npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

eslint-plugin-dependabot

v0.6.0

Published

Eslint Plugin to enforce Dependabot best practices

Downloads

1,276

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cylewaitforitcylewaitforit

Keywords

dependaboteslinteslint-plugineslintpluginlintyamlyml

Readme

Usage

Installation

npm install eslint-plugin-dependabot eslint-yaml --save-dev

Configuration

This plugin requires the eslint-yaml package to parse YAML files. Add the plugin and language configuration to your eslint.config.mjs:

// eslint.config.mjs
import dependabot from "eslint-plugin-dependabot";
import { yaml } from "eslint-yaml";
import { defineConfig } from "eslint/config";

export default defineConfig([
	{
		name: "dependabot config",
		files: ["**/.github/dependabot.{yml,yaml}"],
		language: "yaml/yaml",
		plugins: {
			dependabot,
			yaml,
		},
		extends: [dependabot.configs.recommended],
	},
]);

VSCode Setup

By default, the VSCode ESLint extension does not validate YAML files. To enable ESLint validation for YAML files in VSCode, add the following to your VSCode settings:

  • For workspace settings: .vscode/settings.json in your project
  • For user settings: Command Palette > Preferences: Open Settings (JSON)
{
	"eslint.validate": ["yaml"]
}

This tells the VSCode ESLint extension to also run on YAML files, allowing you to see Dependabot linting errors and warnings directly in your editor.

Rules

💼 Configurations enabled in.
✅ Set in the recommended configuration.
🔧 Automatically fixable by the --fix CLI option.

| Name                      | Description | 💼 | 🔧 | | :------------------------------------------------------------------- | :-------------------------------------------------------------------------------- | :-- | :-- | | require-config-version | Require Dependabot configuration files to have a version property | ✅ | 🔧 | | require-cooldown | Require each package-ecosystem to have a cooldown configuration with default-days | ✅ | 🔧 | | require-package-ecosystem | Require package-ecosystem configurations based on files in the repository | ✅ | 🔧 |

Development

See .github/CONTRIBUTING.md, then .github/DEVELOPMENT.md. Thanks! 💖

Contributors

💝 This package was templated with create-typescript-app using the Bingo framework.