require-dependabot-labels
Rule catalog ID: R080
Targeted pattern scopeโ
Dependabot update entries and multi-ecosystem groups that decide pull request labels.
What this rule reportsโ
This rule reports update entries that do not resolve to a non-empty labels list, either directly or via multi-ecosystem-groups inheritance.
Why this rule existsโ
Labels are a high-leverage way to route Dependabot pull requests into automation, project boards, or triage queues. Requiring them keeps dependency updates easy to filter and process consistently.
โ Incorrectโ
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
time: "05:30"
timezone: "UTC"
โ Correctโ
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
time: "05:30"
timezone: "UTC"
labels:
- "dependabot"
- "dependencies"
Additional examplesโ
This rule is a strong fit when Dependabot pull requests feed dashboards, project automation, or triage workflows that rely on consistent labels.
ESLint flat config exampleโ
import githubActions from "eslint-plugin-github-actions-2";
export default [githubActions.configs.dependabot];
When not to use itโ
Disable this rule if the repository intentionally accepts Dependabot's default labels without any custom triage flow.