Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@oclif/plugin-warn-if-update-available
Advanced tools
warns if there is a newer version of CLI released
@oclif/plugin-warn-if-update-available is a plugin for the Oclif CLI framework that checks for updates to the CLI tool and warns the user if an update is available. This helps ensure that users are always aware of the latest version and can benefit from new features, bug fixes, and security patches.
Check for Updates
This feature checks if there is an update available for the CLI tool and warns the user if an update is found. The code sample demonstrates how to integrate this functionality into an Oclif command.
const { Command } = require('@oclif/command');
const { warnIfUpdateAvailable } = require('@oclif/plugin-warn-if-update-available');
class MyCommand extends Command {
async run() {
await warnIfUpdateAvailable(this.config);
this.log('Hello, world!');
}
}
MyCommand.run();
update-notifier is a package that checks for updates of a given npm package and notifies the user if an update is available. It is similar to @oclif/plugin-warn-if-update-available but can be used with any Node.js application, not just Oclif-based CLIs.
npm-check-updates is a tool that allows you to find and update outdated npm dependencies in your project. While it is more focused on updating dependencies rather than notifying users of CLI updates, it provides similar functionality in terms of keeping software up-to-date.
warns if there is a newer version of CLI released
This plugin shows a warning message if a user is running an out of date CLI.
This checks the version against the npm registry asynchronously in a forked process, at most once per 7 days. It then saves a version file to the cache directory that will enable the warning. The upside of this method is that it won't block a user while they're using your CLI—the downside is that it will only display after running a command that fetches the new version.
Add the plugin to your project with yarn add @oclif/plugin-warn-if-update-available
, then add it to the package.json
of the oclif CLI:
{
"name": "mycli",
"version": "0.0.0",
// ...
"oclif": {
"plugins": ["@oclif/plugin-help", "@oclif/plugin-warn-if-update-available"]
}
}
In package.json
, set oclif['warn-if-update-available']
to an object with
any of the following configuration properties:
timeoutInDays
- Duration between update checks. Defaults to 60.registry
- URL of registry. Defaults to the public npm registry: https://registry.npmjs.org
authorization
- Authorization header value for registries that require auth.{
"oclif": {
"plugins": [
"@oclif/plugin-warn-if-update-available"
],
"warn-if-update-available": {
"timeoutInDays": 7,
"registry": "https://my.example.com/module/registry",
"authorization": "Basic <SOME READ ONLY AUTH TOKEN>"
}
}
}
FAQs
warns if there is a newer version of CLI released
The npm package @oclif/plugin-warn-if-update-available receives a total of 346,774 weekly downloads. As such, @oclif/plugin-warn-if-update-available popularity was classified as popular.
We found that @oclif/plugin-warn-if-update-available demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.