{"id":14985981,"url":"https://github.com/simek/yarn-lock-changes","last_synced_at":"2025-05-16T14:07:25.077Z","repository":{"id":40385117,"uuid":"357114277","full_name":"Simek/yarn-lock-changes","owner":"Simek","description":"Creates a comment inside Pull Request with the human-readable summary of changes to the Yarn lock file. Works with every Yarn version (classic and berry).","archived":false,"fork":false,"pushed_at":"2025-05-04T19:06:48.000Z","size":1231,"stargazers_count":134,"open_issues_count":6,"forks_count":22,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-12T08:05:02.977Z","etag":null,"topics":["action","lock","pull-request","yarn"],"latest_commit_sha":null,"homepage":"https://github.com/marketplace/actions/yarn-lock-changes","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Simek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-04-12T08:24:07.000Z","updated_at":"2025-05-04T19:02:37.000Z","dependencies_parsed_at":"2023-02-12T16:15:48.247Z","dependency_job_id":"731046ef-b75d-4d99-a106-b68f740aeb83","html_url":"https://github.com/Simek/yarn-lock-changes","commit_stats":{"total_commits":81,"total_committers":3,"mean_commits":27.0,"dds":"0.11111111111111116","last_synced_commit":"5b249bcbb9794145fefa43a2a8330b884697e40f"},"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Simek%2Fyarn-lock-changes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Simek%2Fyarn-lock-changes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Simek%2Fyarn-lock-changes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Simek%2Fyarn-lock-changes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Simek","download_url":"https://codeload.github.com/Simek/yarn-lock-changes/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254544146,"owners_count":22088807,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["action","lock","pull-request","yarn"],"created_at":"2024-09-24T14:12:05.222Z","updated_at":"2025-05-16T14:07:25.057Z","avatar_url":"https://github.com/Simek.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Yarn Lock Changes\n\n[\u003csub\u003e\u003cimg src=\"https://git.io/J38HP\" height=\"16\" /\u003e\u003c/sub\u003e](#) [\u003csub\u003e\u003cimg src=\"https://git.io/J38dY\" height=\"16\" /\u003e\u003c/sub\u003e](#) [\u003csub\u003e\u003cimg src=\"https://git.io/J38ds\" height=\"16\" /\u003e\u003c/sub\u003e](#) [\u003csub\u003e\u003cimg src=\"https://git.io/J38dt\" height=\"16\" /\u003e\u003c/sub\u003e](#)\n\nCreates a comment inside Pull Request with the human-readable summary of the changes to the `yarn.lock` file. Works in public and private repositories, offers a degree of customization.\n\n## Usage\n\n### ⚡️ Workflow Example\n\nExample below shows the minimal workflow setup, required action input (`token`) and all the optional inputs (set to theirs default values). If you are happy with the output generated by the action, it's safe to remove all optional inputs.\n\n```yml\nname: Yarn Lock Changes\non: [pull_request]\n\njobs:\n  yarn_lock_changes:\n    runs-on: ubuntu-latest\n    # Permission overwrite is required for Dependabot PRs, see \"Common issues\" section below.\n    permissions:\n      pull-requests: write\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v4\n      - name: Yarn Lock Changes\n        # Please use `main` as version before the stable release will be published as `v1`.\n        uses: Simek/yarn-lock-changes@main\n        with:\n          token: ${{ secrets.GITHUB_TOKEN }}\n          # Optional inputs, can be deleted safely if you are happy with default values.\n          collapsibleThreshold: 25\n          failOnDowngrade: false\n          path: yarn.lock\n          updateComment: true\n          groupByType: false\n```\n\n\u003e [!note]\n\u003e For Node \u003c18 support, you can change the action version tag in your workflow to `v0.11`, instead of using `main`:\n\u003e ```yml\n\u003e - name: Yarn Lock Changes\n\u003e   uses: Simek/yarn-lock-changes@v0.11\n\u003e ```\n\n### 🔌 Inputs\n\n| Input                  |      Required      |   Default   | Description                                                                                                       |\n|------------------------|:------------------:|:-----------:|-------------------------------------------------------------------------------------------------------------------|\n| `token`                | \u003cins\u003e**Yes**\u003c/ins\u003e |      –      | Repository `GITHUB_TOKEN` which allows action to make calls to the GitHub API (Octokit).                          |\n| `collapsibleThreshold` |         No         |    `25`     | Number of lock changes, which will result in collapsed comment content, and an addition of changes summary table. |\n| `failOnDowngrade`      |         No         |   `false`   | WFail the action when a dependency downgrade is detected. __Comment will still be posted.__                       |\n| `path`                 |         No         | `yarn.lock` | Path to the `yarn.lock` file in the repository. Default value points to the file at project root.                 |\n| `updateComment`        |         No         |   `true`    | Update the comment on each new commit. If value is set to `false`, bot will post a new comment on each change.    |\n| `groupByType`          |         No         |   `false`   | Group the dependencies in the comment table by the change type.                                                   |\n\n## 📸 Preview\n\n### Basic comment appearance\n\n\u003cimg alt=\"basic\" src=\"https://user-images.githubusercontent.com/719641/116818857-c5029d80-ab6d-11eb-8b48-122b851c1d9e.png\"\u003e\n\n### Comment appearance when `collapsibleThreshold` has been reached\n\n\u003cimg alt=\"summary\" src=\"https://user-images.githubusercontent.com/719641/116819012-7efa0980-ab6e-11eb-99f1-15996b6f12b4.png\"\u003e\n\n## 📋 Common issues\n\n### The action fails on the Dependabot pull requests\n\nDue to the security reasons from March 1st, 2021 workflow runs that are triggered by Dependabot have permissions reduced by default: \n\n* [GitHub Actions: Workflows triggered by Dependabot PRs will run with read-only permissions](https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/)\n\nTo ensure that sufficient permissions for this action are always granted, you will need to add `permissions` entry to the job which runs `yarn-lock-changes`:\n\n```yml\njobs:\n  ...:\n    runs-on: ...\n    #####\n    permissions:\n      pull-requests: write\n    #####\n    steps:\n      ...\n```\n\n### The action fails in a private repository\n\nAfter one of the GitHub Actions security breaches GitHub decided to trim down the default permission set for actions running in private repositories. \n\nIf you are trying to run action with default setup in the private repository, you will see the following error during `checkout` step:\n\n```sh\nremote: Repository not found.\nError: fatal: repository 'https://github.com/\u003cyour_user\u003e/\u003cyour_repo\u003e/' not found\nError: The process '/usr/bin/git' failed with exit code 128\n```\n\nThis means that you will need to add the following `permissions` entry to the job which runs `checkout`:\n\n```yml\njobs:\n  ...:\n    runs-on: ...\n    #####\n    permissions:\n      contents: read\n    #####\n    steps:\n      ...\n```\n\nIf you would like to learn a little bit more about this problem, you can visit this issue in the GitHub Checkout Action repository: \n* https://github.com/actions/checkout/issues/254\n\n## 🔍️ Debugging\n\nTo run action in the debug mode you need to add the `ACTIONS_STEP_DEBUG` repository secret and set it to `true`, as stated in the [GitHub documentation](https://docs.github.com/en/actions/managing-workflow-runs/enabling-debug-logging#enabling-step-debug-logging).\n\nThen additional information which might be useful for the users when debugging the issues will be available in the action output, prefixed by `##[debug]`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimek%2Fyarn-lock-changes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimek%2Fyarn-lock-changes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimek%2Fyarn-lock-changes/lists"}