{"id":20294244,"url":"https://github.com/teambit/dependabot-bit","last_synced_at":"2026-03-19T15:05:10.151Z","repository":{"id":223490892,"uuid":"760395004","full_name":"teambit/dependabot-bit","owner":"teambit","description":null,"archived":false,"fork":false,"pushed_at":"2024-02-21T12:16:48.000Z","size":22,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-01-14T09:37:37.468Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/teambit.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-20T10:42:07.000Z","updated_at":"2024-05-17T16:55:51.000Z","dependencies_parsed_at":null,"dependency_job_id":"4c304985-6f9b-4909-b023-5d31f89f3343","html_url":"https://github.com/teambit/dependabot-bit","commit_stats":null,"previous_names":["teambit/dependabot-bit"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teambit%2Fdependabot-bit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teambit%2Fdependabot-bit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teambit%2Fdependabot-bit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/teambit%2Fdependabot-bit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/teambit","download_url":"https://codeload.github.com/teambit/dependabot-bit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241789381,"owners_count":20020462,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T15:28:25.473Z","updated_at":"2026-02-11T01:08:30.280Z","avatar_url":"https://github.com/teambit.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Update Bit Components with GitHub's Dependabot\n\nSolve the problem of updating consuming projects of your components by utilizing Dependabot and Bit together. This way when new versions of components are available you get automated PRs to update the components you consume.\n\n[YouTube video toturial on how this works and how to set up](https://www.youtube.com/watch?v=PZ2MhC5N6uI)\n\nThis repository contains example configuration and workflow for how a project that depends on Bit Components as packages in `package.json` can utilize GitHub's Dependabot feature to get automated PRs for updating dependencies.\n\n## What you need?\n\n- Ensure you have a `.npmrc` file in the root of your workspace with your [scoped registry configured to your bit.cloud account](https://bit.dev/reference/packages/npmrc).\n- Generate an authentication token in bit.cloud and set it as a Dependabot secret for your repository.\n- Configure your `.github/dependabot.yml` file with the right policy to update your Bit Components.\n- Configure Dependabot in your repository settings.\n\n## References\n\nSee the below links from GitHub to learn more:\n\n- [Setting up `npmrc` for installing Bit components](https://bit.dev/reference/packages/npmrc)\n- [Using private registries with Dependabot](https://github.blog/2021-03-15-dependabot-private-dependencies/)\n- [Setting version updates](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#scheduleinterval)\n- [Configuring Dependabot for NPM registries](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#npm)\n- [Dependabot quick start](https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide)\n\n## Examples\n\nFrom this repository:\n\n### `.npmrc`\n\nBelow you see an example `.npmrc` with a scoped registry, and `replace-registry-host=never` as recommended by GitHub.\n\n```\n@itaysso:registry=https://node-registry.bit.cloud\nreplace-registry-host=never\n```\n\n### `.github/dependabot.yml`\n\n```\nversion: 2\nregistries:\n  # Define the Bit NPM registry\n  npm-bit:\n    type: npm-registry\n    url: https://node-registry.bit.cloud\n    # Use your Dependabot-Bit token\n    token: ${{secrets.DEPENDABOT_TOKEN}}\n    replaces-base: true\nupdates:\n  - package-ecosystem: \"npm\"\n    directory: \"/\"\n    schedule:\n      interval: \"daily\"\n    allow:\n      # Only check for components coming from Bit\n      - dependency-name: \"@itaysso/*\"\n    registries:\n      # Use the Bit Registry for this update policy\n      - npm-bit\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fteambit%2Fdependabot-bit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fteambit%2Fdependabot-bit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fteambit%2Fdependabot-bit/lists"}