com/hiwelo/new-dependencies-action)

In Pull Requests, this action highlight the addition of new NPM dependencies, the update or the removal of existing ones in one of the package.json of your repository. It also provides the link to the package page on npmJS and to the source code page

This action is not only looking at the root-level package.json but potentially any existing package.json in the project to be compatible with monorepo projects.

To highlight new/updated/removed packages, this action compares the list of dependencies registered in the current branch with the ones registered in the base branch. This check only occurs for each package.json file added or updated with the current pull request.

Adding new, upgrading or removing dependencies in a project should never be a small change, and often it should trigger discussions between maintainers. This action can help you making sure that you are not missing addition of new package, upgrades or removal in your NPM dependencies and devDependencies.

This GitHub Action should run everytime a commit is pushed to the pull request to check any potential addition or change in one of your package.json.

name: Inspect dependencies
on:
  - pull_request

jobs:
  check_dependencies:
    runs-on: ubuntu-latest
    steps:
      - name: Check for new and updated dependencies
        uses: rknj/dependencies-updates-action@v1.1.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          show_dev_dependencies: 'false'
          show_checklist: 'true'

Build the typescript and package it for distribution

$ npm run build && npm run pack

• Did you check the impact on the platform?
• Did you check if these libraries are still supported?
• Did you check if there are security vulnerabilities?
• Did you check if the licenses are compatible with our products?

This project is released under the MIT License.