Skip to content

Latest commit

 

History

History
21 lines (15 loc) · 894 Bytes

dependency-management.md

File metadata and controls

21 lines (15 loc) · 894 Bytes

Dependency management

  • Keep all the dependencies outside the repository.
  • Avoid using suspicious, unknown dependencies as they may introduce vulnerabilities.

Go dependencies

  • Use go mod as dependency manager.
  • Run go mod tidy before sending any changes.
  • Use only official releases, avoid using master versions.

JavaScript dependencies

  • Use npm as package manager.
  • Run npm ci after checking out the repository to install dependencies.
  • Dependabot updates packages by creating pull requests for the new releases of used packages. Its pull requests are marked with area/dependency label.
  • Update package-lock.json before sending any changes.

Copyright 2019 The Kubernetes Dashboard Authors