GitHub supported manifest files

Internet

GitHub has the concept of a dependency graph you can view in a public or private repo, to view relationships between dependencies and be alerted to security issues. According to one of my public repos, emphasis added:

To enable the dependency graph, your repository must define dependencies in one of the supported manifest file types, like package.json or Gemfile.

Interesting, I wonder what other manifest files are supported? Let’s click the link and find out:

To enable the dependency graph for your project, your repository must define Ruby or JavaScript dependencies in either a Gemfile or package.json file.

Huh, that was it?

The issue is like and either are not equivalent. The word like in this context suggests a partial subset; you wouldn’t say there are two condiment choices, like mustard and tomato sauce.

We have both kinds, country and western!

Author bio and support

Me!

Ruben Schade is a technical writer and IaaS engineer in Sydney, Australia who refers to himself in the third person in bios. Wait, not BIOS… my brain should be EFI by now.

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or buy some silly merch. Thanks!