Package Health Score

60 / 100

security
Security review needed
popularity
Small
maintenance
Inactive
community
Active

Explore Similar Packages

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version				Vulnerabilities	License Risk
0.0.9	\|	04/2021	Popular	0 C 0 H 0 M 0 L	1 H 0 M 0 L

License

AGPL-3.0

Non-Permissive License

We noticed that this project uses a license which requires less permissive conditions such as disclosing the source code, stating changes or redistributing the source under the same license. It is advised to further consult the license terms before use.

Security Policy

Yes

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Small

Weekly Downloads (0)

GitHub Stars: 15.68K
Forks: 2.02K
Contributors: 440

Direct Usage Popularity

The npm package myrenovatebot receives a total of 0 downloads a week. As such, we scored myrenovatebot popularity level to be Small.

Based on project statistics from the GitHub repository for the npm package myrenovatebot, we found that it has been starred 15,678 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 440
Funding: No

A good and healthy external contribution signal for myrenovatebot project, which invites more than one hundred open source maintainers to collaborate on the repository.

We found a way for you to contribute to the project! Looks like myrenovatebot is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Inactive

Commit Frequency

Open Issues: 606
Open PR: 58
Last Release: 3 years ago
Last Commit: 9 days ago

Further analysis of the maintenance status of myrenovatebot based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for myrenovatebot is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: ^12.13.0 || >=14.15.0

Age: 3 years
Dependencies: 67 Direct
Versions: 9
Install Size: 5.35 MB
Dist-tags: 1
# of Files: 1.55K
Maintainers: 1
TS Typings: No

myrenovatebot has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

Renovate banner

Renovate

Automated dependency updates. Multi-platform and multi-language.

Why Use Renovate?

Receive automated Pull Requests whenever dependencies need updating
Define schedules to avoid unnecessary noise in projects (e.g. for weekends or outside of working hours, or weekly updates, etc.)
Relevant package files are discovered automatically (e.g. supports monorepo architecture such as Lerna or Yarn workspaces without further configuration)
Bot behavior is extremely customizable via configuration files (config as code)
Use ESLint-like shared config presets for ease of use and simplifying configuration
Lock files are natively supported and updated in the same commit, including immediately resolving conflicts whenever PRs are merged
Supports GitHub (.com and Enterprise), GitLab (.com and CE/EE), Bitbucket Cloud, Bitbucket Server, Azure DevOps and Gitea.
Open source (installable via npm/Yarn or Docker Hub) so can be self-hosted or used via GitHub App

Who Uses Renovate?

Renovate was released in 2017 and already is widely used in the developer community, including:

Renovate Matrix

The Renovate Approach

We believe everyone benefits from automation, whether it's a little or a lot
Renovate should not cause you to change your workflow against your wishes, instead it should be adaptable to your existing workflow
All behavior should be configurable, down to a ridiculous level if necessary
Autodetect settings wherever possible (to minimize configuration) but always allow overrides

Using Renovate

The easiest way to use Renovate if you are hosted on GitHub.com is to install the hosted Renovate app. On Azure DevOps you can install Renovate as an extension from the marketplace.

For GitHub, go to https://github.com/apps/renovate to install it now. More details on the GitHub App installation.

For Azure DevOps, visit the Visual Studio Marketplace and install the Renovate Me extension in your organization. From there you can create a pipeline with the RenovateMe task. More details on how to configure the pipeline. Note: This extension is created and maintained personally by a Renovate developer/user so support requests relating to the extension itself cannot be answered directly in the main Renovate repository. Alternatively, you can create a custom pipeline with a yml definition that will trigger npx renovate. More details on how to configure the pipeline.

For Bitbucket Cloud, Bitbucket Server, Gitea and GitLab, use our self-hosting option.

Configuration

Visit for documentation, and in particular for a list of configuration options.

To get help and/or a review for your config, go to the discussions tab in the Renovate repository and open a new "config help" discussion post.

Self-Hosting

If you are not on github.com or gitlab.com, or you prefer to run your own instance of Renovate then you have several options:

Install the renovate CLI tool from npmjs, run it on a schedule (e.g. using cron)
Run the renovate/renovate Docker Hub image (same content/versions as the CLI tool), run it on a schedule
Run the renovate/renovate:slim Docker Hub image if you only use package managers that don't need third party binaries (e.g. JS, Docker, Nuget, pip)

More details on the self-hosting development.

Contributing

If you would like to contribute to Renovate or get a local copy running for some other reason, please see the instructions in .github/contributing.md.

Security / Disclosure

If you discover any important bug with Renovate that may pose a security problem, please disclose it confidentially to renovate-disclosure@whitesourcesoftware.com first, so that it can be assessed and hopefully fixed prior to being exploited. Please do not raise GitHub issues for security-related doubts or problems.

myrenovatebot development dependencies

@actions/core @jest/globals @jest/reporters @jest/test-result @ls-lint/ls-lint @semantic-release/exec @types/bunyan @types/cacache @types/changelog-filename-regex @types/clean-git-ref @types/conventional-commits-detector @types/eslint @types/fs-extra @types/git-url-parse @types/github-url-from-git @types/global-agent @types/ini @types/jest @types/js-yaml @types/json-dup-key-validator @types/linkify-markdown @types/luxon @types/markdown-it @types/markdown-table @types/moo @types/nock @types/node @types/node-emoji @types/parse-link-header @types/registry-auth-token @types/semver @types/semver-stable @types/semver-utils @types/shelljs @types/traverse @types/url-join @types/xmldoc @typescript-eslint/eslint-plugin @typescript-eslint/parser conventional-changelog-conventionalcommits cross-env eslint eslint-config-airbnb-typescript eslint-config-prettier eslint-plugin-import eslint-plugin-jest eslint-plugin-promise glob graphql husky jest jest-circus jest-extended jest-junit jest-mock-extended jest-silent-reporter markdownlint-cli2 mockdate nock npm-run-all prettier pretty-quick rimraf semantic-release shelljs strip-ansi tmp-promise ts-jest ts-node type-fest typescript

FAQs

What is myrenovatebot?

Automated dependency updates. Flexible so you don't need to be. Visit Snyk Advisor to see a full health score report for myrenovatebot, including popularity, security, maintenance & community analysis.

Is myrenovatebot popular?

We’re still processing downloads data for the npm package myrenovatebot. Visit the popularity section on Snyk Advisor to see the full popularity analysis.

Is myrenovatebot well maintained?

We found indications that myrenovatebot is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is myrenovatebot safe to use?

While scanning the latest version of myrenovatebot, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 24 April-2024, at 13:19 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP