If you use Dependabot to keep your project dependencies up-to-date, and if you use Remix you may have noticed it doesn't send PRs for the private packages of Remix, only the public
remix one and React Router DOM.
This is because the private packages are not published on npm so Dependabot can't find them, but we can configure it to send PRs for them creating a simple file.
In your repository create the file
.github/dependabot.yml with the following content:
# Here you will configure an npm-like registry with the Remix url
# This token is used to authenticate the requests to the registry
# And because of the config we are going to do we also need to configure the
# normal npm registry and pass a token
- package-ecosystem: "npm"
# And here we tell Dependebot to send PRs for npm-like registries using the
# registries we defined above
Now, get your Remix license token and an npm token from this link:
Now go to your repository settings and on GitHub, go to the Secrets option and then to the Dependabot secrets (don't confuse them with the Action secrets), the URL should be something like this
Once you are there create a new secret called
REMIX_TOKEN and set its value to your Remix license token and another secret called
NPM_TOKEN and set its value to your npm token.
Now commit your changes and push them to your repository and you are done!
Dependeabot will now be able to send PRs for private Remix packages and the public packages you use from npm.