npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

updated

v2.0.7

Published

check for updated package.json dependencies

Downloads

853

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ahmadnassriahmadnassri

Keywords

nodepackageupdatescheckdependenciesoutdated

Readme

Updated

check for updated package.json dependencies

license release semantic

Motivation

While there are many package dependency checking tools, they all come with some gotchas:

  • cli dependencies:
    While having dependencies for a CLI package is not an issue in itself, the dependencies themselves often come with vulnerabilities, and will inevitably fall behind as maintainers are not able to keep up with upstream changes.

  • npm API dependency:
    This means figuring out which .npmrc to parse, how to parse it meaningfully, essentially repeating npm cli's own logic, this gets complicated when your .npmrc file mixes multiple registries and scopes!

  • exit codes & standard streams:
    some of the solutions do not use proper exit codes (e.g. 0 for success 1 for failure) and rely on console.log for all outputs instead of properly streaming results to stdout and stderr. This makes them incompatible for usage within a CI process.

  • npm outdated
    npm's outdated command seems to attempt to address some of the basics, however, it seems to only work for production dependencies (and devDependencies if you add the hidden -D flag!) and not at the same time! optionalDependencies, peerDependencies are not included.

This utility opposes those two key issues by using the npm cli directly to inspect each dependency in your package.json!

Hopefully, npm outdated will evolve and make this tool irrelevant!

CAVEATS

The following types of packages are not supported:

  • <git-host>:<git-user>/<repo-name>
  • <git repo url>
  • <tarball file>
  • <tarball url>
  • <folder>

Features

  • Asynchronous runs each package check asynchronously, with immediate feedback to stdout

  • ZERO dependencies
    keeping this package lean for use with CI.

  • uses npm
    uses the npm show cli command directly, which allows matching your actual npm environment and project config.

  • CI friendly
    through proper usage of standard streams (stdout, stderr) and exit codes.

  • configurable use simple arguments to control behaviour.

  • compares against package.json
    updated will ONLY look at package.json and query npm with the same version ranges you define, to better simulate what npm install will produce. and avoid pointless errors.

    e.g. updated@^1.0.0 is still valid if the latest is updated@^1.0.1 because npm install will grab the latter.

Install

npm install updated

Usage

Run in your project's folder with package.json:

$ updated

DEPRECATED      connect: ^2.30.1                                        ^2.30.1 → 3.7.0
NOT-SUPPORTED   @ahmadnassri/node-create: ahmadnassri/node-create
NOT-SUPPORTED   nothingness: github:othiym23/nothingness#master
OUTDATED        once: ^1.3.1                                            ^1.3.1 → 1.4.0
DEPRECATED      @telusdigital/nightwatch-seo: *                         * → 1.2.2
OUTDATED        npm: ^3.5.1                                             ^3.5.1 → 6.14.7

Tip: You can check the last exit code by running echo $?

Tip: You don't need to install this package or add it to your dependencies, just run npx updated

CLI Options

Options are applied using --[option]=[value] syntax

| Options | Default | Description | |------------|-------------|----------------------------------------------------------------------------------------------| | ignore | | comma-separated packages to be ignored, e.g. --ignore=tap,eslint | | types | see below | comma-separated dependency types to check, e.g. --types=devDependencies,peerDependencies | | scopes | all | comma-separated list of package @scopes to check, default checks all | | update | false | force update package.json to latest versions | | json | false | output JSON results to stdout | | silent | false | do not output report on stderr | | no-color | false | disable color output | | help | N/A | display cli help |

Dependency Types

By default updated will check for the following types in your package.json

  • dependencies
  • devDependencies
  • optionalDependencies
  • peerDependencies

Note: dependency types is an arbitrary string value, your package.json can contain additional types beyond the ones listed here, just include them using --types and updated will attempt to check their status.

Exit Codes

| Code | Description | |------|-------------| | 0 | success | | 1 | failure |

Author: Ahmad Nassri • Twitter: @AhmadNassri