Search code examples
azure-devopsazure-artifacts

Dependency Management of npm packages

Is there anything like greenkeeper.io or dependabot.com for VSTS? These solutions will look into the package.json file, compare the current project's version of a dependency against the most recent published version, and propose PR's that are incrementing the dependency to the latest version.

Solution

  • There isn’t such feature in VSTS.

    The workaround:

    1. Create a Scheduled build definition for specified repository and branch
    2. Add the task to check version and update version (e.g. PowerShell call npm outdated command and analysis the result, then call npm update command to update package)
    3. Add Command Line task to call git commit command to commit changes
    4. Add Command Line task to call git push command to push changes
    5. Add PowerShell task to call REST API to create a pull request (Invoke-RestMethod)