Separate dependencies from source code
  • 29 Oct 2020
  • 1 Minute To Read
  • Contributors
  • Share
  • Dark

Separate dependencies from source code

  • Share
  • Dark

This rule prevents project dependencies dir from being mistakenly pushed into a projectโ€™s source code.

In general, it is best practice for the package manager to be responsible for downloading and managing project dependencies from an organization/remote binary artifacts repository.

Use case(s)

  • Streamline the review process by excluding code changes in dependencies, and thus greatly reduce the amount of files required to be reviewed
  • Committing dependencies considerably increases the size of the repository and slows down the SCM, IDE, and search tools
When files or dirs are added or removed (to or from the base branch), the files and dirs remain in the git history and are downloaded on every code checkout

When does this rule fail?

When a commit in the pull request contains a dependencies dir.


How to fix?

  1. Update the code to pull dependencies from a remote (or your organization) binary artifacts repository, for example, Nuget, Pip, Maven, Npm.js, etc.
  2. Remove the dependencies dir, and push the new code to your branch
$ git rm <dependencies-dir-path>
$ git commit -a -m "removed dependencies from code"
$ git push
  1. Datree's policy check automatically ensures the dependencies dir is removed from the pull request

What's Next

Activate a policy
Was This Article Helpful?