REQUIRE_CARET_DEPENDENCIES
Prevent the use of dependencies without a caret ("^") as a prefix.Conformance is available on Enterprise plans
Using a caret ("^") as a prefix in the version of your dependencies is recommended. Caret Ranges allows patch and minor updates for versions 1.0.0 and above, patch updates for versions 0.X >=0.1.0, and no updates for versions 0.0.X. This rule is applicable to "dependencies"
and "devDependencies"
, and it helps maintain the security and health of your codebase.
By default, this rule is disabled. To enable it, refer to customizing Conformance.
This rule will catch any package.json
files:
- Using
~
or*
as a prefix of the version, like~1.0.0
. - Version without a prefix, such as
1.0.0
.
{
"dependencies": {
"chalk": "~5.3.0",
"ms": "*2.1.3",
},
"devDependencies": {
"semver": "7.6.0"
},
}
If you hit this issue, you can resolve it by adding a "^"
to the version of your dependency. If you want to keep using a pinned version, or another prefix, you can include the dependency in the Allowlist.
{
"dependencies": {
"semver": "^7.6.0"
},
}
Was this helpful?