no-overlapping-dependabot-directories
Rule catalog ID: R095
Targeted pattern scopeโ
Dependabot directory selectors declared by directory or directories for update entries that share the same package ecosystem and effective target branch.
What this rule reportsโ
This rule reports guaranteed overlaps between directory selectors for the same package ecosystem and target branch.
It intentionally focuses on high-confidence overlaps such as:
- duplicate exact selectors
- exact selectors matched by a glob selector in another update entry
Why this rule existsโ
GitHub recommends avoiding overlapping directory definitions when you split one ecosystem across multiple Dependabot update entries. Overlaps can cause ambiguous ownership of manifest locations and make configuration review harder.
โ Incorrectโ
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
version: 2
updates:
- package-ecosystem: "npm"
directories:
- "/packages/*"
schedule:
interval: "weekly"
- package-ecosystem: "npm"
directory: "/packages/app"
schedule:
interval: "weekly"
โ Correctโ
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
- package-ecosystem: "npm"
directory: "/docs/docusaurus"
schedule:
interval: "weekly"
Additional examplesโ
This rule compares entries only within the same package ecosystem and target branch, so separate ecosystems can still reuse the same directory string without triggering a report.
ESLint flat config exampleโ
import githubActions from "eslint-plugin-github-actions-2";
export default [githubActions.configs.dependabot];
When not to use itโ
Disable this rule if the repository intentionally uses overlapping selectors and accepts the maintenance ambiguity that comes with them.