check for updated package.json dependencies
While there are many package dependency checking tools, they all come with some gotchas:
While having dependencies for a CLI package is not an issue in itself, the dependencies themselves often come with vulnerabilities, and will inevitably fall behind as maintainers are not able to keep up with upstream changes.
npm API dependency:
This means figuring out which
.npmrcto parse, how to parse it meaningfully, essentially repeating
npmcli's own logic, this gets complicated when your
.npmrcfile mixes multiple registries and scopes!
exit codes & standard streams:
some of the solutions do not use proper exit codes (e.g.
1for failure) and rely on
console.logfor all outputs instead of properly streaming results to
stderr. This makes them incompatible for usage within a CI process.
outdatedcommand seems to attempt to address some of the basics, however, it seems to only work for production
devDependenciesif you add the hidden
-Dflag!) and not at the same time!
peerDependenciesare not included.
This utility opposes those two key issues by using the
npm cli directly to inspect each dependency in your
npm outdated will evolve and make this tool irrelevant!
The following types of packages are not supported:
<git repo url>
Asynchronous runs each package check asynchronously, with immediate feedback to
keeping this package lean for use with CI.
npm showcli command directly, which allows matching your actual
npmenvironment and project config.
through proper usage of standard streams (
stderr) and exit codes.
configurable use simple arguments to control behaviour.
updatedwill ONLY look at
package.jsonand query npm with the same version ranges you define, to better simulate what
npm installwill produce. and avoid pointless errors.
updated@^1.0.0is still valid if the latest is
npm installwill grab the latter.
npm install updated
Run in your project's folder with
$ updated DEPRECATED connect: ^2.30.1 ^2.30.1 → 3.7.0 NOT-SUPPORTED @ahmadnassri/node-create: ahmadnassri/node-create NOT-SUPPORTED nothingness: github:othiym23/nothingness#master OUTDATED once: ^1.3.1 ^1.3.1 → 1.4.0 DEPRECATED @telusdigital/nightwatch-seo: * * → 1.2.2 OUTDATED npm: ^3.5.1 ^3.5.1 → 6.14.7
Tip: You can check the last exit code by running
Tip: You don't need to install this package or add it to your dependencies, just run
Options are applied using
||comma-separated packages to be ignored, e.g.
||see below||comma-separated dependency types to check, e.g.
||comma-separated list of package
||output JSON results to
||do not output report on
||disable color output|
||display cli help|
updated will check for the following types in your
Note: dependency types is an arbitrary string value, your
package.jsoncan contain additional types beyond the ones listed here, just include them using
--typesand updated will attempt to check their status.