npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

dep-daddy

v0.7.0

Published

Interactive pnpm dependency upgrade tool with changelog detection, persistent ignore, and catalog support

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cfrattacfratta

Keywords

pnpmupgradeupdateoutdateddependencieschangeloginteractiveclicatalogworkspacemonoreposemvernpm-upgradepnpm-updatedependency-management

Readme

dep-daddy

Interactive pnpm dependency upgrade tool with changelog detection, persistent ignore, catalog support, and monorepo/workspace awareness.

Inspired by npm-upgrade, rebuilt from scratch for pnpm.

Install

# npx (no install)
npx dep-daddy

# global install
pnpm add -g dep-daddy

# or as a dev dependency
pnpm add -D dep-daddy

Quick start

daddy

# include already-up-to-date rows in the overview/prompt flow
daddy --show-up-to-date

# emit structured, non-interactive JSON
daddy --output json

Run from any directory with a package.json (standalone) or from a pnpm workspace root (monorepo). The tool detects the context automatically.

Features

  • Monorepo support — workspace root detection, searchable scope picker (catalogs + packages), per-scope overview tables, package-scoped updates, scoped ignore config
  • Overview table — outdated dependencies grouped by type (dependencies, devDependencies, etc.) with current, wanted, latest, and range columns
  • Update vs upgrade — distinguishes wanted updates (highest registry version satisfying your declared range) from latest upgrades (updates your package.json range)
  • Changelog detection — lazy multi-strategy resolver: npm registry field, GitHub/GitLab file probing via HEAD requests, releases page fallback, homepage fallback
  • Persistent ignore — semver-range ignore rules in .dep-daddy.json with reasons; ignored dependencies reappear when the range no longer matches
  • pnpm catalog support — detects catalog: protocol and updates pnpm-workspace.yaml directly, preserving range prefixes and YAML comments
  • Semver violator flags — mark dependencies that ship breaking changes in minor/patch releases; flagged dependencies show a warning banner on every upgrade
  • Keyboard shortcuts — single-key selection ([u]pdate, [s]kip, [c]hangelog, [m]ore, [n]ext, [f]inish) with arrow key navigation

Usage

Standalone

daddy
  1. Runs pnpm outdated --json to find outdated dependencies
  2. Shows an overview table grouped by dependency type By default, deps with no available wanted/latest change are hidden; pass --show-up-to-date to include them. Pass --output json to emit structured non-interactive results instead of the interactive table/prompt flow.
  3. Filters out ignored dependencies from .dep-daddy.json
  4. Presents each dependency interactively:
    • [u]pdate — accept the wanted version
    • [s]kip — skip to the next dependency
    • [c]hangelog — resolve and open the changelog in your browser
    • [m]ore — sub-menu: up[g]rade (latest version, updates your range), [i]gnore, semver [v]iolator, [b]ack
    • [f]inish — apply accepted changes so far
  5. Applies upgrades (pnpm update for regular deps, pnpm-workspace.yaml edits for catalog deps)

Monorepo

# from workspace root
daddy
  1. Runs pnpm outdated -r --json across the workspace
  2. Shows a searchable scope picker:
    • All — process every scope sequentially
    • Catalogs — shared catalog dependencies (e.g. default, named catalogs)
    • Packages — individual workspace packages with their own dependencies By default, deps with no available wanted/latest change are hidden; pass --show-up-to-date to include them. Pass --output json to emit structured non-interactive results grouped by scope.
  3. For each scope: overview table, interactive per-dependency flow, [n]ext to jump to the next scope
  4. Project scopes show a summary of pending catalog updates (managed in the catalog scope, not duplicated)
  5. Applies upgrades: catalog changes write to pnpm-workspace.yaml, project changes are scoped to the correct workspace package, followed by a single pnpm install

Running from inside a workspace package prints an error pointing to the workspace root.

Configuration

.dep-daddy.json

Automatically managed. Created when you ignore a dependency or flag a semver violator; deleted when empty. Same format for both standalone and monorepo.

Ignores are namespaced by scope:

  • depdaddy-global — applies everywhere (standalone projects use this as their only scope)
  • catalog:<name> — applies to a specific catalog
  • <package> — applies to a specific workspace package

Semver violators are always global (not scoped).

Ignore entries use semver ranges. When the latest version no longer matches, the dependency reappears. Accepting an upgrade removes its ignore entry.

Catalog support

Dependencies using pnpm's catalog: protocol are detected automatically. When you accept an upgrade, dep-daddy updates the version in pnpm-workspace.yaml (not package.json), preserving range prefixes (^, ~, >=) and YAML comments.

Both default (catalog:) and named (catalog:react18) catalogs are supported.

Changelog detection

Resolution is lazy (triggered only when you press [c]) and follows this cascade:

  1. npm registry changelog field — used directly if declared
  2. GitHub/GitLab file probing — HEAD requests for CHANGELOG.md, HISTORY.md, CHANGES.md
  3. Releases page{repo}/releases fallback
  4. Homepage — offered as [o]pen homepage if no changelog found

All network requests have a 5-second timeout. Failures are swallowed gracefully.

Requirements

  • Node.js >= 18.12
  • pnpm >= 9.5.0

License

MIT