Overview
The DepFixer GitHub Action analyzes your project’s dependencies on every pull request, posting a detailed report as a PR comment with health score, conflicts found, and fix commands.Quick Start
1. Get an API Key
Go to app.depfixer.com/dashboard/api-keys and create a new API key.2. Add Secret to GitHub
In your repository, go to Settings > Secrets and variables > Actions > New repository secret.- Name:
DEPFIXER_API_KEY - Value: Your API key (starts with
dfx_live_)
3. Create Workflow
Add this file to your repository:.github/workflows/depfixer.yml
Configuration
| Input | Description | Default |
|---|---|---|
api-key | Your DepFixer API key (required) | --- |
fail-on-conflicts | Fail the check if conflicts are found | true |
package-json-path | Path to package.json | ./package.json |
min-health-score | Minimum health score to pass | 0 |
post-comment | Post results as PR comment | true |
Outputs
| Output | Description |
|---|---|
health-score | The dependency health score (0-100) |
conflicts-count | Number of conflicts found |
exit-code | 0 if passed, 1 if failed |
Advanced Examples
Fail on Low Health Score
Custom package.json Path (Monorepo)
Run on Push to Main
Scheduled Weekly Check
PR Comment
Whenpost-comment is enabled, DepFixer posts a comment on the PR with:
- Health score
- Issue summary by severity (critical, high, medium, low)
- Detailed conflict list (collapsible)
- Fix commands (copy-paste ready)
Usage Limits
| Plan | Monthly Runs |
|---|---|
| Free | 50 |
| Pro | 500 |
| Enterprise | Unlimited |
Troubleshooting
”Invalid or expired API key”
Verify your secret is set correctly. The key should start withdfx_live_.
”Run limit exceeded”
You’ve reached your monthly limit. Upgrade your plan or wait for the monthly reset.Action doesn’t post comment
Ensure the workflow haspull_request trigger and the post-comment input is true (default).