I recently started writing a (very) long post about my current development stack and I thought that I would write a few more in depth posts about some of the things that I mentioned. David is the first one choose to write about.
It is a free dependency manager for Node.js projects that are both open source and hosted on GitHub. It allows you to see the status of your dependencies and add a shiny badge to your README file (and who doesn’t want that)!
I personally use it on all of my (latest) open source projects.
David works by analysing the dependencies in your package.json file, from there it will build you your own project status page that will list your dependencies, peer-dependencies and dev-dependencies, with their respective freshness.
Here is the status page for express.
I always think that keeping a project up to date is an important thing! You also get the benefit of showing other people who might use your repository that you care about keeping it up to date.
There is also another big advantage of using David. David not only tells you whether or not a dependency is up to date, it can also tell you if a dependency has any security vulnerabilities listed against the version you are depending upon. The security listings come from the Node Security Project.
I used the insecure badge recently to fix one of my projects react-mardown-renderer. It was dependency on marked, however a recently security vulnerability was issued. This prompted me to change my markdown library and I now use remarkable.
It is extremely simple!
First Make sure your repository is: hosted on GitHub; is public; uses npm as it’s package manager; has a package.json file.
Now you can go to
https://david-dm.org/username/repo to see your current
For example I have a project InsidersByte/react-markdown-editor and if you go to https://david-dm.org/insidersbyte/react-markdown-editor you will see the current dependency status of that repository.
Now you can add badges to your README so they appear when people navigate to your repository on github. It is common practice to add badges at the top of your README, I add them directly below the title.
If you have any dependencies you can add your dependency badge by adding this to
This will add the badge and wrap it in a link to the David status page.
If you have any dev-dependencies you add them by adding this
Finally if you have any peer dependencies you can add them with this
Congratulations you now have a README proudly displaying the status of your dependencies and at a glance you can see if your repository is up to date!
There are three styles of badges that David can display.