Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@oclif/plugin-warn-if-update-available
Advanced tools
Changelog
Readme
warns if there is a newer version of CLI released
This plugin shows a warning message if a user is running an out of date CLI.
This checks the version against the npm registry asynchronously in a forked process once every 60 days by default (see Configuration for how to configure this). It then saves a version file to the cache directory that will enable the warning. The upside of this method is that it won't block a user while they're using your CLI—the downside is that it will only display after running a command that fetches the new version.
Add the plugin to your project with yarn add @oclif/plugin-warn-if-update-available
, then add it to the package.json
of the oclif CLI:
{
"name": "mycli",
"version": "0.0.0",
// ...
"oclif": {
"plugins": ["@oclif/plugin-help", "@oclif/plugin-warn-if-update-available"]
}
}
In package.json
, set oclif['warn-if-update-available']
to an object with
any of the following configuration properties:
timeoutInDays
- Duration between update checks. Defaults to 60.message
- Customize update message.registry
- URL of registry. Defaults to the public npm registry: https://registry.npmjs.org
authorization
- Authorization header value for registries that require auth.frequency
- The frequency that the new version warning should be shown.frequencyUnit
- The unit of time that should be used to calculate the frequency (days
, hours
, minutes
, seconds
, milliseconds
). Defaults to minutes
.{
"oclif": {
"plugins": ["@oclif/plugin-warn-if-update-available"],
"warn-if-update-available": {
"timeoutInDays": 7,
"message": "<%= config.name %> update available from <%= chalk.greenBright(config.version) %> to <%= chalk.greenBright(latest) %>.",
"registry": "https://my.example.com/module/registry",
"authorization": "Basic <SOME READ ONLY AUTH TOKEN>"
}
}
}
Once a new version has been found, the default behavior is to notify the user on every command execution. You can modify this by setting the frequency
and frequencyUnit
options.
Examples
Once every 10 minutes.
{
"oclif": {
"warn-if-update-available": {
"frequency": 10
}
}
}
Once every 6 hours.
{
"oclif": {
"warn-if-update-available": {
"frequency": 6,
"frequencyUnit": "hours"
}
}
}
Once a day.
{
"oclif": {
"warn-if-update-available": {
"frequency": 1,
"frequencyUnit": "days"
}
}
}
Once every 30 seconds.
{
"oclif": {
"warn-if-update-available": {
"frequency": 30,
"frequencyUnit": "seconds"
}
}
}
<CLI>_SKIP_NEW_VERSION_CHECK
: Skip this version check<CLI>_FORCE_VERSION_CACHE_UPDATE
: Force the version cache to update<CLI>_NEW_VERSION_CHECK_FREQ
: environment variable override for frequency
setting<CLI>_NEW_VERSION_CHECK_FREQ_UNIT
: environment variable override for frequencyUnit
settingFAQs
warns if there is a newer version of CLI released
The npm package @oclif/plugin-warn-if-update-available receives a total of 635,414 weekly downloads. As such, @oclif/plugin-warn-if-update-available popularity was classified as popular.
We found that @oclif/plugin-warn-if-update-available demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.