Skip to main content

Overview

Dependify automatically detects whether you own a repository and adjusts its workflow accordingly. This ensures a smooth experience regardless of whether you’re modernizing your own code or contributing to external projects.

Repository Ownership Detection

How It Works

When you submit a repository URL, Dependify performs automatic ownership detection: 
# From git_driver.py:36-51
user_response = requests.get("https://api.github.com/user", headers=headers)
username = user_response.json()["login"]

# Check if user owns the repository
if username.lower() == repo_owner.lower():
    print(f"User owns the repository - no fork needed")
    return repo_data  # Returns with is_own_repo = True
Dependify compares your authenticated GitHub username with the repository owner to determine ownership. This happens automatically before any code changes are made.

Owned Repositories

When you own the repository:
  • Dependify creates a new branch directly in your repository
  • Branch name format: dependify-{random-id} (e.g., dependify-a3f2d8c1)
  • No fork is created
  • Changes are pushed to your repository
  • Pull request is created within your repository
  • PR head is just the branch name (e.g., dependify-a3f2d8c1)
  • You can merge directly without dealing with forks
Example PR Body for Owned Repos: 
## Automated Code Modernization

This pull request was automatically generated by Dependify...

### Branch
`dependify-a3f2d8c1`

External Repositories

When you don’t own the repository:
  • Dependify creates a temporary staging fork under your account
  • Fork serves solely as a staging area for the PR
  • If a fork already exists, Dependify uses it
  • Pull request is created from your-username:branch-name to original-owner:main
  • PR clearly indicates it’s from a fork
  • Original repository owner receives the PR for review
Example PR Body for External Repos: 
## Automated Code Modernization

### About This PR
- This PR was created from a **temporary staging fork** (`your-username/repo-name`)
- The fork was created solely to propose these changes
- You can safely delete the fork after reviewing/merging this PR

### Branch
`dependify-a3f2d8c1` (from fork: `your-username/repo-name`)
For external repositories, you can safely delete your fork after the PR is merged or closed. The fork is only needed for the PR creation process.

Required GitHub Permissions

Personal Access Token Scopes

Dependify requires a GitHub Personal Access Token (Classic) with the following scopes:
ScopeWhy It’s Needed
repoFull repository access - required for creating forks, pushing branches, and creating PRs
user:emailRead user email (automatically included with OAuth)
The repo scope provides full repository access. This is necessary because GitHub’s API requires it for fork creation and PR submission. Dependify only uses this permission for code modernization operations.

OAuth Permissions

When you authenticate with GitHub OAuth:
  • Session Duration: 7 days
  • Token Storage: Securely stored in backend environment
  • Token Usage: Used only for GitHub API operations (fork, clone, push, PR creation)
# From git_driver.py:28-34
headers = {
    "Authorization": f"token {Config.GITHUB_TOKEN}",
    "Accept": "application/vnd.github.v3+json"
}

Public vs Private Repositories

Public Repositories

  • ✅ Can modernize any public repository
  • ✅ Fork creation works for all public repos
  • ✅ PR creation from fork to original repo
  • ✅ No additional permissions needed beyond authentication

Private Repositories

  • ✅ Full support for private repos you own
  • ✅ Direct branch creation and PR submission
  • ⚠️ Requires repo scope in your GitHub token
  • ❌ Cannot fork private repositories you don’t have access to
  • ✅ Works if you have collaborator access
  • ⚠️ Repository owner must grant you appropriate permissions
GitHub’s API prevents forking private repositories unless you have explicit access. For external private repositories, ask the owner to add you as a collaborator first.

Rate Limits and Constraints

GitHub API Rate Limits

OperationRate LimitNotes
Authenticated Requests5,000/hourApplies to all GitHub API calls
Fork Creation~60/hourGitHub may throttle fork creation
PR CreationNo specific limitSubject to general rate limit
If you process many repositories rapidly, you may hit GitHub’s rate limits. Dependify will return an error if rate limits are exceeded. Wait for the rate limit to reset (typically within an hour).

Repository Size Constraints

  • Recommended: Up to 500 files
  • Maximum: No hard limit, but processing time increases
  • Parallel Processing: Modal containers handle 100+ files efficiently
  • Recommended: Files under 10,000 lines
  • AI Processing: Very large files may be skipped or chunked
  • GitHub Limits: PRs with 3,000+ changed files may be difficult to review
  • Large Repos: Repos with extensive history may take longer to clone
  • Timeout: 30 seconds for API operations
  • Optimization: Dependify only clones what’s necessary for modernization

Supported Languages

Currently optimized for:
  • JavaScript (ES5 → ES6+, modern patterns)
  • TypeScript (class components → functional, type improvements)
  • Python (Python 2 → Python 3, modern syntax)
  • 🚧 Other languages: Partial support, expanding in future releases
Dependify works best with JavaScript/TypeScript projects. Support for additional languages is on the roadmap.

Workflow Examples

Example 1: Your Own Repository

# Input
Repository: https://github.com/your-username/my-project

# Dependify Actions
1. Detects you own the repository
2. Clones your repository directly
3. Creates branch: dependify-x8f3a2b9
4. Commits modernized code
5. Pushes to your repository
6. Creates PR: your-username/my-project (dependify-x8f3a2b9  main)

# Result
PR created in your repository, ready to merge!

Example 2: External Public Repository

# Input
Repository: https://github.com/microsoft/magma

# Dependify Actions
1. Detects you don't own the repository
2. ✅ Creates fork: your-username/magma
3. ✅ Clones your fork
4. ✅ Creates branch: dependify-a3f2d8c1
5. ✅ Commits modernized code
6. ✅ Pushes to your fork
7. ✅ Creates PR: microsoft/magma (your-username:dependify-a3f2d8c1 → main)

# Result
PR submitted to original repository from your fork!
You can delete your fork after the PR is merged.

Example 3: Private Repository (Collaborator)

# Input
Repository: https://github.com/company/private-project
# (You have collaborator access)

# Dependify Actions
1. Detects you don't own the repository
2. ✅ Creates fork: your-username/private-project
3. ✅ Clones your fork with authentication
4. ✅ Creates branch: dependify-b7e9c2d4
5. ✅ Commits modernized code
6. ✅ Pushes to your fork
7. ✅ Creates PR: company/private-project (your-username:dependify-b7e9c2d4 → main)

# Result
PR submitted to private repository from your fork!

Best Practices

  • Ensure you have proper permissions for private repositories
  • Check that your GitHub token has the repo scope
  • Verify the repository is not archived or read-only
  • Review all changes in the “Files changed” tab
  • Run your test suite on the PR branch
  • For external repos: Delete your fork after the PR is merged/closed
  • Avoid processing too many repositories in rapid succession
  • If you hit rate limits, wait for the hourly reset
  • Consider spacing out large batch operations

Troubleshooting

”Failed to create fork”

  • You’ve already forked the repository (Dependify will use existing fork)
  • Repository is private and you don’t have access
  • GitHub API rate limit exceeded
  • Token doesn’t have repo scope
  • Check if fork already exists at github.com/your-username/repo-name
  • Verify you have access to the repository
  • Wait for rate limit reset
  • Regenerate token with proper scopes

”Could not get authenticated user”

  • GitHub token is invalid or expired
  • Token missing required permissions
  • Network connectivity issues
  • Re-authenticate with GitHub OAuth
  • Generate a new Personal Access Token
  • Check your internet connection

”Failed to push to remote”

  • Token authentication failed
  • Repository is archived or protected
  • Branch protection rules block push
  • Verify token is correctly configured
  • Check repository settings for protections
  • Ensure you have write access to the repository
For detailed debugging, check the real-time updates in your Dependify dashboard. Error messages will indicate the specific operation that failed.

Build docs developers (and LLMs) love

Get started for freeTalk to us