th0r / npm-upgrade Goto Github PK

View Code? Open in Web Editor NEW

339.0 7.0 29.0 749 KB

Interactive CLI utility to easily update outdated NPM dependencies

License: MIT License

JavaScript 100.00%

npm update upgrade outdated packages interactive cli changelog deps

npm-upgrade's Introduction

npm-upgrade

Interactive CLI utility to easily update outdated NPM dependencies with changelogs inspection support.

What is this for?

If you are tired of manually upgrading package.json every time your package dependencies are getting out of date then this utility is for you.

Take a look at this demo:

Installation

First, install Node.js (at least v10.19).

Then install this utility as global npm-module:

npm i -g npm-upgrade

Usage

This utility is supposed to be run in the root directory of your Node.js project (that contains package.json). Run npm-upgrade --help to see all available top-level commands:

check [filter]          Check for outdated modules
ignore <command>        Manage ignored modules
changelog <moduleName>  Show changelog for a module

Run npm-upgrade <command> --help to see usage help for corresponding command. check is the default command and can be omitted so running npm-upgrade [filter] is the same as npm-upgrade check [filter].

`check` command

It will find all your outdated deps and will ask to updated their versions in package.json, one by one. For example, here is what you will see if you use outdated version of @angular/common module:

Update "@angular/common" in package.json from 2.4.8 to 2.4.10? (Use arrow keys)
❯ Yes
  No
  Show changelog
  Ignore
  Finish update process

Yes will update @angular/common version in package.json to 2.4.10, but not immediately (see explanation below)
No will not update this module version.
Show changelog will try to find changelog url for the current module and open it in default browser.
Ignore will add this module to the ignored list (see details in Ignoring module section below).
Finish update process will ...hm... finish update process and save all the changes to package.json.

A note on saving changes to package.json: when you choose Yes to update some module's version, package.json won't be immediately updated. It will be updated only after you will process all the outdated modules and confirm update or when you choose Finish update process. So if in the middle of the update process you've changed your mind just press Ctrl+C and package.json will remain untouched.

If you want to check only some deps, you can use filter argument:

# Will check only `babel-core` module:
npm-upgrade babel-core

# Will check all the deps with `babel` in the name:
npm-upgrade '*babel*'

# Note quotes around `filter`. They are necessary because without them bash may interpret `*` as wildcard character.

# Will check all the deps, excluding any with `babel` in the name:
npm-upgrade '!*babel*'

# You can combine including and excluding rules:
npm-upgrade '*babel* !babel-transform-* !babel-preset-*'

If you want to check only a group of deps use these options:

-p, --production   Check only "dependencies"
-d, --development  Check only "devDependencies"
-o, --optional     Check only "optionalDependencies"

Alternatively, you can use the -g (--global) flag to upgrade your global packages. Note that this flag is mutually exclusive and npm-upgrade will only recognise the global flag if supplied with others. Also Note that this option will automatically attempt to upgrade your global packages using npm install -g <package>@<new-version>.

Ignoring module

Sometimes you just want to ignore newer versions of some dependency for some reason. For example, you use jquery v2 because of the old IE support and don't want npm-upgrade to suggest you updating it to v3. Or you use [email protected] and know that the new version 6.6.6 contains a bug that breaks your app.

You can handle these situations by ignoring such modules. You can do it in two ways: choosing Ignore during update process or using npm ignore add command.

You will asked two questions. First is a version range to ignore. It should be a valid semver version. Here are a few examples:

6.6.6 - will ignore only version 6.6.6. When the next version after 6.6.6 will be published npm-upgrade will suggest to update it. Can be used in some-funky-module example above.
>2 - will ignore all versions starting from 3.0.0. Can be used in jquery v2 example above.
6.6.x || 6.7.x - will ignore all 6.6.x and 6.7.x versions.
* - will ignore all new versions.

And after that npm-upgrade will ask about the ignore reason. The answer is optional but is strongly recommended because it will help to explain your motivation to your сolleagues and to yourself after a few months.

All the data about ignored modules will be stored in .npm-upgrade.json file next to your project's package.json.

`ignore` command

It will help you manage ignored modules. See Ignoring module section for more details. It has the following subcommands:

npm-upgrade ignore <command>

Commands:
  add [module]        Add module to ignored list
  list                Show the list of ignored modules
  reset [modules...]  Reset ignored modules

add - will add a module from your deps to ignored list. You can either provide module name as optional module argument or interactively select it from the list of project's deps.
list - will show the list of currently ignored modules along with their ignored versions and reasons.
reset - will remove modules from the ignored list. You can either provide module names as modules argument (separated by space) or interactively select them from the list of project's deps.

`changelog` command

npm-upgrade changelog <moduleName>

Will try to find changelog url for provided module and open it in default browser.

Troubleshooting

Wrong changelog shown for <moduleName> or not shown at all!

Yes, It can happen sometimes. This is because there is no standardized way to specify changelog location for the module, so it tries to guess it, using these rules one by one:

Check db/changelogUrls.json from master branch on GitHub or the local copy if it's unreachable.
Check changelog field from module's package.json.
Parse module's repository.url field and if it's on GitHub, try to request some common changelog files (CHANGELOG.md, History.md etc.) from master branch and if it fails, open Releases page.

So, if it guessed wrong it would be great if you could either fill an issue about this or submit a PR which adds proper changelog URL to db/changelogUrls.json. There is a tool in the repository for you to make it as easy as possible:

./tools/addModuleChangelogUrlToDb.js <moduleName> <changelogUrl>

License

MIT

npm-upgrade's People

Contributors

Stargazers

Watchers

npm-upgrade's Issues

Feature sugestion: Select version

Would be nice other option in the upgrade menu, to list and select different versions of package to update, between the current and latest ou even previous

Upgrade without ask at each packages

Hello thank for your great package

But it's possible to upgrade without ask if i want upgrade on each packages ?
like npm-upgrade -y for "yes for all"

ERROR: Error loading package.json: Unexpected token } in JSON at position 766

Looking into a fix

Ignore list doesn't work with maping react to preact

I have a project with Next.js and Preact and I have to map react to preact in package.json like:
"react": "npm:@preact/[email protected]"

When I add it to .npm-upgrade.json to be ignored, even when I use "*" in "versions" npm-upgrade doesn't see it and proposes to install a newer version.

.npm-upgrade.json

{
  "ignore": {
    "react": {
      "versions": "*",
      "reason": "version 17.0.3 breaks Next.js"
    }
}

I tried multiple combinations with provided "versions" and none of them work.

[Feature] To help prevent downloading hijacked or broken packages, warn if the package has been released less than 72 hours ago.

Recently the ecosystem is getting quite a lot of packages hijacked.
One way I try to prevent using those packages is not updating to any version released less than 72 hours ago, which is time enough for the maintainers of any big package to realize what's up and unpublish the contaminated version on npm.

This could be also very useful for people that like to download only versions that have already passed the "real world smoke test".

I propose that on the update prompt, you warn if the package was released less than 72 (blue), 48 (yellow) or 24 (red) hours ago.

Support NPM 7 Workspaces

It would be awesome if this library could support NPM 7 Workspaces, allowing its users to easily upgrade dependencies in a monorepo project.

-y, --yes option

Would be nice to have an option that automatically accepts all available upgrades, e.g.;

$ npm-upgrade -y -p
$ npm-upgrade -y -do
$ npm-upgrade -y

Add feature to postprone module updates

It will help a lot when you want to postprone updating of some modules and not to answer N every time you run npm-upgrade.

Usage with custom registry

I am pointing npm to another registry (verdaccio) by running

npm set cafile <local/path>/ca-certificates.crt
$ npm set registry https://npm-registry.foo.bar.com:1337/
$ npm login

Using the private registry works like charm.

If I run npm-upgrade, it throws

FetchError: request to https://npm-registry.foo.bar.com:1337//some-package failed, reason: self signed certificate in certificate chain
    at ClientRequest.<anonymous> (C:\tools\node\node_modules\npm-upgrade\node_modules\minipass-fetch\lib\index.js:97:14)

Any Idea how to fix this?

It would be great if you could fill an issue about this here: [object Object]

? Update "clipboard" in package.json from ~1.5.3 to ~1.5.5? Show changelog
Trying to find changelog URL...
Sorry, we haven't found changelog URL for clipboard module.
It would be great if you could fill an issue about this here: [object Object]
Thanks a lot!

Clipboard.js doesn't have any URLs in the package.json.

Update lock file after update

After running

npx npm-upgrade

running

npm ci

fails as the lock file is out-of-date (storybook dependency example)

npm ERR! Invalid: lock file's @[email protected] does not satisfy @storybook@^5.0.5

To rectify this one must either install the modules with those versions, negating the reason to use this package, or use the default npm i which will update to the latest minor versions, but this not ideal as this will also update many other packages.

Please consider updating the lock file after a package has been upgraded?

add support for time out option

Hello,

Could you please add support for a timeout option such as ncu --timeout 100000

Not enough information in error message for `invalid json`

This all that outputed when parsing of json fails. Full path to parsed file should be enough.

Checking for outdated dependencies filtered with @boxy/* for "C:\CSSSR\portal-web\package.json"...

[====================] 745/748 99%SyntaxError: Unexpected end of JSON input while parsing near '...eact-spring/sponsor/0'
    at JSON.parse (<anonymous>)
    at parseJson (C:\Users\Mikhail\AppData\Roaming\npm-cache\_npx\13788\node_modules\npm-upgrade\node_modules\json-parse-better-errors\index.js:7:17)
    at consumeBody.call.then.buffer (C:\Users\Mikhail\AppData\Roaming\npm-cache\_npx\13788\node_modules\npm-upgrade\node_modules\node-fetch-npm\src\body.js:96:50)
    at process._tickCallback (internal/process/next_tick.js:68:7)

Ask about @types after asking about the main package

It would be nice if the tool asked what to do for a package before asking what to do with the corresponding @types package.

For example, suppose that I am using yargs in a TypeScript project. If it needs to be updated, it is likely that both yargs and @types/yargs will need to be updated.

Since the tool walks through the dependencies alphabetically, it will ask about @types/yargs before yargs. The problem is that the @types packages does not have a changelog that can help me understand if the update is safe or needs attention. Ideally, I would like to first review the main package, possibly looking at the changelog, and only then decide on updating the @types.

Unable to use npm-upgrade on private registry - error E401 authorization required

Hi, I have set in the .npmrc of my progect the authentication to my private registry //private_registry.example.com/:_authToken=${NPM_TOKEN} and in the .env file NPM_TOKEN="MY_SECRET_NPM_TOKEN" .

I have also the authentication setted in the global .npmrc in C:\Users\myusername with //private_registry.example.com/:_authToken="MY_SECRET_NPM_TOKEN"

Infact I can run npm install without problem, but when I run npm-upgrade I get this error:

HttpErrorAuthUnknown: Unable to authenticate, need: Basic, Bearer

at C:\Users\...\node_modules\npm-upgrade\node_modules\npm-registry-fetch\check-response.js:113:17
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async viewMany (C:\Users\...\node_modules\npm-upgrade\node_modules\npm-check-updates\lib\package-managers\npm.js:136:18)
at async viewOne (C:\Users\...\node_modules\npm-upgrade\node_modules\npm-check-updates\lib\package-managers\npm.js:119:18)
at async latest (C:\Users\...\node_modules\npm-upgrade\node_modules\npm-check-updates\lib\package-managers\npm.js:272:20)
at async getPackageVersionProtected (C:\Users\...\node_modules\npm-upgrade\node_modules\npm-check-updates\lib\versionmanager.js:403:22)
at async C:\Users\...\node_modules\npm-upgrade\node_modules\p-map\index.js:57:22

{
  headers: [Object: null prototype] {
    server: [ 'nginx/1.18.0' ],
    date: [ 'Fri, 01 Jul 2022 07:26:01 GMT' ],
    'content-type': [ 'application/json; charset=utf-8' ],
    'content-length': [ '82' ],
    connection: [ 'keep-alive' ],
    'x-powered-by': [ 'verdaccio/4.11.0' ],
    'access-control-allow-origin': [ '*' ],
    'www-authenticate': [ 'Basic, Bearer' ],
    etag: [ 'W/"52-tcacakHnqE02WGK7MdceFfe1RVE"' ],
    vary: [ 'Accept-Encoding' ],
    'x-fetch-attempts': [ '1' ]
  },
  statusCode: 401,
  code: 'E401',
  method: 'GET',
  uri: 'https:///private_registry.example.com/@somepackage',
  body: {
    error: 'authorization required to access package @somepackage'
  },
  pkgid: '@somepackage'
}

No changelog found for html-validate

Sorry, we haven't found any changelog URL for html-validate module.

Repo: https://gitlab.com/html-validate/html-validate/
Package: https://gitlab.com/html-validate/html-validate/-/blob/master/package.json
Changelog: https://gitlab.com/html-validate/html-validate/-/blob/master/CHANGELOG.md

Use same indentation as original package.json

The projects I'm working on use 4 space indentation for package.json, using npm-upgrade on these files will result in a package.json with 2 space indentation.

Would you be interested in a PR implementing detect-indent to fix this annoyance?

Do not print package.json in the end

I’ve never used this feature but often I want to check versions of updated packages before and after. So a short summary would be more useful in my opinion.

I think something like this would be more useful:

These packages will be updated:

  jss                        ^9.3.3   →    ^9.4.0
  jss-default-unit           ^8.0.0   →    ^8.0.2
  q-i                        ^1.2.0   →    ^2.0.0
  babel-jest                ^21.2.0   →   ^22.0.3

? Update packages?
❯ Yes
  No
  Show package.json

What do you think?

`npm 3` progress bar appears during upgrade process

Setting progress = false config setting should fix it.

Should take deprecated notices into account

I was prompted to update supertest to v6.1.1 even though it was deprecated.

ladjs/supertest#700

Exits dialog too soon (after first interaction)

Hi! When I run npm-upgrade, after I choose what to do with the first dependency, the process shows me the dialog to choose what to do with the next one, but it also exits the program, giving me the command prompt again. Should I use another key instead of enter?

// npm-upgrade 1.3.0
// Windows 10 64
// Node 10.7.0
// npm 6.2.0

Cant find changelog URL for eslint-plugin-jsdoc

? Update "eslint-plugin-jsdoc" in package.json from ^22.0.1 to ^22.1.0? Show changelog Trying to find changelog URL... Sorry, we haven't found any changelog URL for eslint-plugin-jsdoc module. It would be great if you could fill an issue about this here: https://github.com/th0r/npm-upgrade/issues Thanks a lot!

the github page is here: https://github.com/gajus/eslint-plugin-jsdoc

but it should point to here: https://github.com/gajus/eslint-plugin-jsdoc/releases

Repository assets

Using v3 of npm-check-updates is vulnerable to CVE-2020-8116.

dot-prop is pulled in to this module by the dependency chain [email protected] > [email protected] > [email protected] > [email protected] > dot-prop@^4.1.0.

dot-prop at 5.1.0 and earlier is subject to CVE-2020-8116:

Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

This is resolved in npm-check-updates in version 4. I've made PR #40 as a speculative fix.

Exception when using npm-upgrade : TypeError: Invalid Version: undefined

see:

PS D:\csharp\git\github\common\astexplorer\website> npm-upgrade
Checking for outdated production, optional, development, peer and bundled dependencies for "D:\csharp\git\github\common\astexplorer\website\package.json"...
[====================] 160/160 100%
TypeError: Invalid Version: undefined
    at new SemVer (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\semver\classes\semver.js:38:13)
    at outside (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\semver\ranges\outside.js:12:13)
    at Object.ltr (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\semver\ranges\ltr.js:3:42)
    at isUpgradeable (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\npm-check-updates\lib\versionmanager.js:120:17)
    at C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\npm-check-updates\lib\versionmanager.js:65:67
    at C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\lodash\lodash.js:13658:16
    at basePickBy (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\lodash\lodash.js:3825:13)
    at Function.pickBy (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\lodash\lodash.js:13657:14)
    at C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\lodash\lodash.js:4430:28
    at arrayReduce (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\lodash\lodash.js:697:21)
    at baseWrapperValue (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\lodash\lodash.js:4429:14)
    at LodashWrapper.wrapperValue (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\lodash\lodash.js:9114:14)
    at Object.upgradeDependencies (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\node_modules\npm-check-updates\lib\versionmanager.js:73:6)
    at Object.<anonymous> (C:\Users\jkuehner\AppData\Roaming\npm\node_modules\npm-upgrade\lib\commands\check.js:154:51)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
PS D:\csharp\git\github\common\astexplorer\website>

Match indentation in .npm-upgrade.json to package.json

Related to #21, I was wondering if we could use the same technique to specify the indentation for the generated .npm-upgrade.json.

@th0r, would you be interested in a PR for this as well?

No arrow key moves

I tried npm-upgrade

the arrow it doesn't move but I can hit enter for Yes.

I tried on Win64bit using Cygwin

Feature suggestion: Create separate commits per upgraded package

Hello, thanks for an amazing tool.

I want to update packages with separate commits (including lockfile) per package and I recently started working on a PoC for that feature in a fork.

However, I thought you might actually find this feature useful because it's such a tiny addition.

My PoC that works assuming yarn:
master...olpeh:5897e9f68c5d6d4d1d4f3afccdd0ba7579e82f95

What do you think about this?
If this is something that sounds useful, I can try to improve this PoC and create a PR about it.

Some things to be solved though:

How to know if the user wants to use yarn or npm?
How to check if a yarn.lock or package-lock.json exists?

Semver issue..

Hi,

I'm working with this project mui-datatables npm versions
that change it's name convention not a long time ago using the right semver convention
https://semver.org/#spec-item-11

Problem is here :

And when I try using npm-upgrade, it propose me an older version (and didn't find newer starting with -beta-54

Can you help with that ?
Thanks,

changelog in a subfolder

Hi,

my changelog is https://github.com/fibo/algebra/blob/master/gh-pages/changelog.md

Can npm-upgrade support it?

A part that the filename is not in the list of known changelog filenames, it is in a subfolder.
In particular, I want the changelog to be available on GitHub Pages project website, hence it is in a subfolder.

'report' command

It would be useful to have a 'report' command that just outputs the 'tables with update info' but does not require user interaction. Same as 'check' command but with automatic finish and no update.
One can then use it in CI tools to remind us of packages that should be upgraded.

As a workaround for now one can pipe ctrl-C before invoking npm-upgrade
printf '^C' | npm-upgrade

-yes argv for auto yes

can we have "--yes" argv for auto choose yes
and a "--install" agrv for auto run npm install after

Support NPM workspaces

Please consider supporting NPM workspaces.

https://docs.npmjs.com/cli/v7/using-npm/workspaces

Assuming most of the tool works off of package-lock.json, then this affects the question at the end to update package.json, which should also ask to update other package.json files in the workspace packages.

Update npm-check-updates dependency to avoid ANSI-REGEX vulnerabilities

Update npm-check-updates dependency to avoid ANSI-REGEX vulnerabilities:

Filename: ansi-regex:3.0.0 | Reference: 1081982 | CVSS Score: 7.0 | Category: | ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service.
Filename: ansi-regex:4.1.0 | Reference: 1081983 | CVSS Score: 7.0 | Category: | ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service

Wrong change log resolve for babel cli

The version update for babel cli seems to be correct but "show changelog" links to the wrong branch "master", but the new one is "main".

I'm not sure if this is a config issue in babel cli or an auto resolve issue in npm-upgrade. I would guess the later one, because I could not find any reference to the change log in the package file in babel.

peerDependency version messes up devDependency version update

In my package I specify a peer dependency to a React version:

{
    "peerDependencies": {
        "react": ">=16.3"
    }
}

For development I've also installed React as a dev dependency:

{
    "devDependencies": {
        "react": "16.11.0"
    }
}

Now, when I run npm-upgrade it suggest bumping the devDependencies React to >=16.12 instead of 16.12.0.

In my opinion, it should always respect the scheme of the version to be bumped, instead of in this case using the scheme from peerDependencies.

Changelogs do not work anymore

Tried with different projects and packages.

❯ npm-upgrade
Checking for outdated dependencies for "/Users/sapegin/izumi/concord-app/package.json"...

New versions of modules available:

  babel-core          5.8.33   →         6.3.17
  babel-loader         5.3.2   →          6.2.0
  history             1.13.1   →         1.16.0
  immutable            3.7.5   →          3.7.6
  raven-js            ~1.2.0   →     ~2.0.0-rc1
  react-day-picker     1.1.5   →          1.2.0
  vis                  4.8.2   →         4.10.0
  babel               ^5.8.3   →        ^6.3.13
  babel-eslint        ~4.1.6   →   ~5.0.0-beta6
  postcss            ^5.0.12   →        ^5.0.13

? Update "babel-core" in package.json from 5.8.33 to 6.3.17? Show changelog
Trying to find changelog URL...
Error: Call npm.load(config, cb) before using this command.
See the README.md or cli.js for example usage.
    at Object.defineProperty.get [as view] (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/npm/lib/npm.js:179:15)
    at /Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/lib/packageUtils.js:86:50
    at new Promise (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/core-js/library/modules/es6.promise.js:197:7)
    at Object.callee$0$0$ (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/lib/packageUtils.js:83:50)
    at tryCatch (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/babel-runtime/regenerator/runtime.js:72:40)
    at GeneratorFunctionPrototype.invoke [as _invoke] (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/babel-runtime/regenerator/runtime.js:334:22)
    at GeneratorFunctionPrototype.prototype.(anonymous function) [as next] (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/babel-runtime/regenerator/runtime.js:105:21)
    at tryCatch (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/babel-runtime/regenerator/runtime.js:72:40)
    at invoke (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/babel-runtime/regenerator/runtime.js:146:20)
    at /Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/babel-runtime/regenerator/runtime.js:191:11
    at new Promise (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/core-js/library/modules/es6.promise.js:197:7)
    at callInvokeWithMethodAndArg (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/babel-runtime/regenerator/runtime.js:190:16)
    at AsyncIterator.enqueue (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/babel-runtime/regenerator/runtime.js:211:37)
    at AsyncIterator.prototype.(anonymous function) [as next] (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/babel-runtime/regenerator/runtime.js:105:21)
    at Object.runtime.async (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/node_modules/babel-runtime/regenerator/runtime.js:228:12)
    at Object.callee$0$0 (/Users/sapegin/.nvm/versions/node/v0.12.8/lib/node_modules/npm-upgrade/lib/packageUtils.js:79:32)

❯ node -v
v0.12.8
❯ npm -v
3.5.3

Allow partial updates

The updates are all applied at once. It would be great if it applied them to the package.json file as you go.

It does not actually update the package, just the package.json

When I run the latest version it finds the two that need updating and on each one I select yes. It says yes in the console output. Nothing happens and then the package json prompt comes up and a "Y" here does change the file. I am using node v4, npm 3, and npm-upgrade 0.6.1.

Also,

I find that npm upgrade fails often especially node-gyp stuff. So, can there be an option to uninstall and install instead of upgrade. Thanks

Bypass SSL security for internal use

Hi,

We have an issue :
npm-upgrade 2.0.3

npm-upgrade
Checking for outdated dependencies for "package.json"...
[--------------------] 0/64 0%(node:9572) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
FetchError: request to https://nexus/repository/npm-all/@date-io%2fdate-fns failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (\npm\node_modules\npm-upgrade\node_modules\minipass-fetch\lib\index.js:97:14)
    at ClientRequest.emit (events.js:315:20)
    at TLSSocket.socketErrorListener (_http_client.js:426:9)
    at TLSSocket.emit (events.js:327:22)
    at emitErrorNT (internal/streams/destroy.js:92:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
    at processTicksAndRejections (internal/process/task_queues.js:84:21) {
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  type: 'system'
}

How can I disable https certification verification ?
Thanks,

no changelog found for xo

? Update "xo" in package.json from ^0.29.0 to ^0.30.0? Show changelog
Trying to find changelog URL...
Sorry, we haven't found any changelog URL for xo module.
It would be great if you could fill an issue about this here: https://github.com/th0r/npm-upgrade/issues
Thanks a lot!

https://github.com/xojs/xo

Support global packages

First of all thanks for this tool, its is a real time saver.

Have you considered upgrading packages installed globally with -g flag?

Cannot find changelog for `@nrwl/nx-cloud`

Just want to file the issue as the log asks for - but it was no problem 🙂
Great Tool 👍

? Update "@nrwl/nx-cloud" in package.json from 14.2.0 to 14.3.0? Show changelog
Trying to find changelog URL...                                                
Sorry, we haven't found any changelog URL for @nrwl/nx-cloud module.                                    
It would be great if you could fill an issue about this here: https://github.com/th0r/npm-upgrade/issues
Thanks a lot!

Babel Changelog URL ist outdated

Babel Upgrades point to the old Changelog: https://github.com/babel/babel/blob/master/CHANGELOG.md
This is the new one: https://github.com/babel/babel/blob/main/CHANGELOG.md

The branch name changed from master to main.

Only one dependency block updated

Thanks for this great tool!

I'm using dependencies, peerDependencies and devDependencies in my project. Whenever I have one module in more than one of the dependency blocks, it is updated only in the first block. Could you please add an option, so I can update dependencies in all blocks simultaneously?

% npm-upgrade --version
3.1.0
% npm-upgrade fastly 
Checking for outdated production, optional, development, peer and bundled dependencies filtered with fastly for "xxxx/package.json"...
[====================] 85/85 100%

New versions of active modules available:

  fastly   ^3.3.1   →   ^4.2.2 

? Update "fastly" in package.json from ^3.3.1 to ^4.2.2? Show changelog
Trying to find changelog URL...
Sorry, we haven't found any changelog URL for fastly module.
It would be great if you could fill an issue about this here: https://github.com/th0r/npm-upgrade/issues
Thanks a lot!

Test if newer version break the tests before update

Probably would be cool if it is an answer, so when you select it, it will run npm test (by default) and if it breaks it probably ask you if you are sure to upgrade or not.

I got that idea from next-update, but i want to use npm-upgrade.

Setting Repository

Would it be possible to enable setting a repository flag (like npm)?

I am currently using a private repo that does not support npm update (thx nexus).

And therefore usually switch to the official npm repo for that.

Could you put that functionality into npm-upgrade?

th0r / npm-upgrade Goto Github PK

npm-upgrade's Introduction

npm-upgrade

What is this for?

Installation

Usage

check command

Ignoring module

ignore command

changelog command

Troubleshooting

License

npm-upgrade's People

Contributors

Stargazers

Watchers

Forkers

npm-upgrade's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs

`check` command

`ignore` command

`changelog` command