Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
search

GitHub Action

Loxcan

v0.9.1

Loxcan

search

Loxcan

Universal Lock File Scanner for Git

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Loxcan

uses: siketyan/[email protected]

Learn more about this action in siketyan/loxcan

Choose a version

loxcan

Latest Stable Version Total Downloads License Codecov PHP Action

Universal Lock File Scanner for Git.

🚀 Motivation

Today, most languages have a package manager, and some language have two. Dependency management is very important and difficult in software development.

In cases of code review, we check entire of the changed codes. However, we often ignore lock files in the review, which controls dependencies of the project or the library.

On GitHub Pull Request, most lock files are hidden by default.

Load diff screen

Actually, they are very long and not human-readable.

I tried to notify the diff of the lock files to the author of PR and/or the reviewer(s). Using this action, the added, upgraded, downgraded, and removed packages are reported to the PR, in user-friendly format.

Report of the changed packages

So we can check what packages will be changed by the PR, in the review.

✨ Usage

Via Composer

$ composer require --dev siketyan/loxcan

Then you can use this tool in CLI. (In some IDEs, you can access to the executable as just loxcan !)

$ ./vendor/bin/loxcan [base] [head]

In GitHub Actions

Use pull_request events to trigger the action.

steps:
  - uses: actions/checkout@v3
    with:
      fetch-depth: 0

  - uses: siketyan/loxcan@main

📦 Supported Package Managers

(✅ = Supported, ⬜️ = Scheduled)

  • Composer (PHP)
  • Cargo (Rust)
  • Pub (Dart)
  • npm (JavaScript, Node.js)
  • pnpm (JavaScript, Node.js)
  • Yarn (JavaScript, Node.js)

📋 Supported Reporters

(✅ = Supported, ⬜️ = Scheduled)

  • GitHub
  • GitLab