Dependabot override used npm repository

68 views Asked by At

I'm currently configuring dependabot for a repository in GitHub. We have a private mirror of the npm-public repository, which is configured in our .yarnrc.yml and thus referenced in all yarn.lock entries. I'd like dependabot to just check version updates on the public repository though, as the private repo is not accessible to dependabot (not due to credentials, but because of network restrictions) and it shouldn't make a difference. Is this possible?

In the docs it's described how to add a registry, but that's for making a private repo accessible that's configured through the .yarnrnc (see here). My case is different, as I'd like to basically override the yarn.lock-referenced repository.

0

There are 0 answers