Skip to main content

CI Mode Authentication

For automated environments like CI/CD pipelines, DepFixer supports API key authentication via environment variables.

Setup

1. Generate API Key

  1. Log in to app.depfixer.com
  2. Go to SettingsAPI Keys
  3. Click Generate New Key
  4. Copy the key (shown only once)

2. Add to CI Environment

Store the key as a secret in your CI platform. GitHub Actions:
  1. Go to SettingsSecrets and variablesActions
  2. Click New repository secret
  3. Name: DEPFIXER_TOKEN
  4. Value: Your API key
GitLab CI:
  1. Go to SettingsCI/CDVariables
  2. Add variable with key DEPFIXER_TOKEN and mask it

3. Use in Pipeline

npx depfixer --ci
The CLI automatically uses DEPFIXER_TOKEN when --ci flag is present.

GitHub Actions Example

name: Dependency Check

on:
  pull_request:
    paths:
      - 'package.json'
      - 'package-lock.json'

jobs:
  check-deps:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Check Dependencies
        run: npx depfixer --ci
        env:
          DEPFIXER_TOKEN: ${{ secrets.DEPFIXER_TOKEN }}

GitLab CI Example

dependency-check:
  image: node:20
  script:
    - npx depfixer --ci
  rules:
    - changes:
        - package.json
        - package-lock.json

Exit Codes

CodeMeaningPipeline
0No critical/high issuesPass
1Critical or high issues foundFail
2Error (auth, network)Fail

CI Output

  CI Mode - Dependency Analysis
  ────────────────────────────────────────
  Health Score: 72/100
  Total Packages: 45
  Issues Found: 10
    Critical: 1
    High: 3
    Medium: 2
    Low: 4

  Pipeline should fail - critical/high issues detected

JSON Output

For parsing in scripts: 
npx depfixer --ci --json

{
  "success": true,
  "mode": "ci",
  "healthScore": 85,
  "totalPackages": 45,
  "summary": {
    "critical": 0,
    "high": 1,
    "medium": 3,
    "low": 2
  },
  "requiresAttention": true
}

Security Best Practices

  1. Never commit API keys - Use environment variables
  2. Rotate keys periodically - Generate new keys quarterly
  3. One key per purpose - Separate keys for CI, scripts, etc.
  4. Monitor usage - Check key activity in dashboard