After integrating Compass with their repository to track development events and metrics, customers look for more detailed information about their components within Compass.

One common request we hear is for the ability to track package dependency version information for their Compass components.

Having this data easily accessible in Compass can really help users by allowing them to:

• Run campaigns to help migrate to newer versions.

• Get insights into the percentage of components using specific versions, like 1.0 or 2.0, of a dependency.

• Be more aware of components or repositories that haven’t adopted a required version.

Package Dependency Data in Compass

To enable this, we’re in the process of releasing a new Compass feature called Package Dependencies.

In this initial beta release, we introduced the ability to view package version information for a component, specifically for NPM packages. This feature allows users to view a comprehensive list of packages that a component depends on, accessible from the component page. This information comes from package-lock.json files submitted to Compass via the REST API.

In addition, developers can also review the list of components dependent on a specific package. This functionality provides a lightweight scorecard-like mechanism for stakeholders to gain a global view of version usage, enabling informed decisions and strategic planning.

Getting Started

To get started, navigate to the Package Dependency tab for a component and click the Upload package depencencies button. This will display customized instructions for submitting a lockfile via the REST API. Right now, Compass supports package-lock.json files only, but we’ll add more in the future.

Looking Ahead

As we continue to refine and expand this feature, our next steps include:

1. automating the fetching of lock files from repositories (via the (via the Bitbucket for Compass, GitHub for Compass, and GitLab for Compass apps)

2. enabling package-dependency-based scorecard criteria, and

3. supporting more file formats/package managers

We invite you to explore these new capabilities and share your feedback here. Your insights are invaluable as we strive to enhance the functionality and usability of Compass. Stay tuned for more updates as we progress through the remaining milestones!