REQUIRE_CARET_DEPENDENCIES

Prevent the use of dependencies without a caret ("^") as a prefix.
Table of Contents

Conformance is available on Enterprise plans

This rule is available from version 1.4.0.

Using a caret ("^") as a prefix in the version of your dependencies is recommended. Caret Ranges allows patch and minor updates for versions 1.0.0 and above, patch updates for versions 0.X >=0.1.0, and no updates for versions 0.0.X. This rule is applicable to "dependencies" and "devDependencies", and it helps maintain the security and health of your codebase.

By default, this rule is disabled. To enable it, refer to customizing Conformance.

This rule will catch any package.json files:

  • Using ~ or * as a prefix of the version, like ~1.0.0.
  • Version without a prefix, such as 1.0.0.
package.json
{
  "dependencies": {
    "chalk": "~5.3.0",
    "ms": "*2.1.3",
  },
  "devDependencies": {
    "semver": "7.6.0"
  },
}

If you hit this issue, you can resolve it by adding a "^" to the version of your dependency. If you want to keep using a pinned version, or another prefix, you can include the dependency in the Allowlist.

package.json
{
  "dependencies": {
    "semver": "^7.6.0"
  },
}
Last updated on July 23, 2024