I’m for it.
I remember a discussion when I started contributiong and it got removed back then. I didn’t remember the exact reasons.
But especially since we have this badges if our dependencies are up to date or even insecure, it is, at the first glance, not a nice project for many people.
If I came across a wild repository and see they have outdated dependencies with a red badge my first thought is: ‘It’s not really well maintained’.
Also, especially since Markus put his hands on some updates(many thanks for this), it occurs that bulk updates are way more time consuming and complicated.
With greenkeeper we would get notified about every update.
I know that we had the issue about updating the subpackages to, because greenkeeper only takes care of the uppermost package.json, but I think if we instruct every team-member to update the subpackages before merging it would be ok and didn’t need that much effort.
So the my proposed workflow would look like this:
- Greenkeeper creates PR
- Team-Member checks out PR locally
- Team-Member checks over if the dependency is used in any package.json (grep/ag)
- If neccessary Team-Member updates this depdency as well
- Team-Member does a quick check if everything is working (lint,test, some clicking in the UI)
- Team-Member merges
From my point of view this would be not as time-consuming and complicated regarding changes in the tools internally than bulk manual updates.
If we choose to not use greenkeeper, we should remove the badges at least