REQUIRE_CARET_DEPENDENCIES

Prevent the use of dependencies without a caret ("^") as a prefix.

Table of Contents

Conformance Rules

Conformance is available on Enterprise plans

This rule is available from version 1.4.0.

Using a caret ("^") as a prefix in the version of your dependencies is recommended. Caret Ranges allows patch and minor updates for versions 1.0.0 and above, patch updates for versions 0.X >=0.1.0, and no updates for versions 0.0.X. This rule is applicable to "dependencies" and "devDependencies", and it helps maintain the security and health of your codebase.

By default, this rule is disabled. To enable it, refer to customizing Conformance.

Examples

This rule will catch any package.json files:

Using ~ or * as a prefix of the version, like ~1.0.0.
Version without a prefix, such as 1.0.0.

package.json

{
  "dependencies": {
    "chalk": "~5.3.0",
    "ms": "*2.1.3",
  },
  "devDependencies": {
    "semver": "7.6.0"
  },
}

How to fix

If you hit this issue, you can resolve it by adding a "^" to the version of your dependency. If you want to keep using a pinned version, or another prefix, you can include the dependency in the Allowlist.

package.json

{
  "dependencies": {
    "semver": "^7.6.0"
  },
}

Last updated on July 23, 2024

Was this helpful?