Skip to main content

CI Integration

Automate dependency health checks in your CI/CD pipeline to catch issues before they reach production.

Quick Start

1. Generate API Key

Get your API key from app.depfixer.com/settings/api-keys

2. Add Secret

Store as DEPFIXER_TOKEN in your CI platform.

3. Add Step

- run: npx depfixer --ci
  env:
    DEPFIXER_TOKEN: ${{ secrets.DEPFIXER_TOKEN }}

GitHub Actions

name: Dependency Check

on:
  pull_request:
    paths:
      - 'package.json'
      - 'package-lock.json'
  push:
    branches: [main]

jobs:
  check-deps:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Check Dependencies
        run: npx depfixer --ci
        env:
          DEPFIXER_TOKEN: ${{ secrets.DEPFIXER_TOKEN }}

GitLab CI

stages:
  - check

dependency-check:
  stage: check
  image: node:20
  script:
    - npx depfixer --ci
  rules:
    - changes:
        - package.json
        - package-lock.json
Add DEPFIXER_TOKEN in Settings → CI/CD → Variables

Exit Codes

CodeMeaningPipeline
0No critical/high issuesPass
1Critical or high issues foundFail
2Error (auth, network)Fail

JSON Output

For parsing in scripts: 
npx depfixer --ci --json

{
  "mode": "ci",
  "healthScore": 85,
  "totalPackages": 45,
  "summary": {
    "critical": 0,
    "high": 1,
    "medium": 3,
    "low": 2
  },
  "requiresAttention": true
}

Block PR on Low Score

- name: Check Dependencies
  run: |
    RESULT=$(npx depfixer --ci --json)
    SCORE=$(echo $RESULT | jq '.healthScore')
    if [ "$SCORE" -lt 70 ]; then
      echo "Health score $SCORE is below threshold (70)"
      exit 1
    fi
  env:
    DEPFIXER_TOKEN: ${{ secrets.DEPFIXER_TOKEN }}

Scheduled Audits

name: Weekly Dependency Audit

on:
  schedule:
    - cron: '0 9 * * 1'  # Every Monday at 9am

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run Audit
        run: npx depfixer --ci
        env:
          DEPFIXER_TOKEN: ${{ secrets.DEPFIXER_TOKEN }}

Troubleshooting

Token Not Found

Error: DEPFIXER_TOKEN not set
Ensure the secret is added to your CI platform and passed as an environment variable.

Network Timeout

Add retry logic: 
- name: Check Dependencies
  run: |
    for i in 1 2 3; do
      npx depfixer --ci && break || sleep 10
    done
  env:
    DEPFIXER_TOKEN: ${{ secrets.DEPFIXER_TOKEN }}