require-dependabot-directory
Rule catalog ID: R073
Targeted pattern scopeโ
Entries under the top-level updates sequence in Dependabot configuration files.
What this rule reportsโ
This rule reports update entries that omit both directory and directories, define both at once, or provide only empty values.
Why this rule existsโ
Dependabot needs a manifest search location for every update block. Requiring exactly one directory form keeps update intent explicit and avoids ambiguous configuration.
โ Incorrectโ
version: 2
updates:
- package-ecosystem: "npm"
schedule:
interval: "weekly"
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
directories:
- "/docs/docusaurus"
schedule:
interval: "weekly"
โ Correctโ
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
version: 2
updates:
- package-ecosystem: "npm"
directories:
- "/"
- "/docs/docusaurus"
schedule:
interval: "weekly"
Additional examplesโ
Use this rule together with monorepo-oriented Dependabot settings when some workspaces live outside the repository root and need their own manifest scan locations.
ESLint flat config exampleโ
import githubActions from "eslint-plugin-github-actions-2";
export default [githubActions.configs.dependabot];
When not to use itโ
Disable this rule only if another repository-specific validator already enforces directory selection semantics.