A research GitHub Action to check for Unsafe Dependency Changes

[supatsara-wat]

We would like to recommend an action we created to help Open Source Projects, especially when dealing with code changes that might be unsafe when updating dependencies.

FYI - This project was flagged as having such PRs.

https://github.com/marketplace/actions/depsafe.

The code is fairly simple, and it simply flags whenever a require() function is being introduced, as it brings in external resources.

Asia and Raula. @raux

[valscion]

Hi! Thanks for the idea.

If the action were to check the new library itself to make sure it doesn't contain some potentially dangerous code then this could be useful.

Otherwise this looks like it wouldn't add that much new information to maintainers. We are already reviewing new library additions closely.