Package Health Score

89 / 100

security
Security review needed
popularity
Influential project
maintenance
Healthy
community
Active

Explore Similar Packages

Security

Security review needed

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version				Vulnerabilities	License Risk
37.304.0	\|	04/2024		0 C 0 H 0 M 0 L	0 H 0 M 0 L
37.305.0	\|	04/2024		0 C 0 H 0 M 0 L	0 H 0 M 0 L
37.295.0	\|	04/2024	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
37.254.0	\|	03/2024		0 C 0 H 0 M 0 L	0 H 0 M 0 L
36.109.4	\|	09/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

AGPL-3.0

Non-Permissive License

We noticed that this project uses a license which requires less permissive conditions such as disclosing the source code, stating changes or redistributing the source under the same license. It is advised to further consult the license terms before use.

Security Policy

Yes

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Influential project

Weekly Downloads (125,763)

GitHub Stars: 15.62K
Forks: 2.02K
Contributors: 440

Direct Usage Popularity

The npm package renovate receives a total of 125,763 downloads a week. As such, we scored renovate popularity level to be Influential project.

Based on project statistics from the GitHub repository for the npm package renovate, we found that it has been starred 15,621 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Active

Readme.md: Yes
Contributing.md: Yes
Code of Conduct: No
Contributors: 440
Funding: No

A good and healthy external contribution signal for renovate project, which invites more than one hundred open source maintainers to collaborate on the repository.

We found a way for you to contribute to the project! Looks like renovate is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 608
Open PR: 64
Last Release: 22 hours ago
Last Commit: 7 days ago

Further analysis of the maintenance status of renovate based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that renovate demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: ^18.12.0 || >=20.0.0

Age: 7 years
Dependencies: 108 Direct
Versions: 8.27K
Install Size: 11.3 MB
Dist-tags: 4
# of Files: 3.45K
Maintainers: 3
TS Typings: No

renovate has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Not sure how to use renovate?

To help you get started, we've collected the most common ways that renovate is being used within popular public projects.

artsy / renovate-config / lib / config.js View on Github

const getCommitMessageExtraDefault = () => {
  const { getOptions } = require("renovate/dist/config/definitions");
  const commitMessageExtra = getOptions().find(
    opt => opt.name === "commitMessageExtra"
  );
  return commitMessageExtra.default;
};

View more ways to use renovate

Renovate banner

Renovate

Automated dependency updates. Multi-platform and multi-language.

Docker Pulls

Why Use Renovate?

Get automated Pull Requests to update your dependencies
Reduce noise by running Renovate on a schedule, for example:
- on weekends
- outside of working hours
- each week
- each month
Relevant package files are discovered automatically
Supports monorepo architectures with workspaces with no extra configuration
Bot behavior is customizable via configuration files (config as code)
Use ESLint-like shared config presets for ease of use and simplifying configuration (JSON format only)
Lock files are supported and updated in the same commit, including immediately resolving conflicts whenever PRs are merged
Get replacement PRs to migrate from a deprecated dependency to the community suggested replacement, works with most managers, see issue 14149 for exceptions
Open source (installable via npm/Yarn or Docker Hub) so can be self-hosted or used via the Mend Renovate App

Supported Platforms

Renovate works on these platforms:

Who Uses Renovate?

Renovate is widely used in the developer community:

Renovate Matrix

Renovate OSS Insights

Renovate is built on a big community and actively invites and supports contributions. Information about our contributors and community can be found on OSS Insight.

Star History

The Renovate Approach

We believe everyone benefits from automation, whether it's a little or a lot. This means that Renovate:

Adapts to your workflow
Allows you to configure its behavior
Will autodetect settings where possible

Using Renovate

Get started with Renovate by checking out our tutorial.

GitHub

We recommend that you use the Mend Renovate App. Install the Mend Renovate App now. More details on the Mend Renovate App installation.

Azure DevOps

There are two ways to run Renovate on Azure DevOps:

Renovate Me extension
Custom pipeline

Renovate Me extension

Go to the Visual Studio Marketplace and install the Renovate Me extension in your organization. From there you can create a pipeline with the RenovateMe task.

[!NOTE] This extension is created and maintained personally by a Renovate developer/user so support requests relating to the extension itself cannot be answered directly in the main Renovate repository.

Custom pipeline

You can create a custom pipeline with a yml definition that triggers npx renovate. More details on how to configure the pipeline.

Bitbucket Cloud/Server, Forgejo, Gitea, GitLab

For Bitbucket Cloud, Bitbucket Server, Forgejo, Gitea and GitLab, use our self-hosting option.

Configuration

Go to our documentation website to learn how to configure Renovate. We have a full list of configuration options.

To get help with your configuration, go to the discussions tab in the Renovate repository and open a new "config help" discussion post.

Self-Hosting

To run your own instance of Renovate you have several options:

Install the renovate CLI tool from npmjs, run it on a schedule (e.g. using cron)
Run the renovate/renovate:full Docker Hub image (same content/versions as the CLI tool), run it on a schedule
Run the renovate/renovate:latest Docker Hub image if you only use package managers that don't need third-party binaries (e.g. JavaScript, Docker, NuGet, pip)

More details on the self-hosting development.

Contributing

If you want to contribute to Renovate or get a local copy running, please read the instructions in contributing guidelines. To get started look at the list of good first issues.

Security / Disclosure

If you find any bug with Renovate that may be a security problem, then e-mail us at: renovate-disclosure@mend.io. This way we can evaluate the bug and hopefully fix it before it gets abused. Please give us enough time to investigate the bug before you report it anywhere else.

Please do not create GitHub issues for security-related doubts or problems.

renovate dependencies

@aws-sdk/client-codecommit @aws-sdk/client-ec2 @aws-sdk/client-ecr @aws-sdk/client-rds @aws-sdk/client-s3 @aws-sdk/credential-providers @breejs/later @cdktf/hcl2json @opentelemetry/api @opentelemetry/context-async-hooks @opentelemetry/exporter-trace-otlp-http @opentelemetry/instrumentation @opentelemetry/instrumentation-bunyan @opentelemetry/instrumentation-http @opentelemetry/resources @opentelemetry/sdk-trace-base @opentelemetry/sdk-trace-node @opentelemetry/semantic-conventions @qnighy/marshal @renovatebot/osv-offline @renovatebot/pep440 @renovatebot/ruby-semver @sindresorhus/is @types/better-sqlite3 @types/ms @types/tmp @yarnpkg/core @yarnpkg/parsers agentkeepalive aggregate-error auth-header aws4 azure-devops-node-api better-sqlite3 bunyan cacache cacheable-lookup chalk changelog-filename-regex clean-git-ref commander conventional-commits-detector cron-parser deepmerge dequal detect-indent editorconfig email-addresses emoji-regex emojibase emojibase-regex extract-zip find-packages find-up fs-extra git-url-parse github-url-from-git glob global-agent good-enough-parser google-auth-library got graph-data-structure handlebars ignore ini js-yaml json-dup-key-validator json-stringify-pretty-compact json5 jsonata klona lru-cache luxon markdown-it markdown-table minimatch moo ms nanoid node-html-parser openpgp p-all p-map p-queue p-throttle parse-link-header prettier redis remark remark-github safe-stable-stringify semver semver-stable semver-utils shlex simple-git slugify source-map-support toml-eslint-parser traverse tslib upath url-join validate-npm-package-name vuln-vects xmldoc zod

renovate development dependencies

@hyrious/marshal @jest/environment @jest/globals @jest/reporters @jest/test-result @jest/types @ls-lint/ls-lint @openpgp/web-stream-tools @renovate/eslint-plugin @semantic-release/exec @swc/core @types/auth-header @types/aws4 @types/breejs__later @types/bunyan @types/cacache @types/callsite @types/changelog-filename-regex @types/clean-git-ref @types/common-tags @types/conventional-commits-detector @types/diff @types/eslint @types/fs-extra @types/git-url-parse @types/github-url-from-git @types/global-agent @types/ini @types/js-yaml @types/json-dup-key-validator @types/linkify-markdown @types/lodash @types/luxon @types/markdown-it @types/markdown-table @types/marshal @types/mdast @types/moo @types/nock @types/node @types/parse-link-header @types/prettier @types/semver @types/semver-stable @types/semver-utils @types/tar @types/traverse @types/url-join @types/validate-npm-package-name @types/xmldoc @typescript-eslint/eslint-plugin @typescript-eslint/parser aws-sdk-client-mock callsite common-tags conventional-changelog-conventionalcommits diff emojibase-data eslint eslint-formatter-gha eslint-import-resolver-typescript eslint-plugin-import eslint-plugin-jest eslint-plugin-jest-formatting eslint-plugin-promise eslint-plugin-typescript-enum expect expect-more-jest graphql husky jest jest-extended jest-mock jest-mock-extended jest-snapshot markdownlint-cli2 memfs nock npm-run-all2 nyc pretty-format rimraf semantic-release tar tmp-promise ts-jest ts-node type-fest typescript unified

FAQs

What is renovate?

Automated dependency updates. Flexible so you don't need to be. Visit Snyk Advisor to see a full health score report for renovate, including popularity, security, maintenance & community analysis.

Is renovate popular?

The npm package renovate receives a total of 125,763 weekly downloads. As such, renovate popularity was classified as an influential project. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is renovate well maintained?

We found that renovate demonstrated a healthy version release cadence and project activity. It has a community of 440 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is renovate safe to use?

While scanning the latest version of renovate, we found that a security review is needed. A total of 0 vulnerabilities or license issues were detected. See the full security scan results.

Last updated on 18 April-2024, at 15:55 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP