Following last month’s change that added the ability to turn off dependency graph, the setting for newly-created public repositories will now default to off.

In addition, we’ve begun disabling it and removing stored data for inactive repositories, where “inactive” is defined as a repository that:

  • has not had any commits in over three years,
  • does not have Dependabot enabled, and
  • is not referenced by any published package.

Enabling Dependabot or pushing a commit will keep a repository’s dependency graph active. These changes will help improve GitHub’s performance and ensure the dependency graph remains relevant for active projects.

Join the Community discussion to share feedback or ask questions.