Separate dependencies from source code
This rule prevents project dependencies dir from being mistakenly pushed into a project’s source code.
In general, it is best practice for the package manager to be responsible for downloading and managing project dependencies from an organization/remote binary artifacts repository.
- Streamline the review process by excluding code changes in dependencies, and thus greatly reduce the amount of files required to be reviewed
- Committing dependencies considerably increases the size of the repository and slows down the SCM, IDE, and search tools
When does this rule fail?
When a commit in the pull request contains a dependencies dir.
How to fix?
- Update the code to pull dependencies from a remote (or your organization) binary artifacts repository, for example, Nuget, Pip, Maven, Npm.js, etc.
- Remove the dependencies dir, and push the new code to your branch
$ git rm <dependencies-dir-path> $ git commit -a -m "removed secret file from code" $ git push
- Datree's policy check automatically ensures the dependencies dir is removed from the pull request
|Activate a policy|