forbidden-packages
Last updated March 4, 2025
Conformance is available on Enterprise plans
The rule type enables you to disallow packages from being listed as dependencies in .
- Deprecating packages
- You want to disallow importing a deprecated package, and to recommend a different approach
- Standardization
- You want to ensure that projects depend on the same set of packages when performing similar tasks (i.e. using or consistently across a monorepo)
- Visibility and approval
- You want to enable a workflow where team-owned packages can't be depended upon without acknowledgement or approval from that team. This helps owning teams to better plan and understand the impacts of their work
To create a custom rule, you'll need to configure the below required properties:
| Property | Type | Description |
|---|---|---|
| The custom rule's type. | ||
| The custom rule's name. | ||
| (optional) | The custom rule's categories. Default is . | |
| The error message, which is shown to users when they encounter this rule. | ||
| (optional) | An optional link to show alongside the error message. | |
| (optional) | The rule description, which is shown in the Vercel Compass dashboard and included in allowlist files. | |
| (optional) | The rule severity added to the allowlists and used to calculate a project's conformance score. | |
| An array of exact package names or glob expressions. | ||
| (optional) | Added in Conformance . An optional array of exact package versions or semver ranges. |
The example below configures a rule named that disallows importing any package from the workspace except for .
The next example restricts the package, only allowing versions equal to or above . This option requires Conformance or later.
The example below enables the custom rule. In this example, the custom rule is also restricted to the and workspaces, which is optional.
Was this helpful?