check for updated package.json dependencies
While there are many package dependency checking tools, they all come with some gotchas:
-
cli dependencies:
While having dependencies for a CLI package is not an issue in itself, the dependencies themselves often come with vulnerabilities, and will inevitably fall behind as maintainers are not able to keep up with upstream changes. -
npm API dependency:
This means figuring out which.npmrc
to parse, how to parse it meaningfully, essentially repeatingnpm
cli's own logic, this gets complicated when your.npmrc
file mixes multiple registries and scopes! -
exit codes & standard streams:
some of the solutions do not use proper exit codes (e.g.0
for success1
for failure) and rely onconsole.log
for all outputs instead of properly streaming results tostdout
andstderr
. This makes them incompatible for usage within a CI process. -
npm outdated
npm
'soutdated
command seems to attempt to address some of the basics, however, it seems to only work for productiondependencies
(anddevDependencies
if you add the hidden-D
flag!) and not at the same time!optionalDependencies
,peerDependencies
are not included.
This utility opposes those two key issues by using the npm
cli directly to inspect each dependency in your package.json
!
Hopefully, npm outdated
will evolve and make this tool irrelevant!
The following types of packages are not supported:
<git-host>:<git-user>/<repo-name>
<git repo url>
<tarball file>
<tarball url>
<folder>
-
Asynchronous runs each package check asynchronously, with immediate feedback to
stdout
-
ZERO dependencies
keeping this package lean for use with CI. -
uses
npm
uses thenpm show
cli command directly, which allows matching your actualnpm
environment and project config. -
CI friendly
through proper usage of standard streams (stdout
,stderr
) and exit codes. -
configurable use simple arguments to control behaviour.
-
compares against
package.json
updated
will ONLY look atpackage.json
and query npm with the same version ranges you define, to better simulate whatnpm install
will produce. and avoid pointless errors.e.g.
updated@^1.0.0
is still valid if the latest isupdated@^1.0.1
becausenpm install
will grab the latter.
npm install updated
Run in your project's folder with package.json
:
$ updated
DEPRECATED connect: ^2.30.1 ^2.30.1 → 3.7.0
NOT-SUPPORTED @ahmadnassri/node-create: ahmadnassri/node-create
NOT-SUPPORTED nothingness: github:othiym23/nothingness#master
OUTDATED once: ^1.3.1 ^1.3.1 → 1.4.0
DEPRECATED @telusdigital/nightwatch-seo: * * → 1.2.2
OUTDATED npm: ^3.5.1 ^3.5.1 → 6.14.7
Tip: You can check the last exit code by running
echo $?
Tip: You don't need to install this package or add it to your dependencies, just run
npx updated
Options are applied using
--[option]=[value]
syntax
Options | Default | Description |
---|---|---|
workspaces |
false |
process workspaces |
ignore |
|
comma-separated packages to be ignored, e.g. --ignore=tap,eslint |
types |
see below | comma-separated dependency types to check, e.g. --types=devDependencies,peerDependencies |
scopes |
all |
comma-separated list of package @scopes to check, default checks all |
update |
false |
force update package.json to latest versions |
json |
false |
output JSON results to stdout |
silent |
false |
do not output report on stderr |
no-color |
false |
disable color output |
help |
N/A |
display cli help |
By default updated
will check for the following types in your package.json
- dependencies
- devDependencies
- optionalDependencies
- peerDependencies
Note: dependency types is an arbitrary string value, your
package.json
can contain additional types beyond the ones listed here, just include them using--types
and updated will attempt to check their status.
Code | Description |
---|---|
0 |
success |
1 |
failure |
Author: Ahmad Nassri • Twitter: @AhmadNassri