• Documentation

Manage package dependencies

The package dependencies feature helps your teams view specific package dependencies associated with components in Compass. Developers can quickly see which components use specific package dependencies in one place.

Currently, only npm is supported, but more package managers will be added in the future.

Via an SCM app

If your team uses the cloud edition of Bitbucket, GitHub, or GitLab:

  1. Integrate Compass with Bitbucket, GitHub, or GitLab.

  2. Add a repository link to your component to connect your repository.

After you connect a code repository via an SCM app, Compass automatically scans for associated package dependencies in the background, then displays them within each component’s Package Dependencies tab.

For repositories hosted on Bitbucket and GitLab, Compass imposes a limit on the depth of directory levels it will traverse when searching for package dependency files. Specifically, this search is restricted to a maximum of 5 directory levels.

Via the API

If your team uses a different source code management tool, you can populate package dependency information for components via the Package Dependencies REST API.

View package dependencies for a component

To view a component’s package dependencies:

  1. Go to your component’s Overview page.

  2. Select Package Dependencies from the sidebar.

The main area displays a table listing all the packages for the component, including:

  • Package Name: Lists the names of the packages, such as @babel/core, react, etc.

  • Versions: Shows the version numbers of each package, sometimes listing multiple versions.

  • Source: Links to the source file for easy reference.

  • Last Sync: Displays the last synchronization timestamp for the package data.

View package usage across components

To view a component’s package dependencies across components:

  1. Go to your component’s Overview page.

  2. Select Package Dependencies from the sidebar.

  3. Select a package to open the drawer.

The drawer displays details about the package along with a list of other components that use the package and their respective versions. You can use this information to decide whether to create a scorecard for this package.

Use package dependencies in scorecards

You can use package dependencies as criteria in Compass scorecards to make sure your components are using approved or up-to-date package versions. This is crucial for maintaining consistency, security, and compliance across your projects.

How to use package dependencies as scorecard criteria:

  1. Create or edit a scorecard:
    Go to Compass and select Scorecards from the main menu. Choose to create a new scorecard or edit an existing one.

  2. Add package dependency criteria:
    When defining scorecard criteria, select Package version as the criteria type.

  3. Set conditions:
    Specify the package manager and package name and set the version condition (for example, greater than, less than, or equal to a specific version).

  4. Apply and monitor:
    Save the scorecard and apply it to relevant components. Compass will automatically evaluate components against these criteria, helping you identify which components are not compliant with your package version policy.

Benefits:

  • Set goals to migrate components to a new package version

  • Discover what percentage of components are using a specific version of a dependency

  • Raise awareness and drive adoption of required package versions across teams

Platform engineers will find this feature invaluable for enforcing standards and tracking the adoption of critical dependencies across their organization.

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageVia an SCM appVia the APIView package dependencies for a componentView package usage across componentsUse package dependencies in scorecards
CommunityQuestions, discussions, and articles