Policy Surface
What Codependence checks today and where version policy can expand next.
Policy Surface
Codependence is strongest when it treats versions as project policy. Some surfaces are supported today; others are roadmap targets that should stay clearly marked until implemented.
Supported Today
package.jsondependency sections for Node.js projects- Root and child package
codependenceconfig in monorepos - Check-only, dry-run, interactive, and update modes
- Patch, minor, or major update limits
- Table, JSON, and Markdown output for scripts and CI
- Experimental Python and Go manifest checks
Good Next Targets
These are natural extensions of the same policy model:
- Local repository scan: report version drift across a directory such as
~/code - Toolchain files:
.nvmrc,.node-version,.tool-versions, and.mise.toml - Container files:
Dockerfile,Containerfile, and compose image tags - CI workflow files: GitHub Actions, GitLab CI, CircleCI, and similar YAML
- Runtime images:
node,bun,python,golang,ubuntu, and other common base images
Product Boundary
Dependabot and Renovate are good at hosted update PR automation. Codependence should stay focused on local and CI policy enforcement:
- detect drift
- report drift
- optionally apply policy
- work outside a hosted bot workflow
That keeps the project useful without competing directly with tools that already handle broad dependency automation well.