A GitHub Action that monitors the size of lockfile changes in pull requests. It helps prevent accidental lockfile regeneration and ensures that dependency changes are intentional. 🔐
- Monitors changes in package lockfiles (
package-lock.json,yarn.lock, etc.) - Comments on PRs when lockfile changes exceed a specified threshold
- Can fail CI checks if changes are too large
- Configurable thresholds and file paths
- Supports multiple lockfile formats
Add this action to your workflow:
name: Check lockfile Changes
on: [pull_request]
permissions:
pull-requests: write
contents: read
jobs:
check-lock:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: bohdanbirdie/fat-lock-action@v1
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
size-threshold: 1000
lockfile-path: 'package-lock.json'
comment-enabled: true
fail-if-exceeded: true| Input | Description | Required | Default |
|---|---|---|---|
github-token |
GitHub token for API access | Yes | N/A |
size-threshold |
Maximum number of lines changed in lockfile | No | 1000 |
lockfile-path |
Path to the lockfile to monitor | No | package-lock.json |
comment-enabled |
Whether to comment on PR when threshold is exceeded | No | true |
fail-if-exceeded |
Whether to fail the check when threshold is exceeded | No | true |