# Renovate — Automated Dependency Update Bot > Renovate keeps your dependencies fresh by automatically opening pull requests for updates across 90+ package managers, with fine-grained control over grouping, scheduling, and automerge. ## Install Save as a script file and run: # Renovate — Automated Dependency Update Bot ## Quick Use ```bash # Run Renovate locally via npx npx renovate --token $GITHUB_TOKEN --repositories your-org/your-repo # Or use the hosted Mend Renovate GitHub App (zero config) # Install from: github.com/apps/renovate ``` ## Introduction Renovate is an open-source tool that automates dependency updates by scanning your repositories for outdated packages and opening pull requests with the latest versions. Unlike simple bots, it supports 90+ package managers and gives you full control over grouping, scheduling, and automerge rules. It was created to eliminate the toil of keeping projects secure and up to date. ## What Renovate Does - Scans repos for dependency files (package.json, Dockerfile, Helm charts, Terraform modules, etc.) - Opens pull requests with version bumps, changelogs, and compatibility notes - Groups related updates (e.g., all ESLint packages) into a single PR - Supports automerge for trusted minor/patch updates with passing CI - Runs on a configurable schedule with rate limiting to avoid PR floods ## Architecture Overview Renovate runs as a Node.js CLI or as a hosted bot service. On each run it clones the target repository, discovers dependency files using built-in manager plugins, queries upstream registries for newer versions, applies update rules from renovate.json config, and opens or updates pull requests via the platform API (GitHub, GitLab, Bitbucket, Azure DevOps). The bot is stateless between runs — all state is stored in branches and PRs. ## Self-Hosting & Configuration - Install globally: `npm install -g renovate` or use the official Docker image `renovate/renovate` - Create `renovate.json` at repo root with `{ "$schema": "https://docs.renovatebot.com/renovate-schema.json" }` - Set `RENOVATE_TOKEN` and `RENOVATE_PLATFORM` env vars for self-hosted mode - Use presets like `config:recommended` for sane defaults or extend with custom rules - Schedule runs via cron or run as a persistent service with `--autodiscover` ## Key Features - Supports 90+ package managers including npm, pip, Maven, Go, Docker, Terraform, and Helm - Replacement and migration PRs when packages are renamed or deprecated - Dashboard issue summarizes all pending updates in a single GitHub issue - Regex manager lets you define custom dependency patterns for any file format - Merge confidence integration shows adoption and test-pass rates for each update ## Comparison with Similar Tools - **Dependabot** — GitHub-native but limited to fewer ecosystems and less configurable grouping - **Snyk** — focuses on security vulnerabilities rather than general version freshness - **Greenkeeper** — deprecated in favor of Snyk; Renovate absorbed much of its user base - **WhiteSource Bolt** — commercial scanner with limited free tier vs Renovate's full open-source model - **Update CLI tools** (npm-check, pip-review) — manual and repo-by-repo, no PR automation ## FAQ **Q: Can Renovate handle monorepos with multiple package.json files?** A: Yes, it discovers all dependency files recursively and can group updates per workspace or across the entire repo. **Q: Does Renovate support private registries?** A: Yes, configure `hostRules` in renovate.json with authentication tokens for npm, Docker, Maven, and other private registries. **Q: How do I prevent Renovate from updating certain packages?** A: Use `packageRules` with `enabled: false` or pin specific packages with `allowedVersions` constraints. **Q: Is the Mend Renovate GitHub App free?** A: Yes, the hosted GitHub App is free for both public and private repositories with no usage limits. ## Sources - https://github.com/renovatebot/renovate - https://docs.renovatebot.com/ --- Source: https://tokrepo.com/en/workflows/9b8e21a5-3942-11f1-9bc6-00163e2b0d79 Author: Script Depot