Will It Vibe?
DEP-014Info severity-2 points

No Node version pin

Part of Dependencies & Hygiene, which counts for 10% of the overall score. When this check fires it deducts 2 points from that category, once per scan, no matter how many places it turns up.

What it detects

Neither .nvmrc nor package.json engines.node specifies a target Node version.

Why it matters

With no .nvmrc and no engines.node, every contributor and CI job guesses which Node to use, and the guesses drift: one person on Node 18, CI on 22, production on something else. Version-specific breakage then shows up as unreproducible bugs ("passes locally, fails in CI"). Pinning the version makes nvm, fnm, Volta, and setup-node all pick the same one automatically.

How to fix it

Add a .nvmrc containing the Node major version the project targets (the current LTS, for example "22", if you have no constraint). Also add "engines": { "node": ">=22" } to package.json so package managers can warn on mismatch. Point CI at the same source of truth: actions/setup-node supports node-version-file: .nvmrc so the pin lives in one place.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Dependencies & Hygiene checks