ci: disable dependabot for npm

[9romise]

No description provided.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request adds a new Dependabot configuration entry for the npm package ecosystem in the repository root. The configuration sets a weekly schedule for dependency updates and disables automatic pull request creation by setting open-pull-requests-limit to zero. This provides explicit control over npm dependency management separate from any existing Dependabot configurations.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request has no description provided by the author, making it impossible to assess whether the intent aligns with the changeset.	Add a pull request description explaining why Dependabot is being disabled for npm and what problem this solves.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/disable

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f0b0e473-bc39-4e11-bdb8-8bc77746e148

📥 Commits

Reviewing files that changed from the base of the PR and between a249602 and 1668725.

📒 Files selected for processing (1)

• .github/dependabot.yml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify npm package files exist in repository root

# Check for package.json and package-lock.json in root
fd -t f '^package\.json$|^package-lock\.json$' -d 1

# Also check if npm packages exist anywhere in the repo
fd -t f '^package\.json$' -d 3

Repository: npmx-dev/vscode-npmx

Length of output: 377

---

Clarify npm “disable” intent: open-pull-requests-limit: 0 stops PRs but not the weekly checks

• The repo root has a package.json (but no package-lock.json in root), so the directory: / npm config will still run against root package.json; open-pull-requests-limit: 0 will suppress PR creation rather than disable Dependabot’s scheduled runs.
• If the goal is full disablement, remove the npm updates entry; if the goal is “checks only / no PRs”, update the PR title/description to match that intent.