Project recommendations

Project recommendations is a report that rolls up all issues on transitive dependencies to the top level dependency. The report is generated only upon request for the latest information.


Below is an example line in the report, information truncated for this article. This project is directly calling cli-plugin-babel 4.2.3. This package is bringing in dependencies that violate all standards, such as http-signature 1.2.0, which is violating the releases are up to date standard, and the json-schema 0.2.3, which is violating the licensing standard and has a security vulnerability. The last column helps you determine how far behind the latest version your direct package is, which may help you decide whether to prioritize upgrading the direct package version to try to resolve some of the underlying issues.


This report may have many lines; it's recommended that you pick a few lines of this report and create tasks for your team to address in an issue tracker. In the report generated by this project, there were 664 records, most of them highlighting out-of-date violations. While you can just upload the entire report into an issue tracker, this is not recommended as it provides no priority level and in fact includes many items you may consider very low priority.

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.

Articles in this section