Setting up dangerjs

03 May 2019

Ever felt like you are repeating the same comment over and over in many PR’s during the code review? Then this post is for you.

Even though this can’t be avoided 100%, you can automate some of these by offloading to dangerjs.

danger logo


If you never heard about dangerjs before, it’s a small tool which can run tasks against the changed files in a PR and add comment the problems. Comments can be of type warning, failure or message.

You can use this to automate the common code issues like

  • new package added to package.json but changes for package-lock.json or yarn.lock is missing
  • missing @flow in the new files
  • console.log which forgot to remove.

dangerjs can look for these kind of issues and alert the author of PR by a comment.


You can get started by installing dangerjs from npm.

npm install -D danger


Once we have dangerjs installed we can setup by adding dangerfile.js to the root directory of the project.

// dangerfile.js
import {danger, warn} from "danger"

const changes = danger.git.modified_files.reduce((prev, filePath) => {
  if(!prev.package) {
    prev.package = filePath.includes("package.json");
  if(!prev.lock) {
    prev.lock = filePath.includes("package-lock.json")
  return prev;
}, {});

if (changes.package && !changes.lock) {
  const message = 'Changes were made to package.json, but not to package-lock.json';
  const idea = 'Perhaps you need to run `npm install`?';
  warn(`${message} - <i>${idea}</i>`);

The above dangerfile will look for the lock file changes when package.json is changed. if it find the lock changes are missing. it will add the warning.

locally testing the setup

To verify our danger setup is working you can run

npx danger local

danger local

danger local command have limitations when working with danger.github DSL. danger.github will be null when running danger local hence you should add necessary condition.

Setup CI

All these won’t benefit your team unless you add this into your CI. For that, first Goto Github Settings and generate new Github Access Token. Make sure you gave repo scope to while creating.

github repo scope

if your organization already have a bot account you can generate token for that account and use it.

once the token is generated copy and add it to your CI you as environment varibable named DANGER_GITHUB_API_TOKEN.

then add npx danger ci to the steps to execute. You can optionally add danger ci to the npm scripts as well.

Now when is PR is open and your CI is triggered danger js will verify the changes first and if there is any issue it will leave a comment there.

dangerjs comment is action


To make it easier to configure, dangerjs support plugins and there are already some plugins available for some common tasks. You can search for plugins on NPM using the keyword: danger-plugin

If you find my work helpful, You can buy me a coffee.