Cette page est affichée en anglais. Une traduction française est en cours.
ConfigsJul 8, 2026·3 min de lecture

Danger.js — Automate Code Review Chores in CI

Danger.js runs during CI to automate common code review tasks like enforcing PR descriptions, checking file sizes, flagging risky changes, and posting inline review comments.

Prêt pour agents

Staging sûr pour cet actif

Cet actif est d'abord staged. Le prompt copié demande à l'agent d'inspecter les fichiers staged avant d'activer scripts, config MCP ou config globale.

Stage only · 29/100Policy : staging
Surface agent
Tout agent MCP/CLI
Type
Skill
Installation
Stage only
Confiance
Confiance : Established
Point d'entrée
Overview
Commande de staging sûr
npx -y tokrepo@latest install ff968b92-7a85-11f1-9bc6-00163e2b0d79 --target codex

Stage les fichiers d'abord; l'activation exige la revue du README et du plan staged.

Introduction

Danger.js automates the repetitive parts of code review by running a script (the Dangerfile) during CI that inspects the pull request diff, metadata, and file changes. It posts messages, warnings, and failures as PR comments or inline review annotations, freeing reviewers to focus on logic and architecture.

What Danger.js Does

  • Inspects PR metadata: title, description, labels, assignees, and reviewers
  • Analyzes the diff to detect changes in specific files or patterns
  • Posts markdown messages, warnings, and failure notices as PR comments
  • Supports inline comments on specific lines of changed files
  • Integrates with GitHub, GitLab, Bitbucket, and Azure DevOps

Architecture Overview

Danger.js runs as a Node.js process in your CI environment. It authenticates with your Git platform API using a bot token, fetches the PR metadata and diff, and exposes them through a structured DSL (danger.github.pr, danger.git.modified_files, etc.). The Dangerfile is a TypeScript or JavaScript module that imports danger, warn, fail, message, and markdown functions. After the Dangerfile executes, Danger collects all messages and posts them as a single PR comment or as individual inline review annotations.

Self-Hosting & Configuration

  • Add danger as a dev dependency and create a dangerfile.ts at the project root
  • Set a DANGER_GITHUB_API_TOKEN environment variable in your CI with a bot account token
  • Run npx danger ci as a CI step after your build and tests
  • Use npx danger local to test your Dangerfile against a local git diff before pushing
  • Configure a .danger.config.js for custom settings like comment update behavior

Key Features

  • Platform-agnostic: supports GitHub, GitLab, Bitbucket Server, and Azure DevOps
  • TypeScript Dangerfile: full type safety and autocompletion for the danger DSL
  • Plugin ecosystem: community plugins for checking changelogs, coverage reports, bundle size, and more
  • Inline review comments: post warnings on specific lines of the diff, not just top-level PR comments
  • Local mode: run the Dangerfile against your local branch diff without needing CI

Comparison with Similar Tools

  • GitHub Actions review bots — Custom per-workflow; Danger.js provides a reusable DSL across projects and CI systems
  • CODEOWNERS — Assigns reviewers by path; Danger.js enforces review policies and posts feedback
  • Probot — GitHub App framework for webhooks; Danger.js runs in CI with simpler setup for PR-level checks
  • Reviewdog — Focused on linter output annotation; Danger.js handles broader PR policy enforcement

FAQ

Q: Does it work with GitHub Actions? A: Yes. Add npx danger ci as a step in your workflow and set the API token as a secret.

Q: Can I use it with monorepos? A: Yes. The Dangerfile has access to the full list of modified files, so you can scope rules to specific packages or directories.

Q: Does it modify code or just comment? A: It only reads the diff and posts comments. It never pushes commits or modifies the branch.

Q: What is the difference between warn and fail? A: warn posts a non-blocking warning. fail posts an error message and sets the CI status to failed.

Sources

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires