REQUIRE_CARET_DEPENDENCIES

Last updated March 4, 2025

Conformance is available on Enterprise plans

This rule is available from version 1.4.0.

Using a caret ("^") as a prefix in the version of your dependencies is recommended. Caret Ranges allows patch and minor updates for versions 1.0.0 and above, patch updates for versions 0.X >=0.1.0, and no updates for versions 0.0.X. This rule is applicable to and , and it helps maintain the security and health of your codebase.

By default, this rule is disabled. To enable it, refer to customizing Conformance.

Examples

This rule will catch any files:

Using or as a prefix of the version, like .
Version without a prefix, such as .

How to fix

If you hit this issue, you can resolve it by adding a to the version of your dependency. If you want to keep using a pinned version, or another prefix, you can include the dependency in the Allowlist.

Was this helpful?

AI Cloud

Core Platform

Security

Learn

Company

Open Source

Tools

Use Cases

Users

REQUIRE_CARET_DEPENDENCIES

Examples

How to fix