npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

safe-npm-updater

v1.0.2

Published

Intelligent npm package updater with safety checks, impact analysis, and rollback capabilities

Downloads

31

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mzubair746rmzubair746r

Keywords

npmupdatedependenciespackage-managerclismart-updaterrollbacktesting

Readme

safe-npm-updater

Intelligent npm package updater with safety checks, impact analysis, and rollback capabilities.

Features

  • 📊 Smart Analysis: Analyze outdated packages with risk categorization
  • 🔒 Safety First: Create automatic snapshots before updates
  • 🧪 Impact Testing: Test updates in isolation before applying
  • ⏮️ Easy Rollback: Restore previous package states instantly
  • 🔍 Dependency Insights: Understand why packages are installed
  • 🎯 Interactive Mode: Choose exactly which packages to update
  • 🚨 Security Focused: Prioritize security vulnerability fixes

Installation

npm install -g safe-npm-updater

Or use with npx:

npx safe-npm-updater

Usage

Analyze Packages

Check for outdated packages and security issues:

safe-npm-updater analyze

Options:

  • -s, --security - Show only security updates
  • -v, --verbose - Show detailed information

Update Packages

Update packages with interactive selection:

safe-npm-updater update

Options:

  • -i, --interactive - Select packages interactively (default)
  • -s, --security - Update only security fixes
  • --safe - Update only patch versions
  • --all - Update all packages (with confirmation)
  • --skip-tests - Skip running tests

Examples:

# Interactive mode
safe-npm-updater update

# Only security updates
safe-npm-updater update --security

# Only safe patch updates
safe-npm-updater update --safe

# Update all packages
safe-npm-updater update --all

Test Package Updates

Test the impact of updating a specific package before applying:

safe-npm-updater test [email protected]

This will:

  • Create a temporary git branch (if using git)
  • Apply the update
  • Run your test suite
  • Check TypeScript compilation (if applicable)
  • Report results without affecting your current state

Rollback

Restore packages to a previous snapshot:

safe-npm-updater rollback

Interactively select from available snapshots to restore.

Why Command

Get detailed information about a package:

safe-npm-updater why lodash

Shows:

  • Package information
  • Whether it's a direct or transitive dependency
  • Dependency tree
  • Deprecation status

How It Works

Risk Categorization

safe-npm-updater categorizes updates by risk level:

  • 🚨 CRITICAL - Security vulnerabilities
  • ⚠️ BREAKING - Major version updates
  • 📝 MODERATE - Minor version updates
  • SAFE - Patch version updates

Snapshot System

Before every update, safe-npm-updater automatically creates a snapshot of:

  • package.json
  • package-lock.json

Snapshots are stored in .smart-updater/snapshots/ (added to .gitignore automatically).

Impact Testing

The test command creates an isolated environment to verify updates:

  1. Creates a temporary git branch
  2. Applies the package update
  3. Runs npm test
  4. Checks TypeScript compilation (if tsconfig.json exists)
  5. Reports results
  6. Cleans up (switches back and deletes test branch)

Configuration

safe-npm-updater works with your existing project configuration:

  • Reads test command from package.json scripts
  • Detects TypeScript projects automatically
  • Works with both npm and yarn (detects from lock file)
  • Integrates with git for advanced features

Requirements

  • Node.js >= 18.0.0
  • npm or yarn
  • Git (optional, for advanced features)

Project Structure

safe-npm-updater/
├── src/
│   ├── cli/           # CLI entry point
│   ├── commands/      # Command implementations
│   ├── core/          # Core logic (analyzer, updater, tester)
│   ├── utils/         # Utilities (npm, git, files, logger)
│   └── types/         # TypeScript interfaces
├── dist/              # Compiled output
└── package.json

Development

Build the project:

npm run build

Run in development mode:

npm run dev

Link for local testing:

npm link

Security

safe-npm-updater follows security best practices:

  • Input validation for all user inputs
  • Sanitized package names before registry calls
  • No code execution from external sources
  • Read-only operations where possible
  • Confirmation required for destructive operations

License

ISC

Contributing

Contributions are welcome! Please feel free to submit issues and pull requests to the GitHub repository:

Repository: https://github.com/zubair-ra/smart-updater

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

Author

Created with ❤️ for safer npm package updates by @mzubair746r