• Stars
    star
    9,406
  • Rank 3,799 (Top 0.08 %)
  • Language
    TypeScript
  • License
    Other
  • Created about 11 years ago
  • Updated 19 days ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Find newer versions of package dependencies than what your package.json allows

npm-check-updates

npm version Build Status Coverage Status

npm-check-updates upgrades your package.json dependencies to the latest versions, ignoring specified versions.

  • maintains existing semantic versioning policies, i.e. "react": "^16.0.4" to "react": "^18.2.0".
  • only modifies package.json file. Run npm install to update your installed packages and package-lock.json.
  • clean output
  • sensible defaults
  • lots of options for custom behavior
  • CLI and module usage
  • compatible with npm, yarn, and pnpm

npm-check-updates-screenshot

  • Red = major upgrade (and all major version zero)
  • Cyan = minor upgrade
  • Green = patch upgrade

Installation

Install globally:

npm install -g npm-check-updates

Or run with npx:

npx npm-check-updates

Usage

Show all new dependencies (excluding peerDependencies) for the project in the current directory:

$ ncu
Checking package.json
[====================] 5/5 100%

 eslint             7.32.0  β†’    8.0.0
 prettier           ^2.7.1  β†’   ^3.0.0
 svelte            ^3.48.0  β†’  ^3.51.0
 typescript         >3.0.0  β†’   >4.0.0
 untildify          <4.0.0  β†’   ^4.0.0
 webpack               4.x  β†’      5.x

Run ncu -u to upgrade package.json

Upgrade a project's package file:

Make sure your package file is in version control and all changes have been committed. This will overwrite your package file.

$ ncu -u
Upgrading package.json
[====================] 1/1 100%

 express           4.12.x  β†’   4.13.x

Run npm install to install new versions.

$ npm install      # update installed packages and package-lock.json

Check global packages:

ncu -g

Filter packages using the --filter option or adding additional cli arguments. You can exclude specific packages with the --reject option or prefixing a filter with !. Supports strings, wildcards, globs, comma-or-space-delimited lists, and regular expressions:

# upgrade only mocha
ncu mocha
ncu -f mocha
ncu --filter mocha

# upgrade packages that start with "react-"
ncu react-*
ncu "/^react-.*$/"

# upgrade everything except nodemon
ncu \!nodemon
ncu -x nodemon
ncu --reject nodemon

# upgrade only chalk, mocha, and react
ncu chalk mocha react
ncu chalk, mocha, react
ncu -f "chalk mocha react"

# upgrade packages that do not start with "react-".
ncu \!react-*
ncu '/^(?!react-).*$/' # mac/linux
ncu "/^(?!react-).*$/" # windows

How dependency updates are determined

  • Direct dependencies are updated to the latest stable version:
    • 2.0.1 β†’ 2.2.0
    • 1.2 β†’ 1.3
    • 0.1.0 β†’ 1.0.1
  • Range operators are preserved and the version is updated:
    • ^1.2.0 β†’ ^2.0.0
    • 1.x β†’ 2.x
    • >0.2.0 β†’ >0.3.0
  • "Less than" is replaced with a wildcard:
    • <2.0.0 β†’ ^3.0.0
    • 1.0.0 < 2.0.0 β†’ ^3.0.0
  • "Any version" is preserved:
    • * β†’ *
  • Prerelease and deprecated versions are ignored by default.
    • Use --pre to include prerelease versions (e.g. alpha, beta, build1235)
    • Use --deprecated to include deprecated versions
  • With --target minor, only update patch and minor:
    • 0.1.0 β†’ 0.2.1
  • With --target patch, only update patch:
    • 0.1.0 β†’ 0.1.2
  • With --target @next, update to the version published on the next tag:
    • 0.1.0 -> 0.1.1-next.1

Options

Options are merged with the following precedence:

  1. CLI
  2. Local Config File
  3. Project Config File
  4. User Config File

Options that take no arguments can be negated by prefixing them with --no-, e.g. --no-peer.

--cache Cache versions to a local cache file. Default --cacheFile is ~/.ncu-cache.json and default --cacheExpiration is 10 minutes.
--cacheClear Clear the default cache, or the cache file specified by --cacheFile.
--cacheExpiration Cache expiration in minutes. Only works with --cache. (default: 10)
--cacheFile Filepath for the cache file. Only works with --cache. (default: "~/.ncu-cache.json")
--color Force color in terminal.
--concurrency Max number of concurrent HTTP requests to registry. (default: 8)
--configFileName Config file name. (default: .ncurc.{json,yml,js,cjs})
--configFilePath Directory of .ncurc config file. (default: directory of packageFile)
--cwd Working directory in which npm will be executed.
--deep Run recursively in current working directory. Alias of (--packageFile '**/package.json').
--dep Check one or more sections of dependencies only: dev, optional, peer, prod, or packageManager (comma-delimited). (default: ["prod","dev","optional"])
--deprecated Include deprecated packages.
-d, --doctor Iteratively installs upgrades and runs tests to identify breaking upgrades. Requires -u to execute.
--doctorInstall Specifies the install script to use in doctor mode. (default: npm install/yarn)
--doctorTest Specifies the test script to use in doctor mode. (default: npm test)
--enginesNode Include only packages that satisfy engines.node as specified in the package file.
-e, --errorLevel Set the error level. 1: exits with error code 0 if no errors occur. 2: exits with error code 0 if no packages need updating (useful for continuous integration). (default: 1)
-f, --filter

Include only package names matching the given string, wildcard, glob, comma-or-space-delimited list, /regex/, or predicate function.
filterResults Filters out upgrades based on a user provided function.
--filterVersion

Filter on package version using comma-or-space-delimited list, /regex/, or predicate function.
--format Modify the output formatting or show additional information. Specify one or more comma-delimited values: group, ownerChanged, repo, time, lines. (default: [])
-g, --global Check global packages instead of in the current project.
groupFunction Customize how packages are divided into groups when using --format group.
-i, --interactive Enable interactive prompts for each dependency; implies -u unless one of the json options are set.
-j, --jsonAll Output new package file instead of human-readable message.
--jsonDeps Like jsonAll but only lists dependencies, devDependencies, optionalDependencies, etc of the new package data.
--jsonUpgraded Output upgraded dependencies in json.
-l, --loglevel Amount to log: silent, error, minimal, warn, info, verbose, silly. (default: "warn")
--mergeConfig Merges nested configs with the root config file for --deep or --packageFile options. (default: false)
-m, --minimal Do not upgrade newer versions that are already satisfied by the version range according to semver.
--packageData Package file data (you can also use stdin).
--packageFile Package file(s) location. (default: ./package.json)
-p, --packageManager npm, yarn, pnpm, deno, staticRegistry (default: npm).
--peer Check peer dependencies of installed packages and filter updates to compatible versions.
--pre Include prerelease versions, e.g. -alpha.0, -beta.5, -rc.2. Automatically set to 1 when --target is newest or greatest, or when the current version is a prerelease. (default: 0)
--prefix Current working directory of npm.
-r, --registry Third-party npm registry.
-x, --reject

Exclude packages matching the given string, wildcard, glob, comma-or-space-delimited list, /regex/, or predicate function.
--rejectVersion

Exclude package.json versions using comma-or-space-delimited list, /regex/, or predicate function.
--removeRange Remove version ranges from the final package version.
--retry Number of times to retry failed requests for package info. (default: 3)
--root Runs updates on the root project in addition to specified workspaces. Only allowed with --workspace or --workspaces. (default: false)
-s, --silent Don't output anything. Alias for --loglevel silent.
--stdin Read package.json from stdin.
-t, --target Determines the version to upgrade to: latest, newest, greatest, minor, patch, @[tag], or [function]. (default: latest)
--timeout Global timeout in milliseconds. (default: no global timeout and 30 seconds per npm-registry-fetch)
-u, --upgrade Overwrite package file with upgraded versions instead of just outputting to console.
--verbose Log additional information for debugging. Alias for --loglevel verbose.
-w, --workspace Run on one or more specified workspaces. Add --root to also upgrade the root project. (default: [])
-ws, --workspaces Run on all workspaces. Add --root to also upgrade the root project.

Advanced Options

Some options have advanced usage, or allow per-package values by specifying a function in your ncurc.js file.

Run ncu --help [OPTION] to view advanced help for a specific option, or see below:

doctor

Usage:

ncu --doctor
ncu --no-doctor
ncu -d

Iteratively installs upgrades and runs tests to identify breaking upgrades. Reverts broken upgrades and updates package.json with working upgrades.

Add -u to execute (modifies your package file, lock file, and node_modules)

To be more precise:

  1. Runs npm install and npm test to ensure tests are currently passing.
  2. Runs ncu -u to optimistically upgrade all dependencies.
  3. If tests pass, hurray!
  4. If tests fail, restores package file and lock file.
  5. For each dependency, install upgrade and run tests.
  6. Prints broken upgrades with test error.
  7. Saves working upgrades to package.json.

Additional options:

--doctorInstallspecify a custom install script (default: `npm install` or `yarn`)
--doctorTestspecify a custom test script (default: `npm test`)

Example:

$ ncu --doctor -u
Running tests before upgrading
npm install
npm run test
Upgrading all dependencies and re-running tests
ncu -u
npm install
npm run test
Tests failed
Identifying broken dependencies
npm install
npm install --no-save [email protected]
npm run test
  βœ“ react 15.0.0 β†’ 16.0.0
npm install --no-save [email protected]
npm run test
  βœ— react-redux 6.0.0 β†’ 7.0.0

/projects/myproject/test.js:13
  throw new Error('Test failed!')
  ^

npm install --no-save [email protected]
npm run test
  βœ“ react-dnd 10.0.0 β†’ 11.1.3
Saving partially upgraded package.json

filterResults

Filters out upgrades based on a user provided function.

filterResults runs after new versions are fetched, in contrast to filter and filterVersion, which run before. This allows you to filter out upgrades with filterResults based on how the version has changed (e.g. a major version change).

Only available in .ncurc.js or when importing npm-check-updates as a module.

/** Filter out non-major version updates.
  @param {string} packageName               The name of the dependency.
  @param {string} currentVersion            Current version declaration (may be range).
  @param {SemVer[]} currentVersionSemver    Current version declaration in semantic versioning format (may be range).
  @param {string} upgradedVersion           Upgraded version.
  @param {SemVer} upgradedVersionSemver     Upgraded version in semantic versioning format.
  @returns {boolean}                        Return true if the upgrade should be kept, otherwise it will be ignored.
*/
filterResults: (packageName, { currentVersion, currentVersionSemver, upgradedVersion, upgradedVersionSemver }) => {
  const currentMajorVersion = currentVersionSemver?.[0]?.major
  const upgradedMajorVersion = upgradedVersionSemver?.major
  if (currentMajorVersion && upgradedMajorVersion) {
    return currentMajorVersion < upgradedMajorVersion
  }
  return true
}

For the SemVer type definition, see: https://git.coolaj86.com/coolaj86/semver-utils.js#semverutils-parse-semverstring

format

Usage:

ncu --format [value]

Modify the output formatting or show additional information. Specify one or more comma-delimited values.

groupGroups packages by major, minor, patch, and major version zero updates.
ownerChangedShows if the package owner has changed.
repoInfers and displays links to the package's source code repository. Requires packages to be installed.
timeShows the publish time of each upgrade.
linesPrints name@version on separate lines. Useful for piping to npm install.

groupFunction

Customize how packages are divided into groups when using --format group.

Only available in .ncurc.js or when importing npm-check-updates as a module.

/**
  @param name             The name of the dependency.
  @param defaultGroup     The predefined group name which will be used by default.
  @param currentSpec      The current version range in your package.json.
  @param upgradedSpec     The upgraded version range that will be written to your package.json.
  @param upgradedVersion  The upgraded version number returned by the registry.
  @returns                A predefined group name ('major' | 'minor' | 'patch' | 'majorVersionZero' | 'none') or a custom string to create your own group.
*/
groupFunction: (name, defaultGroup, currentSpec, upgradedSpec, upgradedVersion) => {
  if (name === 'typescript' && defaultGroup === 'minor') {
    return 'major'
  }
  if (name.startsWith('@myorg/')) {
    return 'My Org'
  }
  return defaultGroup
}

packageManager

Usage:

ncu --packageManager [s]
ncu -p [s]

Specifies the package manager to use when looking up version numbers.

npmSystem-installed npm. Default.
yarnSystem-installed yarn. Automatically used if yarn.lock is present.
pnpmSystem-installed pnpm. Automatically used if pnpm-lock.yaml is present.
staticRegistryChecks versions from a static file. Must include the `--registry` option with the path to a JSON registry file.

Example:

$ ncu --packageManager staticRegistry --registry ./my-registry.json

my-registry.json:

{
  "prettier": "2.7.1",
  "typescript": "4.7.4"
}

peer

Usage:

ncu --peer
ncu --no-peer

Check peer dependencies of installed packages and filter updates to compatible versions.

Example:

The following example demonstrates how --peer works, and how it uses peer dependencies from upgraded modules.

The package ncu-test-peer-update has two versions published:

  • 1.0.0 has peer dependency "ncu-test-return-version": "1.0.x"
  • 1.1.0 has peer dependency "ncu-test-return-version": "1.1.x"

Our test app has the following dependencies:

"ncu-test-peer-update": "1.0.0",
"ncu-test-return-version": "1.0.0"

The latest versions of these packages are:

"ncu-test-peer-update": "1.1.0",
"ncu-test-return-version": "2.0.0"

With --peer:

ncu upgrades packages to the highest version that still adheres to the peer dependency constraints:

ncu-test-peer-update     1.0.0  β†’  1.1.0
ncu-test-return-version  1.0.0  β†’  1.1.0

Without --peer:

As a comparison: without using the --peer option, ncu will suggest the latest versions, ignoring peer dependencies:

ncu-test-peer-update     1.0.0  β†’  1.1.0
ncu-test-return-version  1.0.0  β†’  2.0.0

registry

Usage:

ncu --registry [uri]
ncu -r [uri]

Specify the registry to use when looking up package version numbers.

When --packageManager staticRegistry is set, --registry must specify a path to a JSON registry file.

target

Usage:

ncu --target [value]
ncu -t [value]

Determines the version to upgrade to. (default: "latest")

greatestUpgrade to the highest version number published, regardless of release date or tag. Includes prereleases.
latestUpgrade to whatever the package's "latest" git tag points to. Excludes pre is specified.
minorUpgrade to the highest minor version without bumping the major version.
newestUpgrade to the version with the most recent publish date, even if there are other version numbers that are higher. Includes prereleases.
patchUpgrade to the highest patch version without bumping the minor or major versions.
@[tag]Upgrade to the version published to a specific tag, e.g. 'next' or 'beta'.

You can also specify a custom function in your .ncurc.js file, or when importing npm-check-updates as a module:

/** Upgrade major version zero to the next minor version, and everything else to latest.
  @param dependencyName The name of the dependency.
  @param parsedVersion A parsed Semver object from semver-utils.
    (See https://git.coolaj86.com/coolaj86/semver-utils.js#semverutils-parse-semverstring)
  @returns One of the valid target values (specified in the table above).
*/
target: (dependencyName, [{ semver, version, operator, major, minor, patch, release, build }]) => {
  if (major === '0') return 'minor'
  return 'latest'
}

Interactive Mode

Choose which packages to update in interactive mode:

ncu --interactive
ncu -i

ncu --interactive

Combine with --format group for a truly luxe experience:

ncu --interactive --format group

Config File

Use a .ncurc.{json,yml,js,cjs} file to specify configuration information. You can specify the file name and path using --configFileName and --configFilePath command line options.

For example, .ncurc.json:

{
  "upgrade": true,
  "filter": "svelte",
  "reject": ["@types/estree", "ts-node"]
}

If you write .ncurc config files using json or yaml, you can add the JSON Schema to your IDE settings for completions.

e.g. for VS Code:

  "json.schemas": [
    {
      "fileMatch": [
        ".ncurc",
        ".ncurc.json",
      ],
      "url": "https://raw.githubusercontent.com/raineorshine/npm-check-updates/main/src/types/RunOptions.json"
    }
  ],
  "yaml.schemas": {
    "https://raw.githubusercontent.com/raineorshine/npm-check-updates/main/src/types/RunOptions.json": [
        ".ncurc.yml",
    ]
  },

Module/Programmatic Usage

npm-check-updates can be imported as a module:

import ncu from 'npm-check-updates'

const upgraded = await ncu.run({
  // Pass any cli option
  packageFile: '../package.json',
  upgrade: true,
  // Defaults:
  // jsonUpgraded: true,
  // silent: true,
})

console.log(upgraded) // { "mypackage": "^2.0.0", ... }

Contributing

Contributions are happily accepted. I respond to all PR's and can offer guidance on where to make changes. For contributing tips see CONTRIBUTING.md.

Problems?

File an issue. Please search existing issues first.

More Repositories

1

solgraph

Visualize Solidity control flow for smart contract security analysis. πŸ’΅ ⇆ πŸ’΅
JavaScript
969
star
2

solidity-by-example

A collection of short yet fully-functional contracts that demonstrate Solidity language features.
JavaScript
413
star
3

solidity-repl

Ethereum Solidity REPL
JavaScript
389
star
4

shackles

A minimal chaining library with tapping and logging
JavaScript
74
star
5

functional-solidity-language

A typed, functional language that targets the EVM.
JavaScript
54
star
6

solidity-sha3

Solidity sha3 in Javascript.
JavaScript
45
star
7

web3-fake-provider

A mock provider class that can be used with Ethereum web3.js
JavaScript
26
star
8

eth-batch-send

Send ETH from one address to many.
JavaScript
22
star
9

updatehammer

Forcefully update all dependencies to latest versions and save to package.json
CoffeeScript
22
star
10

generate-contract-interface

Generates an abstract contract in Solidity from a given contract.
JavaScript
18
star
11

wordsoap

Clean up dirty HTML output from Microsoft Word
HTML
15
star
12

yogini

Simple, prompt-driven scaffolding for continuously evolving boilerplates.
JavaScript
15
star
13

wait-transaction

A promisified web3.eth.sendTransaction that waits for confirmation.
JavaScript
13
star
14

signal

A time-decay habit tracker
JavaScript
12
star
15

eth-new-contract

Compile and deploy Solidity contracts straight from source.
JavaScript
12
star
16

cint

A Javascript utility belt with an emphasis on Functional Programming.
JavaScript
11
star
17

y-websocket-auth

Websockets provider for Yjs with access token authentication
JavaScript
10
star
18

creatable

Elegant HTML generation. No templates. Just Javascript.
JavaScript
10
star
19

dotfiles

Store your dotfiles in a repo and symlink them to your home directory.
Shell
9
star
20

spawn-please

Easy and small child_process.spawn
JavaScript
8
star
21

emitter20

A small event emitter with no dependencies.
JavaScript
8
star
22

generate-contract-factory

Generates a factory solidity contract that instantiates a contract and returns its address.
JavaScript
8
star
23

workflowy-hyperlinks

Hyperlinks for Workflowy chrome extension
JavaScript
7
star
24

memrise-export

Export all words from a Memrise course to a CSV file
JavaScript
7
star
25

multisigwallet

A simple, Ethereum multisig wallet contract
JavaScript
7
star
26

elmfire-extra-hello-world

elmfire-extra example #1: Hello World
Elm
6
star
27

freebusy

Determine free blocks from a list of events and free/busy rules.
JavaScript
6
star
28

fp-and-or

Simple `and` and `or` functional programming predicates
JavaScript
5
star
29

sol-decimal

A Solidity Decimal type.
JavaScript
5
star
30

hammerspoon-config

Simultaneous VI Mode
Lua
4
star
31

y-lazy-graph

An offline-first, lazy-loaded, reactive graph type using yjs subdocuments.
TypeScript
4
star
32

karabiner-config-to-markdown

Convert a Karabiner config to markdown.
JavaScript
3
star
33

cute-animals

Generate random adj-animal combinations with kid-friendly names.
JavaScript
3
star
34

generator-nodestrap

Yeoman generator for a Heroku-ready, coffee-fueled web stack.
CoffeeScript
3
star
35

marked-terminal-cli

A better way to read README's in the cli!
JavaScript
3
star
36

JsonTest

JSON validation & testing stack using Orderly + JSON Schema + QUnit
JavaScript
3
star
37

multisigwallet-ui

UI for https://github.com/raineorshine/multisigwallet
JavaScript
3
star
38

mutable-immutable-ledger

An Ethereum smart contract that allows anyone to store mutable or immutable data.
JavaScript
3
star
39

split-multiple-imports

Splits multiple names in a single es module import into multiple lines.
TypeScript
3
star
40

crypto-gains

Calculate crypto gains using like-kind exchanges before January 1, 2018.
TypeScript
3
star
41

indexeddb-benchmark

IndexedDB performance benchmark
TypeScript
2
star
42

sweet-compose

Sweet js macro for function composition
JavaScript
2
star
43

wispy

Reversible alternative syntax for Javascript
JavaScript
2
star
44

spacedoutcss

A css micro-framework for evenly spacing elements
2
star
45

sublime-text-settings

Backup of my Sublime Text Packages and Settings
JavaScript
2
star
46

rm-diff-consoles

Removes all console.log statements from all staged files in a git repository.
TypeScript
2
star
47

shelter-text

Node server that responds to texts with a list of shelter bed availability.
JavaScript
2
star
48

weak-array-map

WeakMap with support for shallow equal arrays as keys
JavaScript
2
star
49

reduce-promises

Serially executes promise-returning functions and reduces the results with the given accumulator.
JavaScript
1
star
50

boilerplates

boilerplates for a few different basic directory structures
JavaScript
1
star
51

ncu-test-pre1

A package that publishes minor and patch versions before v1
1
star
52

elmfire-extra-example3

elmfire-extra example #3: decoding key-value pairs.
Elm
1
star
53

promise-guard

Resolve a collection of Promises while guarding against certain rejections
JavaScript
1
star
54

dereference-art

JavaScript
1
star
55

nativity

Safely add methods to native object prototypes
CoffeeScript
1
star
56

bip39-phrase-maker

Convert ascii strings into bip39 phrases.
JavaScript
1
star
57

eth-tail-recursion

An analysis of tail recursion in the EVM
JavaScript
1
star
58

workflowy-data-analysis

JavaScript
1
star
59

brogramming

Programming for bros - learn to program with javascript.
1
star
60

karabiner-config

Raine's Karabiner Config
JavaScript
1
star
61

boulderwebguru

Source code for boulderwebguru.com
1
star
62

cost-basis-filler

πŸ’°β“Generate missing cost basis for unknown crypto purchases from day-of historical price.
JavaScript
1
star
63

client-calendar-parser

Parses client sessions from an ical file and outputs a simple csv log.
JavaScript
1
star
64

striate

Whitespace-friendly templating
JavaScript
1
star
65

sieve-builder

Generates a sieve script from a simple JSON specification
JavaScript
1
star
66

liqui-interest-checker

JavaScript
1
star
67

isERC20

Simple CLI that can tell you whether a token is an ERC20 token
JavaScript
1
star
68

ncu-test-tag

A package that publishes a variety of prereleases to different tags.
1
star
69

generator-truffle-dapp

A generator for a truffle-based ethereum dapp.
JavaScript
1
star
70

qwerty-to-colemak

Look up the COLEMAK key for a given QWERTY keyboard key press (or vice versa).
JavaScript
1
star
71

functions-to-modules

Move all exported functions from one module into separate modules.
JavaScript
1
star
72

elmfire-extra-example2

elmfire-extra example #2: decoding a simple object.
Elm
1
star
73

simplifiedavailability

Generates a simple text list of your availability from your Google Calendar
Sass
1
star
74

use-swipe-to-dismiss

A simple React hook to dismiss an element by swiping
TypeScript
1
star
75

hackfest

Our hackfest projects
JavaScript
1
star
76

creatable-home

Home page for Creatable
1
star