🐶 Buddy Bot

The fastest, most intelligent dependency management bot for modern JavaScript and TypeScript projects (and PHP).

Buddy Bot is a lightning-fast alternative to Dependabot and Renovate, purpose-built for modern JavaScript, TypeScript, and PHP ecosystems. It intelligently scans your projects, detects outdated & deprecated dependencies across multiple package managers, and creates beautifully formatted pull requests with comprehensive changelogs and metadata.

Features

🚀 Performance & Speed

Lightning Fast Execution: Built with Bun for maximum performance
Intelligent Scanning: Uses bun outdated and GitHub releases API for accurate, real-time dependency detection
Optimized CI/CD: Minimal resource usage with smart caching

📦 Universal Package Support

Multi-Package Manager: Full support for Bun, npm, yarn, pnpm, Composer, pkgx & Launchpad
GitHub Actions: Automatically updates workflow dependencies (actions/checkout@v4, etc.)
Docker Images: Detects and updates Dockerfile base images and versions
Lock File Awareness: Respects and updates all lock file formats

🎯 Smart Dependency Management

Configurable Update Strategies: Choose from major, minor, patch, or all updates
Flexible Package Grouping: Group related packages for cleaner, focused PRs
Intelligent Conflict Detection: Prevents breaking changes with smart dependency analysis
Security-First Updates: Prioritizes security patches and vulnerability fixes

📊 Rich Dashboard & Monitoring

Dependency Dashboard: Centralized GitHub issue with complete dependency overview
Interactive Rebase: One-click PR updates via checkbox interface
Real-time Status Tracking: Live monitoring of all open PRs and pending updates
Comprehensive Reporting: Detailed update summaries with confidence metrics

🎨 Beautiful Pull Requests

Multi-Format Tables: Separate sections for npm, PHP/Composer, pkgx/Launchpad, and GitHub Actions
Rich Metadata: Confidence badges, adoption metrics, age indicators, and download stats
Detailed Changelogs: Automatic release notes and breaking change detection
Professional Formatting: Clean, readable PR descriptions with proper categorization

⚙️ Developer Experience

Zero Configuration: Works immediately with intelligent defaults
Interactive Setup: Renovate-like guided configuration with validation
Migration Tools: Seamless import from existing Renovate and Dependabot setups
TypeScript Config: Full type safety with buddy-bot.config.ts

🔌 Extensible Integration

Plugin Ecosystem: Built-in Slack, Discord, and Jira integrations
Custom Hooks: Extensible system for organization-specific workflows
CI/CD Ready: Pre-built GitHub Actions workflows for all use cases
API Access: Programmatic control for advanced automation

Quick Start

# Install globally
bun add -g buddy-bot

# Interactive setup (recommended)
buddy-bot setup

# Non-interactive setup for CI/CD
buddy-bot setup --non-interactive

# Non-interactive with specific preset
buddy-bot setup --non-interactive --preset testing --verbose

# Or run directly for scanning only
buddy-bot scan

Usage

Interactive Setup

The easiest way to get started is with the interactive setup command:

buddy-bot setup

This comprehensive setup wizard will guide you through configuring automated dependency updates for your project in a Renovate-like experience.

Non-Interactive Setup

For CI/CD pipelines and automated deployments, use the non-interactive mode:

# Basic non-interactive setup (uses defaults)
buddy-bot setup --non-interactive

# Specify preset and token setup
buddy-bot setup --non-interactive --preset testing --token-setup existing-secret --verbose

# Production setup with security focus
buddy-bot setup --non-interactive --preset security --token-setup existing-secret

Available options:

--non-interactive - Skip all prompts, use defaults
--preset <type> - Workflow preset: standard, high-frequency, security, minimal, testing (default: standard)
--token-setup <type> - Token mode: default-token, existing-secret, new-pat (default: default-token)

The setup process includes:

🔍 Pre-flight Validation

Environment checks - Validates git repository, Node.js/Bun installation
Conflict detection - Scans for existing dependency management tools (Renovate, Dependabot)
Git configuration - Ensures proper git user setup
GitHub CLI detection - Suggests helpful tools for authentication

📊 Smart Project Analysis

Project type detection - Identifies library, application, monorepo, or unknown projects
Package manager detection - Detects Bun, npm, yarn, pnpm with lock file validation
Dependency ecosystem analysis - Finds pkgx, Launchpad dependency files
GitHub Actions discovery - Scans existing workflows for updates
Intelligent recommendations - Suggests optimal setup based on project characteristics

📈 Interactive Progress Tracking

Visual progress bar - Real-time completion percentage with progress indicators
Step-by-step guidance - Clear indication of current and completed steps
Time tracking - Setup duration monitoring
Recovery capabilities - Resume from failures with detailed error reporting

📋 Step 1: Configuration Migration & Discovery

Tool Detection - Automatically detects existing Renovate and Dependabot configurations
Seamless Migration - Imports settings, schedules, package rules, and ignore patterns
Compatibility Analysis - Identifies incompatible features and provides alternatives
Migration Report - Detailed summary of migrated settings and confidence levels

🔌 Step 2: Integration Discovery

Plugin Discovery - Automatically detects available integrations (Slack, Discord, Jira)
Environment Detection - Scans for webhook URLs, API tokens, and configuration files
Plugin Loading - Enables discovered integrations for setup completion notifications
Custom Plugins - Supports custom plugin definitions in .buddy/plugins/ directory

🔍 Step 3: Repository Detection & Validation

Automatically detects your GitHub repository from git remote
API validation - Tests repository access and permissions via GitHub API
Repository health checks - Validates issues, permissions, and settings
Private repository support - Enhanced validation for private repositories

🔑 Step 4: Enhanced Token Setup

Guides you through creating a Personal Access Token (PAT)
Scope validation - Explains required scopes (repo, workflow) with examples
Token testing - Validates token permissions before proceeding
Helps set up repository secrets for enhanced features

🔧 Step 5: Repository Settings Validation

Walks you through GitHub Actions permissions configuration
Permission verification - Tests workflow permissions in real-time
Organization settings - Guidance for organization-level permissions
Ensures proper workflow permissions for PR creation

⚙️ Step 6: Intelligent Workflow Configuration Choose from several carefully crafted presets with smart recommendations:

Standard Setup (Recommended) - Dashboard updates 3x/week, balanced dependency updates
High Frequency - Check for updates multiple times per day
Security Focused - Frequent patch updates with security-first approach
Minimal Updates - Weekly checks, lower frequency
Development/Testing - Manual triggers + frequent checks for testing
Custom Configuration - Advanced schedule builder with cron preview

📝 Step 7: Enhanced Configuration Generation

Creates buddy-bot.config.json with repository-specific settings
Project-aware defaults - Configuration optimized for detected project type
Ecosystem integration - Includes detected package managers and dependency files
Includes sensible defaults and customization options

🔄 Step 8: Workflow Generation & Validation

Generates three core GitHub Actions workflows:
- buddy-dashboard.yml - Dependency Dashboard Management
- buddy-check.yml - Auto-rebase PR checker
- buddy-update.yml - Scheduled dependency updates
YAML validation - Ensures generated workflows are syntactically correct
Security best practices - Validates token usage and permissions
Workflow testing - Verifies generated workflows meet requirements

🎯 Step 9: Comprehensive Validation & Instructions

Setup verification - Validates all generated files and configurations
Workflow testing - Tests generated workflow syntax and requirements
Clear next steps - Git commands and repository setup instructions
Documentation links - Direct links to GitHub settings pages
Troubleshooting guide - Common issues and solutions

🔌 Step 10: Integration Notifications

Plugin Execution - Executes loaded integration hooks for setup completion
Slack Notifications - Rich setup completion messages with repository details
Discord Embeds - Colorful setup completion notifications with project information
Jira Tickets - Automatic task creation for tracking setup completion
Custom Hooks - Extensible system for organization-specific integrations

Command Line Interface

# Setup commands
buddy setup                                    # Interactive setup (recommended)
buddy setup --non-interactive                 # Non-interactive with defaults
buddy setup --non-interactive --preset testing --verbose

# Scan for dependency updates
buddy scan
buddy scan --verbose

# Check specific packages
buddy scan --packages "react,typescript,@types/node"

# Check packages with glob patterns
buddy scan --pattern "@types/*"

# Apply different update strategies
buddy scan --strategy minor
buddy scan --strategy patch

# Update dependencies and create PRs
buddy update --dry-run
buddy update

# Check for rebase requests and update PRs
buddy update-check
buddy update-check --dry-run
buddy update-check --verbose

# Get help
buddy help

Configuration

Create a buddy-bot.config.ts file in your project root:

import type { BuddyBotConfig } from 'buddy-bot'

const config: BuddyBotConfig = {
  verbose: false,

  // Repository settings for PR creation
  repository: {
    provider: 'github',
    owner: 'your-org',
    name: 'your-repo',
    token: process.env.GITHUB_TOKEN,
    baseBranch: 'main'
  },

  // Package update configuration
  packages: {
    strategy: 'all', // 'major' | 'minor' | 'patch' | 'all'
    ignore: [
      'legacy-package',
      '@types/node' // Example ignores
    ],
    groups: [
      {
        name: 'TypeScript Types',
        patterns: ['@types/*'],
        strategy: 'minor'
      },
      {
        name: 'ESLint Ecosystem',
        patterns: ['eslint*', '@typescript-eslint/*'],
        strategy: 'patch'
      }
    ]
  },

  // Pull request settings
  pullRequest: {
    titleFormat: 'chore(deps): {title}',
    commitMessageFormat: 'chore(deps): {message}',
    reviewers: ['maintainer1', 'maintainer2'],
    labels: ['dependencies', 'automated'],
    autoMerge: {
      enabled: true,
      strategy: 'squash', // 'merge', 'squash', or 'rebase'
      conditions: ['patch-only'] // Only auto-merge patch updates
    }
  },

  // Dependency dashboard settings
  dashboard: {
    enabled: true,
    title: 'Dependency Dashboard',
    pin: true,
    labels: ['dependencies', 'dashboard'],
    assignees: ['maintainer1'],
    showOpenPRs: true,
    showDetectedDependencies: true
  }
}

export default config

Configuration Migration

Buddy Bot can automatically migrate your existing dependency management configurations from Renovate and Dependabot, making the transition seamless.

Supported Migration Sources

Renovate - renovate.json, .renovaterc, package.json renovate config
Dependabot - .github/dependabot.yml, .github/dependabot.yaml

Migration Process

Automatic Detection - Scans for existing configuration files
Smart Conversion - Maps settings to Buddy Bot equivalents
Compatibility Check - Identifies unsupported features
Migration Report - Provides detailed conversion summary

# Migration happens automatically during setup
buddy-bot setup

# Or use programmatically
import { ConfigurationMigrator } from 'buddy-bot/setup'

const migrator = new ConfigurationMigrator()
const tools = await migrator.detectExistingTools()
const result = await migrator.migrateFromRenovate('renovate.json')

Migrated Settings

Renovate	Dependabot	Buddy Bot	Notes
`schedule`	`schedule.interval`	Workflow presets	Mapped to Standard/High-Frequency/Minimal
`packageRules`	`ignore`	Package groups & ignore lists	Preserves grouping logic
`automerge`	N/A	Auto-merge settings	Includes strategy preferences
`assignees`/`reviewers`	N/A	PR configuration	Maintains team assignments

Integration Ecosystem

Buddy Bot includes an extensible plugin system that enables integrations with popular collaboration and project management tools.

Built-in Integrations

Slack Integration

# Set environment variable
export SLACK_WEBHOOK_URL="https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK"

# Or create config file
echo "https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK" > .buddy/slack-webhook

Features:

Rich setup completion notifications
Repository and project details
Error notifications for setup failures
Configurable channel and username

Discord Integration

# Set environment variable
export DISCORD_WEBHOOK_URL="https://discord.com/api/webhooks/YOUR/DISCORD/WEBHOOK"

# Or create config file
echo "https://discord.com/api/webhooks/YOUR/DISCORD/WEBHOOK" > .buddy/discord-webhook

Features:

Colorful embed notifications
Project type and package manager details
Timestamp tracking
Setup completion confirmations

Jira Integration

# Set environment variables
export JIRA_API_TOKEN="your-jira-api-token"
export JIRA_BASE_URL="https://your-org.atlassian.net"
export JIRA_PROJECT_KEY="BUDDY"  # Optional, defaults to BUDDY

Features:

Automatic ticket creation for setup completion
Repository and project context
Configurable project keys
Setup tracking and documentation

Custom Plugins

Create custom integrations by defining plugins in .buddy/plugins/:

// .buddy/plugins/custom-integration.json
{
  "name": "custom-integration",
  "version": "1.0.0",
  "enabled": true,
  "triggers": [
    { "event": "setup_complete" },
    { "event": "validation_error" }
  ],
  "hooks": [
    {
      "name": "custom-notification",
      "priority": 10,
      "async": true,
      "handler": "// Custom JavaScript function"
    }
  ],
  "configuration": {
    "webhook_url": "https://your-custom-webhook.com/notify",
    "api_key": "your-api-key"
  }
}

Plugin Events

Event	Description	Context
`pre_setup`	Before setup begins	Initial configuration
`post_setup`	After setup completes	Full setup context
`step_complete`	After each setup step	Step-specific progress
`validation_error`	When validation fails	Error details and recovery
`setup_complete`	Final setup completion	Complete project context

Programmatic Usage

import { Buddy, ConfigManager } from 'buddy-bot'

// Load configuration
const config = await ConfigManager.loadConfig()

// Create Buddy instance
const buddy = new Buddy(config)

// Scan for updates
const scanResult = await buddy.scanForUpdates()

console.log(`Found ${scanResult.updates.length} updates`)

// Check specific packages
const updates = await buddy.checkPackages(['react', 'typescript'])

// Create pull requests
if (scanResult.updates.length > 0) {
  await buddy.createPullRequests(scanResult)
}

// Create or update dependency dashboard
const dashboardIssue = await buddy.createOrUpdateDashboard()
console.log(`Dashboard updated: ${dashboardIssue.url}`)

Dependency Dashboard

The dependency dashboard provides a centralized view of all your repository's dependencies and open pull requests in a single GitHub issue. Similar to Renovate's dependency dashboard, it gives you complete visibility into your dependency management.

Key Features

📊 Single Overview: All dependencies and PRs in one place
🔄 Interactive Controls: Force retry/rebase PRs by checking boxes
📌 Pinnable Issue: Keep dashboard at the top of your issues
🏷️ Smart Categorization: Organized by npm, GitHub Actions, and dependency files
⚡ Auto-Updates: Refreshes when dependencies change

Rebase Functionality

Buddy Bot includes powerful rebase functionality that allows you to update existing pull requests with the latest dependency versions, similar to Renovate's rebase feature.

How It Works

All Buddy Bot pull requests include a rebase checkbox at the bottom:

---
 - [ ] <!-- rebase-check -->If you want to update/retry this PR, check this box
---

Using the Rebase Feature

Check the box: In any Buddy Bot PR, check the rebase checkbox
Automatic detection: The rebase workflow runs every minute to detect checked boxes
Updates applied: The PR is automatically updated with the latest dependency versions
Checkbox unchecked: After successful rebase, the checkbox is automatically unchecked

Rebase Command

You can also trigger rebase manually using the CLI:

# Check for PRs with rebase checkbox enabled and update them
buddy-bot update-check

# Dry run to see what would be rebased
buddy-bot update-check --dry-run

# With verbose output
buddy-bot update-check --verbose

Automated Rebase Workflow

Buddy Bot includes a pre-built GitHub Actions workflow (.github/workflows/buddy-check.yml) that:

🕐 Runs every minute: Automatically checks for rebase requests
🔍 Scans all PRs: Finds Buddy Bot PRs with checked rebase boxes
📦 Updates dependencies: Re-scans for latest versions and updates files
📝 Updates PR content: Refreshes PR title, body, and file changes
✅ Maintains workflow files: Updates GitHub Actions workflows (requires proper permissions)

Workflow File Permissions

For the rebase functionality to update GitHub Actions workflow files, you need proper permissions:

Option 1: Personal Access Token (Recommended)

Create a Personal Access Token with repo and workflow scopes
Add it as a repository secret named BUDDY_BOT_TOKEN
The workflow automatically uses it when available

Option 2: Default GitHub Token (Limited)

Uses GITHUB_TOKEN with limited permissions
Cannot update workflow files (.github/workflows/*.yml)
Still updates package.json, lock files, and dependency files

What Gets Updated During Rebase

✅ package.json - npm/yarn/pnpm dependencies
✅ Lock files - package-lock.json, yarn.lock, pnpm-lock.yaml, bun.lockb
✅ Dependency files - deps.yaml, dependencies.yaml, pkgx.yaml
✅ GitHub Actions - workflow files (with proper permissions)
✅ PR content - Updated title, body, and metadata

Quick Start

# Create basic dashboard
buddy-bot dashboard

# Create dashboard with custom title
buddy-bot dashboard --title "My Dependencies"

Automated Dashboard Updates

Buddy Bot includes a pre-built GitHub workflow (.github/workflows/buddy-dashboard.yml) that automatically updates your dependency dashboard:

📅 Scheduled: Runs Monday, Wednesday, Friday at 9 AM UTC
🖱️ Manual: Trigger from Actions tab with custom options
📌 Auto-Pin: Keeps dashboard pinned by default
🔍 Dry-Run: Preview mode available

Example Dashboard Output

The dashboard automatically organizes your dependencies and shows:

## Open

The following updates have all been created. To force a retry/rebase of any, click on a checkbox below.

 - [ ] <!-- rebase-branch=buddy-bot/update-react-18 -->[chore(deps): update react to v18](../pull/123) (`react`)
 - [ ] <!-- rebase-branch=buddy-bot/update-types -->[chore(deps): update @types/node](../pull/124) (`@types/node`)

## Detected dependencies

<details><summary>npm</summary>
<blockquote>

<details><summary>package.json</summary>

 - `react ^17.0.0`
 - `typescript ^4.9.0`
 - `@types/node ^18.0.0`

</details>
</blockquote>
</details>

<details><summary>github-actions</summary>
<blockquote>

<details><summary>.github/workflows/ci.yml</summary>

 - `actions/checkout v3`
 - `oven-sh/setup-bun v1`

</details>
</blockquote>
</details>

How It Works

Buddy Bot's intelligent workflow delivers unmatched speed and accuracy:

⚡ Lightning-Fast Scanning: Leverages bun outdated and parallel API calls for instant dependency analysis
🔍 Universal Detection: Automatically discovers and parses all dependency files across your entire project
🧠 Smart Analysis: Evaluates security implications, breaking changes, and compatibility before suggesting updates
🎯 Intelligent Grouping: Automatically clusters related packages to create focused, logical pull requests
📊 Rich Context: Fetches comprehensive metadata including adoption rates, confidence scores, and detailed changelogs
✨ Professional PRs: Generates beautifully formatted pull requests with actionable insights and clear upgrade paths

Supported Dependency Files

Buddy automatically detects and updates the following dependency file formats:

Package Dependencies

package.json - Traditional npm dependencies
composer.json - PHP dependencies from Packagist
composer.lock - PHP lock file with exact versions
deps.yaml / deps.yml - Launchpad/pkgx dependency declarations
dependencies.yaml / dependencies.yml - Alternative dependency file format
pkgx.yaml / pkgx.yml - pkgx-specific dependency files
.deps.yaml / .deps.yml - Hidden dependency configuration files

GitHub Actions

.github/workflows/*.yml - GitHub Actions workflow files
.github/workflows/*.yaml - Alternative YAML extension

All dependency files are parsed using the ts-pkgx library to ensure compatibility with the pkgx registry ecosystem while maintaining support for tools like Launchpad that reuse the same registry format. GitHub Actions are detected by parsing uses: statements in workflow files and checking for updates via the GitHub releases API.

Pull Request Format

Buddy generates comprehensive pull requests with three separate dependency tables:

1. npm Dependencies

Full table with confidence badges, age, adoption metrics, and weekly download statistics:

| Package | Change | Age | Adoption | Passing | Confidence |
|---------|--------|-----|----------|---------|------------|
| lodash  | ^4.17.20 → ^4.17.21 | 📅 | 📈 | ✅ | 🔒 |

2. PHP/Composer Dependencies

Focused table for PHP packages from Packagist:

| Package | Change | File | Status |
|---------|--------|------|--------|
| laravel/framework | ^10.0.0 → ^10.16.0 | composer.json | ✅ Available |
| phpunit/phpunit | ^10.0.0 → ^10.3.0 | composer.json | ✅ Available |

3. Launchpad/pkgx Dependencies

Simplified table focusing on package updates and file locations:

| Package | Change | File | Status |
|---------|--------|------|--------|
| bun.com | ^1.2.16 → ^1.2.19 | deps.yaml | ✅ Available |

4. GitHub Actions

Workflow automation updates with direct links to repositories:

| Action | Change | File | Status |
|--------|--------|------|--------|
| actions/checkout | v4 → v4.2.2 | ci.yml | ✅ Available |
| oven-sh/setup-bun | v2 → v2.0.2 | release.yml | ✅ Available |

Each table is followed by detailed release notes, changelogs, and package statistics tailored to the dependency type.

Update Strategies

all: Update all dependencies regardless of semver impact
major: Only major version updates
minor: Major and minor updates (no patch-only)
patch: All updates (major, minor, and patch)

Auto-Merge Configuration

Buddy supports configurable auto-merge for pull requests to reduce manual overhead:

const config: BuddyBotConfig = {
  pullRequest: {
    autoMerge: {
      enabled: true,
      strategy: 'squash', // 'merge', 'squash', or 'rebase'
      conditions: ['patch-only'] // Optional: restrict to specific update types
    }
  }
}

Auto-Merge Strategies

squash: Squash commits and merge (recommended for clean history)
merge: Create a merge commit (preserves individual commits)
rebase: Rebase and merge (linear history without merge commits)

Auto-Merge Conditions

patch-only: Only auto-merge patch version updates (safest)
No conditions: Auto-merge all updates (use with caution)

Workflow-Specific Auto-Merge

Each preset configures auto-merge appropriately:

High Frequency Updates: Auto-merge patch updates only (6AM, 12PM, 6PM), manual review for minor updates (12AM)
Security Focused: Auto-merge security patches every 6 hours
Standard Project: Auto-merge daily patches, manual review for weekly/monthly updates
Development/Testing: No auto-merge, dry-run by default, enhanced testing features.

Development & Testing

The Development/Testing preset is specifically designed for testing and development environments:

Features

⏰ Every 5 minutes: Automated runs for rapid testing cycles
🖱️ Manual triggers: Full control via GitHub Actions UI
🔍 Dry run by default: Safe testing without making changes
📝 Verbose logging: Detailed output for debugging
📦 Package-specific testing: Test updates for specific packages
📊 Enhanced summaries: Detailed test reports with context

Manual Trigger Options

When running manually, you can customize:

Update strategy: Choose patch, minor, major, or all updates
Dry run mode: Preview changes without applying them
Specific packages: Test updates for particular packages only
Verbose logging: Control output detail level

Perfect For

🧪 Testing new configurations
🔧 Debugging dependency issues
📈 Monitoring update frequency
🚀 Validating workflow changes
📋 Learning how Buddy Bot works

Package Grouping

Group related packages to create cleaner, more focused pull requests:

{
  groups: [
    {
      name: 'React Ecosystem',
      patterns: ['react*', '@types/react*'],
      strategy: 'minor'
    },
    {
      name: 'Development Tools',
      patterns: ['eslint*', 'prettier*', '@typescript-eslint/*'],
      strategy: 'patch'
    }
  ]
}

Example Output

When Buddy finds updates, it creates PRs like:

chore(deps): update all non-major dependencies

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [typescript](https://www.typescriptlang.org/) | `^5.8.2` -> `^5.8.3` | [![age](https://developer.mend.io/api/mc/badges/age/npm/typescript/5.8.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/typescript/5.8.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/typescript/5.8.2/5.8.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/typescript/5.8.2/5.8.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>microsoft/TypeScript (typescript)</summary>

### [`v5.8.3`](https://github.com/microsoft/TypeScript/releases/tag/v5.8.3)

[Compare Source](https://github.com/microsoft/TypeScript/compare/v5.8.2...v5.8.3)

##### Bug Fixes
- Fix issue with module resolution
- Improve error messages

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to update/retry this PR, check this box

---

This PR was generated by [Buddy](https://github.com/stacksjs/buddy-bot).

Why Choose Buddy Bot?

Feature	Buddy Bot	Dependabot	Renovate
Performance	⚡ Lightning fast (Bun-native)	🐌	🐌
Package Ecosystem	🌟 Universal (8+ managers)	📦 Limited scope	📦 Limited scope
Setup Experience	🎯 Interactive + Zero config	✅ Simple	❌ Complex configuration
Docker Support	✅ Full Dockerfile updates	❌ No support	✅ Basic support
Configuration	🔧 TypeScript + multiple formats	📝 YAML only	📝 JSON/JS only
Package Grouping	🎨 Intelligent + flexible	📋 Basic grouping	🔧 Advanced but complex
Dashboard	📊 Rich interactive dashboard	❌ No dashboard	📊 Basic dashboard
Migration Tools	🔄 Automated import	❌ Manual migration	❌ Manual migration
Self-hosting	✅ Full control	❌ GitHub-only	✅ Complex setup
Plugin System	🔌 Extensible ecosystem	❌ Limited	🔌 Advanced but complex

CI/CD Integration

GitHub Actions

Buddy includes powerful GitHub Actions workflow templates for different automation strategies:

# Basic dependency updates (generated by setup)
name: Buddy Update
on:
  schedule:
    - cron: '0 */2 * * *' # Every 2 hours
  workflow_dispatch:
    inputs:
      strategy:
        description: Update strategy
        required: false
        default: patch
      dry_run:
        description: Dry run (preview only)
        required: false
        default: true
        type: boolean
jobs:
  dependency-update:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: oven-sh/setup-bun@v2
      - run: bun install
      - run: bunx buddy-bot scan --strategy ${{ github.event.inputs.strategy || 'patch' }} --verbose
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - if: ${{ github.event.inputs.dry_run != 'true' }}
        run: bunx buddy-bot update --strategy ${{ github.event.inputs.strategy || 'patch' }} --verbose
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

🚀 Generate Advanced Workflows:

# Generate comprehensive GitHub Actions workflows
buddy generate-workflows

# This creates:
# - buddy-comprehensive.yml (multi-strategy scheduling)
# - dependency-updates-daily.yml (patch updates)
# - dependency-updates-weekly.yml (minor updates)
# - dependency-updates-monthly.yml (major updates)
# - buddy-monorepo.yml (monorepo support)
# - buddy-docker.yml (Docker-based)

🔥 Comprehensive Multi-Strategy Workflow:

The updated workflow system automatically:

Every 2 hours: All configured strategies with dry-run by default
Manual trigger: Any strategy with configurable dry-run option
Enhanced testing: Comprehensive validation and summaries
Failure handling: Auto-creates GitHub issues
Smart summaries: Rich GitHub Actions summaries
Flexible scheduling: Consistent 2-hour intervals for all presets

GitHub Actions Permissions Setup

⚠️ Important: For Buddy to create pull requests in GitHub Actions workflows, you need to enable the proper permissions:

Repository Settings

Go to your repository Settings → Actions → General
Under "Workflow permissions", select "Read and write permissions"
✅ Check "Allow GitHub Actions to create and approve pull requests"
Click "Save"

Organization Settings (if applicable)

If your repository is part of an organization, you may also need to enable organization-level permissions:

Go to your organization Settings → Actions → General
Configure the same permissions as above

Quick Setup Command

# Open GitHub settings pages directly
buddy open-settings

# Or manually visit:
# Repository: https://github.com/YOUR_ORG/YOUR_REPO/settings/actions
# Organization: https://github.com/organizations/YOUR_ORG/settings/actions

Troubleshooting

If you see errors like:

GitHub Actions is not permitted to create or approve pull requests
GraphQL: GitHub Actions is not permitted to create or approve pull requests (createPullRequest)

This indicates the permissions above need to be enabled. Both GitHub CLI and REST API methods require these permissions to create PRs from workflows.

For more details, see the GitHub documentation on managing GitHub Actions settings.

Testing

bun test

Build From Source

bun run build

Changelog

Please see our releases page for more information on what has changed recently.

Contributing

Please see the Contributing Guide for details.

Community

For help, discussion about best practices, or any other conversation that would benefit from being searchable:

Discussions on GitHub

For casual chit-chat with others using this package:

Join the Stacks Discord Server

Postcardware

“Software that is free, but hopes for a postcard.” We love receiving postcards from around the world showing where Stacks is being used! We showcase them on our website too.

Our address: Stacks.js, 12665 Village Ln #2306, Playa Vista, CA 90094, United States 🌎

Credits

And a special thanks to Dan Scanlon for donating the stacks name on npm ✨

License

The MIT License (MIT). Please see LICENSE for more information.

Made with 💙

Name		Name	Last commit message	Last commit date
Latest commit History 284 Commits
.github		.github
.vscode		.vscode
.zed		.zed
bin		bin
docs		docs
src		src
test		test
.editorconfig		.editorconfig
.gitattributes		.gitattributes
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
LICENSE.md		LICENSE.md
README.md		README.md
buddy-bot		buddy-bot
buddy-bot.config.ts		buddy-bot.config.ts
build.ts		build.ts
bun.lock		bun.lock
bunfig.toml		bunfig.toml
deps.yaml		deps.yaml
eslint.config.ts		eslint.config.ts
package.json		package.json
tsconfig.json		tsconfig.json

Uh oh!

License

stacksjs/buddy-bot

Folders and files

Latest commit

History

Repository files navigation

🐶 Buddy Bot

Features

🚀 Performance & Speed

📦 Universal Package Support

🎯 Smart Dependency Management

📊 Rich Dashboard & Monitoring

🎨 Beautiful Pull Requests

⚙️ Developer Experience

🔌 Extensible Integration

Quick Start

Usage

Interactive Setup

Non-Interactive Setup

Command Line Interface

Configuration

Configuration Migration

Supported Migration Sources

Migration Process

Migrated Settings

Integration Ecosystem

Built-in Integrations

Slack Integration

Discord Integration

Jira Integration

Custom Plugins

Plugin Events

Programmatic Usage

Dependency Dashboard

Key Features

Rebase Functionality

How It Works

Using the Rebase Feature

Rebase Command

Automated Rebase Workflow

Workflow File Permissions

Option 1: Personal Access Token (Recommended)

Option 2: Default GitHub Token (Limited)

What Gets Updated During Rebase

Quick Start

Automated Dashboard Updates

Example Dashboard Output

How It Works

Supported Dependency Files

Package Dependencies

GitHub Actions

Pull Request Format

1. npm Dependencies

2. PHP/Composer Dependencies

3. Launchpad/pkgx Dependencies

4. GitHub Actions

Update Strategies

Auto-Merge Configuration

Auto-Merge Strategies

Auto-Merge Conditions

Workflow-Specific Auto-Merge

Development & Testing

Features

Manual Trigger Options

Perfect For

Package Grouping

Example Output

Why Choose Buddy Bot?

CI/CD Integration

GitHub Actions

GitHub Actions Permissions Setup

Repository Settings

Organization Settings (if applicable)

Quick Setup Command

Troubleshooting

Testing

Build From Source

Changelog

Contributing

Packages