Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
bower-check-updates
Advanced tools
Readme
npm-check-updates
supports bower as of v2.3.0
$ npm install -g npm-check-updates
$ npm-check-updates --packageManager bower # or 'ncu -m bower' for short
bower-check-updates is a command-line tool that allows you to find and save the latest versions of dependencies, regardless of any version constraints in your bower.json file (unlike npm itself).
bower-check-updates maintains your existing semantic versioning policies, i.e., it will upgrade your "express": "^4.11.2"
dependency to "express": "^5.0.0"
when express 5.0.0 is released.
bower-check-updates
- is totally clone of npm-check-updates, but it updates bower.json dependencies (bower-check-updates updates bower.json).
All the code is written by tjunnone. I have just renamed package.json
to bower.json
(and added closest-bower module instead of closest-package). So if you want to contribute - better do it to bower-check-updates
, and I'll merge the changes (notify me if I'm not).
npm install -g bower-check-updates
Show any new dependencies for the project in the current directory:
$ bcu
express 4.12.x → 4.13.x
multer ^0.1.8 → ^1.0.1
react-bootstrap ^0.22.6 → ^0.24.0
react-a11y ^0.1.1 → ^0.2.6
webpack ~1.9.10 → ~1.10.5
Run with -u to upgrade your bower.json
Upgrade a project's bower.json:
Make sure your bower.json is in version control and all changes have been committed. This will overwrite your bower.json.
$ bcu -u
bootstrap 4.12.x → 4.13.x
bower.json upgraded
Include or exclude specific packages:
# match mocha and should packages exactly
$ bcu -f mocha,should
# match packages that start with "gulp-" using regex
$ bcu -f /^gulp-/
# match packages that do not start with "gulp-". Note: single quotes are required
# here to avoid inadvertant bash parsing
$ bcu -f '/^(?!gulp-).*$/'
-d, --dev check only devDependencies
-e, --error-level set the error-level. 1: exits with error code 0 if no
errors occur. 2: exits with error code 0 if no
packages need updating (useful for continuous
integration)
-g, --global check global packages instead of in the current project
-h, --help output usage information
-j, --jsonAll output new bower.json instead of human-readable
message
--jsonUpgraded output upgraded dependencies in json
--packageData include stringified bower.json (use stdin instead)
-o, --optional check only optionalDependencies
-p, --prod check only dependencies (not devDependencies)
-r, --registry specify third-party NPM registry
-s, --silent don't output anything
-t, --greatest find the highest versions available instead of the
latest stable versions (alpha release only)
-u, --upgrade upgrade bower.json dependencies to match latest
versions (maintaining existing policy)
-ua, --upgradeAll upgrade bower.json dependencies even when the latest
version satisfies the declared semver dependency
-V, --version output the version number
The tool allows integration with 3rd party code:
var bcu = require('bower-check-updates');
bcu.run({
packageData: fs.readFileSync('./some/project/bower.json', 'utf-8'),
// Any command-line option can be specified here.
// These are set by default:
// silent: true,
// jsonUpgraded: true
}).then(function(upgraded) {
console.log('dependencies to upgrade:', upgraded);
});
Please file an issue on github.
Always include your bower.json when reporting a bug!
Pull requests are welcome, and will not collect dust :)
FAQs
Find newer versions of dependencies than what your bower.json allows
The npm package bower-check-updates receives a total of 10 weekly downloads. As such, bower-check-updates popularity was classified as not popular.
We found that bower-check-updates demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.