npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

depkeeper

v1.0.555

Published

A tool to detect outdated npm dependencies.

Downloads

46

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

arielharielhfalconcifalconciyurynixyurynixitai.bendaitai.bendawix-ciwix-ciwix-ambassadorwix-ambassadorshahatashahatanetanelgiladnetanelgiladwix-ci-publisherwix-ci-publisherwix-bi-publisherwix-bi-publisher

Keywords

Readme

depkeeper

A tool to detect outdated npm dependencies.

depkeeper goes over project dependencies inside node_modules and checks whether they are outdated or not. It's also possible to specify by how many versions behind the tool still tolerates the dependencies.

Installation

To use as a library:

npm install --save-dev depkeeper

To use command line tool:

npm install -g depkeeper

API

Start by requiring depkeeper.

const depkeeper = require('depkeeper');

Simple Usage

depkeeper()
  .check()
  .then(outdated => {
    console.log(outdated); // [{name: 'eslint', version: '3.0.1',  minimal: '4.7.0', latest: '4.7.0'}]
  });

It will return a list of all outdated dependencies, no matter by how many versions they are behind. If all the dependencies are up to date, the list will be empty.

Check By Thresholds

depkeeper()
  .check('*', {major: 1})
  .then(outdated => {
    console.log(outdated); // [{name: 'eslint', version: '3.0.1', minimal: '4.0.0', latest: '5.7.0'}]
  });

It will return a list of outdated dependencies but only those that are behind by the specific amount of versions (thresholds).

Handling Exceptions

Exceptions will reject the promise.

depkeeper()
  .check()
  .catch(err => {
    throw err; // Something went wrong...
  });

NOTE: Unsuccessful attempts to reach registry or file system are swallowed. Still looking for a best way to pass them via API.

Checking With Multiple Rules

It's possible to check specific dependencies by given pattern with separate thresholds.

depkeeper()
  .rule('eslint-*')
  .rule('yoshi', {patch: 10})
  .checkRules()
  .then(outdated => {
    console.log(outdated);
    /*[
        [
          {name: 'eslint', version: '3.0.1', latest: 4.7.0'},
          {name: 'eslint-plugin-react', version: '6.1.6', latest: 7.4.0'},
        ],
        [
          {name: 'yoshi', version: '1.0.100', minimal: '1.0.189', latest: '1.0.199'}
        ]
      ]
    */
  });

Factory

const dk = depkeeper({
  cwd: 'string', // current working directory (default process.cwd())
  registryUrl: 'string' // override registry URL (default comes from .nvmrc or https://registry.npmjs.org)
});

.check(pattern, options)

  • pattern - string, default - '*', glob pattern to mark specific dependencies to check
  • options - object
    • major: number, minor: number, patch: number, specify by how many versions dependencies can be outdated
    • strategy: string, default - 'numeral', will apply rules using certain strategy: numeral or separate

.rule(pattern, options) & .checkRules()

These two methods must be used together if you have multiple rules to check and don't want to deal with separate promises. It works exactly the same as .check() just that you build all your rules first and then execute them at once.

Strategy

Numeral

Minimal version will be calculated as if it was a number, where major, minor, patch are just digits with relations. This strategy can be used only with a single threshold.

Given threshold is {minor: 1}, current version is 1.0.0. Rule says check if dependency is outdated by at least 1 minor version. Let's assume there are only these versions: 1.0.0, 1.1.0, 1.1.1, 1.1.2, 2.0.0, 2.0.1, 2.1.0. As patch is not important, number sequence consists only of these versions: 1.0.0, 1.1.0, 2.0.0, 2.1.0. Applying threshold 1, minimal version is 2.0.0.

Separate

Multiple Thresholds

When passing multiple thresholds the rules will be combined. Minimal version will be calculated as following.

  • {major: 0, minor: 0, patch: 0} - latest patch of latest minor of latest major (basically latest)
  • {major: 0, patch: 0} - latest patch of lowest minor of latest major
  • {major: 0, minor: 0} - lowest patch of latest minor of latest major
  • {minor: 0, patch: 0} - latest patch of latest minor of current major
  • {major: 0} - lowest patch of lowest minor of latest major
  • {minor: 0} - lowest patch of latest minor of current major
  • {patch: 0} - latest patch of current minor of current major

Passing positive numbers as thresholds will calculate by how many versions the specific version type is outdated.

  • {major: 1, minor: 2} - patch outdated by 2 of lowest minor of major outdated by 1
  • {minor: 3} - lowest patch of minor outdated by 3 of current major

Note: when there's no version which is outdated by specific threshold the algorithm will fallback to lowest. Look at the example bellow.

Given threshold is {minor: 0, patch: 2}, current version is 1.0.0. Rule says preserve major and take the latest minor with patch outdated by 2 versions. Let's assume there are only these versions of major version 1: 1.0.0, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1. As there is no patch outdated by 2 of latest minimal of current major, minimal version will be equal to lowest patch of latest minor of current major which is 1.2.0.

CLI

Running command depkeeper check will check and print the list of outdated dependencies.

WIP...

Contribute

  1. git clone [email protected]:wix/depkeeper.git
  2. cd depkeeper
  3. npm install or yarn
  4. npm test or yarn test

In case of small bug, just create a PR otherwise please discuss inside an issue. PR's without tests or with failing tests will be automatically rejected.

License

MIT