Skip to main content

Explorar las dependencias de un repositorio

Puedes usar el gráfico de dependencias para ver los paquetes de los que depende tu proyecto. Adicionalmente, puedes ver cualquier vulnerabilidad que se detecte en sus dependencias.

¿Quién puede utilizar esta característica?

Administradores de repositorios, propietarios de la organización y personas con acceso de escritura o mantenimiento a un repositorio

Viewing the dependency graph

The dependency graph shows the dependencies of your repository. For each dependency, you can see the version, the manifest file which included it, and whether it has known vulnerabilities. For package ecosystems supporting transitive dependencies, the relationship status will be displayed and the disclosure button ... will show the transitive path which brought in the dependency. For more information about transitive dependency support, see Dependency graph supported package ecosystems.

You can also search for a specific dependency using the search bar. Dependencies are sorted automatically with vulnerabilities at the top. For information about the detection of dependencies and which ecosystems are supported, see Dependency graph supported package ecosystems.

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Insights.

    Screenshot of the main page of a repository. In the horizontal navigation bar, a tab, labeled with a graph icon and "Insights," is outlined in orange.

  3. In the left sidebar, click Dependency graph.

    Screenshot of the "Dependency graph" tab. The tab is highlighted with an orange outline.

  4. Optionally, use the search bar to find a specific dependency or set of dependencies. You can use the keywords ecosystem: to show only packages of a certain type, or relationship: to show only direct or transitive dependencies (if the ecosystem supports transitivity). Plain words in search bar will only match package names.

Enterprise owners can configure the dependency graph at an enterprise level. For more information, see Enabling the dependency graph for your enterprise.

Dependencies view

Any direct and indirect dependencies that are specified in the repository's manifest or lock files are listed.

Dependencies submitted to a project using the dependency submission API will show which detector was used for their submission and when they were submitted. For more information on using the dependency submission API, see Using the dependency submission API.

If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to Dependabot alerts.

Note

GitHub Enterprise Server does not populate the Dependents view.

Further reading