No Node version pin
Part of Dependencies & Hygiene, which counts for 10% of the overall score. When this check fires it deducts 2 points from that category, once per scan, no matter how many places it turns up.
What it detects
Neither .nvmrc nor package.json engines.node specifies a target Node version.
Why it matters
With no .nvmrc and no engines.node, every contributor and CI job guesses which Node to use, and the guesses drift: one person on Node 18, CI on 22, production on something else. Version-specific breakage then shows up as unreproducible bugs ("passes locally, fails in CI"). Pinning the version makes nvm, fnm, Volta, and setup-node all pick the same one automatically.
How to fix it
Add a .nvmrc containing the Node major version the project targets (the current LTS, for example "22", if you have no constraint). Also add "engines": { "node": ">=22" } to package.json so package managers can warn on mismatch. Point CI at the same source of truth: actions/setup-node supports node-version-file: .nvmrc so the pin lives in one place.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo