is a product of Dropseed

Collector: js-npm

Docker GitHub release Build Status license

A collector for collecting npm dependencies using npm or yarn.


Use the collector path to indicate which directory your npm files are located. Works with either npm or yarn depending on whether there is a yarn.lock file. Runs npm@5 so it also supports package-lock.json. npm shrinkwrap is not currently supported.

If you don’t use package-lock.json or yarn.lock, then it is recommended that you --save-exact versions of your dependencies. Otherwise every time this runs, it will simply install the new available versions in your range instead of reporting them back as newer versions than what you have installed currently (which could then be given to actors).


- type: js-npm
  # directory where package.json / yarn.lock / package-lock.json are located
  path: /
    # if you only care about production dependencies
    node_env: production

    # by default we'll collect the versions under the "latest" dist-tag (default npm behavior)
    # if you want to follow a specific dist-tag (like "next" or "unstable"), then you
    # can specify that here by the package name
      semantic-release: next

  - ...

Works well with



Any questions or issues with this specific actor should be discussed in GitHub issues. If there is private information which needs to be shared then you can instead use the support.