dependency-management.md

Dependency management

• Keep all the dependencies outside the repository.
• Avoid using suspicious, unknown dependencies as they may introduce vulnerabilities.

Go dependencies

• Use go mod as dependency manager.
• Run export GO111MODULE=on to enable go mod.
• Run go mod tidy before sending any changes.
• Use only official releases, avoid using master versions.

JavaScript dependencies

• Use npm as package manager.
• Run npm ci after checking out the repository to install dependencies.
• Greenkeeper updates packages by creating pull requests for the new releases of used packages. Its pull requests are marked with greenkeeper label.
• Update package-lock.json before sending any changes.

---

Copyright 2019 The Kubernetes Dashboard Authors