Launching gh-dep-risk
I built gh-dep-risk to make npm dependency pull request review faster.
It is a precompiled GitHub CLI extension that summarizes dependency risk on demand, so the workflow stays inside gh instead of requiring a server, webhook receiver, database, queue, or dashboard.
What it does
- summarizes npm dependency changes in a PR
- renders human, JSON, and markdown output
- can upsert a single PR timeline marker comment with
--comment - supports
--fail-levelfor CI and workflow gating - supports monorepo and workspace target selection with
--pathand--list-targets - supports a manual GitHub Actions workflow for no-local-install runs
Why this shape
I wanted something reviewers can run only when they need it, with existing GitHub auth and without more infrastructure to operate.
Install
gh extension install rad1092/gh-dep-risk
gh dep-risk version
Example
gh dep-risk pr 123
gh dep-risk pr 123 --format json
gh dep-risk pr 123 --comment
gh dep-risk pr 123 --fail-level high
Scope
- npm-only
- supports
package.jsonandpackage-lock.json - one Go binary
Links
- GitHub repo: https://github.com/rad1092/gh-dep-risk
- Latest release: https://github.com/rad1092/gh-dep-risk/releases/latest
- Launch discussion: https://github.com/rad1092/gh-dep-risk/discussions/1
The current public release is v0.1.5. It includes the MIT license, release-ready docs, install smoke coverage, and real PR validation.
Feedback, issues, and edge cases are welcome.
DE
Source
This article was originally published by DEV Community and written by Monde kim.
Read original article on DEV Community