Dependabot for JavaScript

Dependabot creates pull requests to keep your JavaScript dependencies up-to-date.


As well as Dependabot's core features our JavaScript support has:

Yarn and npm5 lockfile support

Dependabot works with lockfiles out of the box. It will automatically detect whether you're using Yarn or npm5 and keep the lockfile up-to-date.

Support for git sources and custom registries

Dependabot can handle git sources and custom registries, including those that require authentication. You name it, Dependabot supports it.

Monorepo support, including Yarn workspaces

Using a monorepo? Dependabot will pick up all your JS dependency files automatically if you're using Yarn workspaces or Lerna, or you can specify directories individually.

Custom branches and labels

By default, Dependabot will create PRs against your default branch and label them with "dependencies". Want to use a different branch or label? No problem.