For example if we are making mocha plugin, we might test it using mocha (dev dependency) and also list mocha as peer dependency.

something like this <url.git#version> should be parsed into version

Because wrong version 0.0.0-development got published

The version in a bower.json file is ignored and the version "truth" is the git tag. Therefore some bower modules argue not to use and refer to the spec (https://github.com/bower/bower.json-spec#version).

Bower 1.4 puts a .bower.json file in an installed component which contains the version number. I haven't checked since which version bower does that, but it's probably the more reliable information.

Related discussion for the module bootstrap-css-only fyockm/bootstrap-css-only#7 (comment)

Obsolete

• blocked by bahmutov/grunt-nice-package#27

To check package.json in non-current folder

Common mistake when using semantic-release - it removes package version,
causing problems for other packages.

Has problems with Node 8, obsolete unit testing

For example, backbone has only package.json file

When installing this package I get and audit report with 3 high vulnerabilities:

$ npm audit

  High            Prototype Pollution
  Package         lodash
  Patched in      >=4.17.11
  Dependency of   deps-ok
  Path            deps-ok > lodash
  More info       https://npmjs.com/advisories/782

  High            Prototype Pollution
  Package         lodash
  Patched in      >=4.17.12
  Dependency of   deps-ok
  Path            deps-ok > lodash
  More info       https://npmjs.com/advisories/1065

  Low             Prototype Pollution
  Package         lodash
  Patched in      >=4.17.19
  Dependency of   deps-ok
  Path            deps-ok > lodash
  More info       https://npmjs.com/advisories/1523

  High            Command Injection
  Package         lodash
  Patched in      >=4.17.21
  Dependency of   deps-ok
  Path            deps-ok > lodash
  More info       https://npmjs.com/advisories/1673

  Low             Prototype Pollution
  Package         minimist
  Patched in      >=0.2.1 <1.0.0 || >=1.2.3
  Dependency of   deps-ok
  Path            deps-ok > minimist
  More info       https://npmjs.com/advisories/1179

found 5 vulnerabilities (2 low, 3 high) in 13 scanned packages

These vulnerabilities are meaningless in a dev dependency like this, but still I'd like to get rid of them because it makes it harder to spot other important ones.

Any chance of releasing an updated version?

Instead of 1

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Datasource	Name	Replacement PR?
npm	q

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• chore(deps): update dependency simple-commit-message to v4.1.3
• fix(deps): update dependency lodash to v4.17.21
• fix(deps): update dependency debug to v4
• fix(deps): update dependency lazy-ass to v2

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• fix(deps): update dependency minimist to v1.2.8
• fix(deps): update dependency semver to v5.7.2
• chore(deps): update dependency grunt to v1
• chore(deps): update dependency jest to v29
• chore(deps): update dependency semantic-release to v24
• chore(deps): update dependency standard to v17
• fix(deps): update dependency semver to v7
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Just show the error message and continue, for example if dependency is specified like "bars": "github:jstrace/bars"

for clarity

Bower lets you configure its install directory in a .bowerrc file. It looks like deps-ok only checks the default location.

// .bowerrc
{
   "directory": "vendor/bower",
   "json": "bower.json"
}

Output:

ERROR: cannot find folder /home/will/projects/toad/bower_components/backbone

npm worked like a champ though :) looking forward to adding this into our build

New npm seems to save versions with ^ symbol, ignore it

separate into good sections

take process.cwd() folder by default

For example modernizr does not have component or bower file

Right now thinks 0.0.0-development is the last one :(

To keep dependencies up to date automatically

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Preset name not found within published preset config (monorepo:babel6). Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

Skip with warning dependencies that have git: versions, like git://github.com/bahmutov/grunt-regex-check.git#33b25690780261f8fa4fa7fc43cff5775bd4cd7c

Check if the same dependency name is ins several places (dependencies and devDependencies for example)

Related to #17 and #2.

Sometimes you need to make a fork from git, like

"JSV": "git+https://github.com/onetwotrip/JSV.git#06ee6c64b8ef06f41d5dc973ec36395c08f8153e",

and you get message like

skipping invalid version git+https://github.com/onetwotrip/JSV.git#06ee6c64b8ef06f41d5dc973ec36395c08f8153e

Even thorough git hash dependency is valid and can be checked.

It would be great to implement it.