npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

ruckup

v0.9.1

Published

Check and update dependencies across Cargo, npm, and pyproject projects

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ruckcruckc

Keywords

Readme

ruckup

One command to check and update dependencies across Cargo, Docker, GitHub Actions, npm, and Python — all at once.

ruckup auto-detects your project's manifest files and checks every dependency against its upstream registry. Run it in any repo — even polyglot monorepos — and get a unified view of what's outdated. Then apply updates interactively or all at once.

Installation

cargo

cargo install ruckup

npm / pnpm / yarn / bun

npm install -g ruckup
# or
pnpm add -g ruckup
# or
yarn global add ruckup
# or
bun add -g ruckup

pip / uv / pipx

pip install ruckup
# or
uv tool install ruckup
# or
pipx install ruckup

Pre-built binaries

Download the latest binary for your platform from the GitHub Releases page, extract it, and place it on your PATH.

| Platform | Archive | |---|---| | Linux x86_64 (glibc) | ruckup-linux-x64.tar.gz | | Linux x86_64 (musl) | ruckup-linux-x64-musl.tar.gz | | Linux arm64 (glibc) | ruckup-linux-arm64.tar.gz | | Linux arm64 (musl) | ruckup-linux-arm64-musl.tar.gz | | macOS arm64 (Apple Silicon) | ruckup-darwin-arm64.tar.gz | | macOS x86_64 | ruckup-darwin-x64.tar.gz | | Windows x86_64 | ruckup-win32-x64.zip | | Windows arm64 | ruckup-win32-arm64.zip |

Build from source

git clone https://github.com/ruckc/ruckup.git
cd ruckup
cargo install --path .

Features

  • Auto-detection — scans the current directory for all supported manifest files
  • Multi-ecosystem — one tool for Cargo, Docker, GitHub Actions, npm, and Python
  • Interactive updates — multi-select prompt lets you pick exactly what to bump
  • Bulk updates--all flag skips prompts and applies everything
  • Flexible filtering — scope work to a specific ecosystem or package name
  • Upgrade intelligence reports — generate text/markdown/html/pdf reports with SCM diff links, changelog links, security resources, and supply-chain deltas where available
  • Lockfile-aware — respects npm peer dependency constraints
  • Configurable — per-project .ruckuprc plus global config and env var overrides

Supported Manifests

| Ecosystem | Files | |---|---| | Cargo | Cargo.toml[dependencies], [dev-dependencies], [build-dependencies] | | Docker | Dockerfile, Dockerfile.*, docker-compose.yml, docker-compose.yaml, compose.yml, compose.yaml | | GitHub Actions | .github/workflows/*.ymluses: owner/repo@ref | | npm / pnpm / yarn | package.json (lockfile-aware) | | Python | pyproject.toml (uv, Poetry, PEP 621), requirements.txt |

Usage

Usage: ruckup [OPTIONS] [COMMAND]

Commands:
  check   Check for available dependency updates (default)
  update  Interactively select and apply dependency updates
  list    List detected dependency files and their dependencies
  report  Generate upgrade intelligence reports

Options:
  -o, --only <ONLY>      Comma-separated list of ecosystems to check
                         (cargo, docker, github-actions, npm, pyproject, requirements)
  -f, --filter <FILTER>  Filter to specific dependency names
  -h, --help             Print help
  -V, --version          Print version

check is the default command, so ruckup and ruckup check are equivalent.

Examples

# Check everything in the current directory
ruckup

# Check only Cargo dependencies
ruckup --only cargo

# Check only GitHub Actions workflow pins
ruckup check --only github-actions

# Check npm packages and filter to a specific name
ruckup check --only npm --filter react

# Check multiple ecosystems at once
ruckup check --only cargo,npm --filter serde,clap

# List all detected dependencies without hitting registries
ruckup list

# Interactively choose which updates to apply
ruckup update

# Apply all available updates without prompts
ruckup update --all

# Generate a markdown report for all upgrade candidates
ruckup report

# Generate HTML + PDF reports and open in your browser
ruckup report --format html,pdf --open

# Generate a scoped report for one ecosystem + dependency
ruckup report --only npm --filter react --format text,markdown

Upgrade Intelligence Report Coverage

| Scope | Included in report | Notes | |---|---|---| | All upgradable dependencies | Current version, latest version, semver impact (breaking, feature, bugfix) | Generated by ruckup report | | SCM diffs | Compare links when repository metadata can be resolved (best with GitHub-hosted projects) | Falls back to registry/package pages when SCM is unavailable | | Changelog context | Release/changelog/homepage links where available from package metadata | Depends on upstream metadata quality | | Security context | Links to ecosystem security resources (for example OSV, deps.dev, Snyk, RustSec, Docker/GitHub security pages) | Link set varies by plugin/ecosystem | | Supply-chain delta | Added/removed/changed transitive dependencies when version metadata exposes dependency graphs | Strongest support today for npm, crates.io, and PyPI | | Output formats | text, markdown, html, pdf | Use --format with one or more values | | Scope controls | Everything, specific dependency, or specific plugin | Use --filter and --only |

Update shortcut

During interactive ruckup update, press r before selecting packages to generate and open a consolidated HTML report across all detected plugins and their pending upgrades.

Configuration

Configuration is resolved in this order (later entries win):

  1. Built-in defaults
  2. ~/.ruckuprc (global)
  3. ./.ruckuprc (project)
  4. RUCKUP_* environment variables

Both TOML and JSON formats are supported for .ruckuprc.

Settings

| Setting | Env var | Default | Description | |---|---|---|---| | preserve_range | RUCKUP_PRESERVE_RANGE | true | Keep existing version range prefixes when updating | | cargo_concurrency | RUCKUP_CARGO_CONCURRENCY | 4 | Concurrent crates.io requests | | npm_concurrency | RUCKUP_NPM_CONCURRENCY | 16 | Concurrent npm registry requests | | pypi_concurrency | RUCKUP_PYPI_CONCURRENCY | 10 | Concurrent PyPI requests | | github_actions_concurrency | RUCKUP_GITHUB_ACTIONS_CONCURRENCY | 8 | Concurrent GitHub API requests | | docker_concurrency | RUCKUP_DOCKER_CONCURRENCY | 8 | Concurrent Docker Hub requests |

Example .ruckuprc

preserve_range = true
cargo_concurrency = 5
npm_concurrency = 16
pypi_concurrency = 10
github_actions_concurrency = 8
docker_concurrency = 8

Environment variable examples

RUCKUP_PRESERVE_RANGE=false ruckup update --all
RUCKUP_NPM_CONCURRENCY=8 ruckup check --only npm
RUCKUP_DOCKER_CONCURRENCY=4 ruckup check --only docker

Notes

  • Docker support targets Docker Hub images with semver-like tags; unsupported registries and floating tags are listed but not upgraded.
  • npm output includes peer dependency conflict reporting so you can see what is blocking an upgrade.
  • GitHub Actions updates rewrite pinned uses: owner/repo@ref references; floating refs like stable are left alone.
  • Python detection only activates for pyproject.toml files that declare Python dependencies.
  • requirements.txt packaging directives (editable installs, direct URLs, pip flags) are intentionally ignored.
  • Supply-chain deltas are generated where upstream metadata is available (currently strongest for npm, crates.io, and PyPI packages).

License

MIT — see LICENSE.